Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.On this page
Rules Support
Drupal 7 will no longer be supported after January 5, 2025. Learn more and find resources for Drupal 7 sites
The following features are available only when installing the Rules extension of protected nodes. This extension requires the third party Rules extension for Drupal.
Protected Node Rules Conditions
When handling a Node, it is possible to check whether the node (1) is currently protected, (2) has a password, or (3) is locked.
Content is protected
A node is said to be protected when the node is protected by a password using the Protected Node module.
Whether the user can view that node is irrelevant in this case. Only the fact that the node requires a password to be viewed is what this condition checks.
Content has password
A node is said to have a password when a password has previously been saved specifically to that node.
Content is locked from current user
A node is said to be locked if the current user needs to enter a password before being able to view the node.
Note: at this point you cannot test whether the node is locked for someone other than the current user (global $user).
Protected Node Rules Actions
Protect Node
Mark a node as protected. The password is not changed in any way. For this to work as expected, you certainly want to make use of a form of global password (global to your entire site or to a node type.)
If no global password is defined, then the node becomes locked away from everyone except the few who have access to all protected nodes (See permissions for more information.)
Password protect node
Mark a node as protected and assign the specified password.
If no password is specified (textbox is empty), a random password will be generated.
This action will protect as many nodes as you want, but all will be assigned the exact same password if one is specified in the action.
Unprotect the node
Mark the node as unprotected. Anyone can see the node afterward.
Lock the node away from current user
This action clears the session of the current user, which in effect marks the node as locked again. This means the user will be required to re-enter the password to access the node again.
Note that this feature only works with the current user session. At this point you cannot delete the session of user A when user B is visiting your site.
Unlock the node for current user
This action adds a session for the current user offering the user access to the corresponding node without having to enter a password.
This can be useful to temporarily unlock a node only after a user has visited a specific page on your website. If they don't first visit that page, going to the node would require a password which, if they don't have it, would ask them to enter the password or give them an access denied error.
Example of usage as a Logout feature
I was asked about a way to let users log out of a node that they went to where they had to enter a password. The problem is that if you're on a public computer, the session cookie is then saved on that computer, and unless the user knows how to delete cookies, anyone who has access to that computer can find that protected node.
To solve that problem, we can add a Logout link on protected pages that send the user to a Thank You page. When a user arrives on that Thank You page (note 1), the Rules module can detect it.
Here is an example link that will work for you. Notice the nocache=1 parameter. This is to prevent the system or boost caching features so the log out page always reacts (otherwise the .html version would be returned and the rules never executed!)
<p><a href="/logout-locked-page?nocache=1"
title="Log out of this page.">Log Out</a> from this page.</p>You may also want to add the path of the file in the boost field used to this effect:
The following assumes that you installed the Protected Node rules extension module. Without it, you won't be able to change locks. Create a new Triggered rule.
The rule makes use of the trigger (event) named Content is going to be viewed. Don't forget to enter a label. This should be something like "logout page name".
You are likely to want a condition since without it any page (node) being viewed will react to the event and lock the user out (which means the user can never see the page). A simple condition is to compare the node identifier (nid). This can be done with the compare numbers condition.
The condition makes use of a token (you have to have the Token module installed with this method!) with Can't find nid to include! as one of the numbers. That way you can make sure that the user is about to view your Log Out page. Note that you could also make use of a specific node type. You could send the user to the front page and detect that event, detect that the node has a specific term... the list is not limited to using the number comparison, and other methods do not all require the use of the token module.
A simple way to see the number of a node, in case you have clean URLs with the automatic URL path aliases, is to edit the page. Then the URL includes the number: node/###/edit. Make sure to enter that number in Number 2 of that condition form.
At this point we know that we are on the log out page. We want to load the node that is currently unlocked so we can lock it. This is done with a Load content by id action or similar. Change the Content ID with the node identifier of the node that needs to be locked.
Now, in the set of actions include the Lock the node away from the current user action and give it a weight of 1 so the load always happens first. Note that the lock needs to happen on the unprotected node, so your rule has to load that node first (since the Thank You page would be another node). Then apply the action on that node by selecting the node in the drop down.
Note that your actions can include as many Load node and Lock the node away from current user... as you need. So the same Thank You page can be reused to lock many different nodes.
Note 1 : Create a new rule with Content is going to be viewed as the trigger.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
