Permissions by field

Permissions by field module provide a new Field Type which enhance the Entity Reference field type.

By adding fields of type Permissions by fields, you can manage access to the node hosting these field by referencing other entity and specifiy which access type you want to grant (none/standard permission, view, update, delete) for users which reference same entities (node, term, role or other users). You can also grant access to the node directly per user if needed.

You can reference with the field type Permissions by field these entity types :

• user
• node
• term
• role

REQUIREMENTS

This module provide a field type based on the Entity Reference field. Entity Reference is provided by Drupal core.

SIMILAR MODULES

There is a lot modules which handle access permissions for node :

Content access manage access per node type or per node and grant access to roles
Permissions by term handle permissions for nodes and users which reference same taxonomy term with a determined field.
Organic Group which permit to manage group and related permissions inside each group

RECOMMANDED MODULES

This module do not manage permissions for unpublished node. You can use the View unpublished module to handle these use cases. Or use the permissions provided by core once this issue #273595: Move permission "view any unpublished content" from Content Moderation to Node will be commited.

USE CASES

The goal of this module is to provide a simple method for implementing similar but lighter features than thoses provided by Organic Group, currently being ported to Drupal 8. By using a specific field enhancing entity Reference field, you can easily manage access to node in multiples way.

• For users "members" of a group node (who reference a content type named Group for example).
• Per user individually
• By role assigned to users
• By Term referenced by the node and users
• For users which reference others users
• All these use cases can be mixed to provide highly flexible content access solution

INSTALLATION

Install as you would normally install a contributed Drupal module. See: https://www.drupal.org/documentation/install/modules-themes/modules-8 for further information.

CONFIGURATION

Quicks step to begin

- Add a field Permissions by field to the content type you want manage access.
- Choose the entity type this field will reference
- In the field's settings form, you can set default values and configure target bundles, as any Entity Reference field. Default values for grant access rights must be configured in the widget settings form (manage form display page). For example, we can add on the content type article a field (machine name : pbf_ref_group) which reference the content type Group.
- You can manage in the Permissions by field widget settings if access right are set node per node (with the default values) or if they are set globally (and then hide grants access options to users)
- Add a field Permissions by field to user entity type. This field must have the same machine name (pbf_ref_group) as the field added to the content type, and configure it to reference too the content type Group.
- It's done. Now users who reference Group will grant access to the content Article which reference same Group with the permissions you set on the field Permissions by Field on the content type Article.

Once you added your first PBF field, you need to rebuild node access. See the status report.

You can synchronize two fields Permissions by field. On each content type, if user entity type has a Pbf field which reference this content type (target bundle is set on the content type), then you can synchronize the Pbf field set on users with the Pbf field set on the content type (and reversely). This can be useful if you want automatically assign users to a content type (for example a Group content type) if they are selected from the content type (Group).

Note that the checkbox Public in the grant access options, if checked, permit you to use standard permissions of the Drupal site. You can then add a content type to a Group (by referencing it) but let this content be accessible to all the users who have standard permission "access content".

Node's author will always granted all permissions.

See documentation for more explanation about possibles configurations. A french documentation is also available.