Configurable permissions behavior (Allow TAC and TAC Lite integration) [#949358]

We need to have a way to grant ad permissions based on ad group. This means, ad module should not deny or grant access to edit, create and delete node, but either deny it or leave it to other modules, like it's doing now for views.

Options to control if the given permission behaves like the view behaves now, or like other permissions.

I'll submit patch as soon as I'll get the issue number.

Comment	File	Size	Author
#6	ad-949358-permissions_hook.patch	2.81 KB	Molot
#3	ad-949358-configurable_permissions.PNG	28.55 KB	Molot
#1	ad-949358-configurable_permissions.patch	5.49 KB	Molot

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

Molot CreditAttribution: Molot commented 22 October 2010 at 08:12

Status:

Active

» Needs review

File	Size
ad-949358-configurable_permissions.patch	5.49 KB

Comment #2

Molot CreditAttribution: Molot commented 22 October 2010 at 08:26

Just to note - I've checked this patch with development and stable versions (can't access repository at work), and tested for compatibility with Taxonomy Access Control and Taxonomy Access Control Lite. Change seems simple enough.

I'd like to know if it'll have it's way to the next version, as the policy here is to avoid custom patches that will not make it to the module.
If there is any other way to achieve TAC compatibility (without patching any other module, that is) and you find this modification unneeded, please direct me to the solution.

Comment #3

Molot CreditAttribution: Molot commented 22 October 2010 at 08:29

File	Size
ad-949358-configurable_permissions.PNG	28.55 KB

Comment #4

Jeremy CreditAttribution: Jeremy commented 22 October 2010 at 12:53

Could we instead not return within the case statement, and then provide a hook that allows external modules to over-ride these permissions? Alternatively, should we move these permissions into another module, which could then be enabled/disabled as necessary? ie, if you want default ad module permissions, enable the plug-in that comes with it. If you want to control the permissions with an external module, disable the plug-in that comes with it...?

Comment #5

Molot CreditAttribution: Molot commented 22 October 2010 at 13:59

Of course we could.
I might try to make hook patch, "default behavior" module and tac-integration module during weekend.
But I'm so newbie in drupal that your code would look much better I bet.

Comment #6

Molot CreditAttribution: Molot commented 28 October 2010 at 07:09

File	Size
ad-949358-permissions_hook.patch	2.81 KB

Hope this patch Will be satisfying. It creates a hook that will allow "bridge" modules to do their work, and tries to be smart if they argue.

How does it work:

Module should return array with it's answer, like that:

// $Id$

/**
 * @file
 * Enhances the ad module to support Taxonomy Access Control.
 *
 * Contributed by 
 * 
 * 2010 
 *    Rafal Molotkiewicz | Warsaw City, Poland
 */

function ad_tac_ad_overwrite_access($original_result, $op, $node, $account) {
//  echo $op.' '.(is_null($original_result)?'null':($original_result?'true':'false')).'<br/>';
  return array(null);
}

Comment left for easier debugging ;)
Returning plain true or false should work as well, but I discourage.
Returning plain null makes hook's result to gets ignore.