How to restrict access to content unless a user references that content? For example, through a user reference field.
What modules or techniques are used to do this?
I have tried to use the modules so and so. But these modules are outdated and don't seem to work.
I have tried to use the "Reference Access" and "Access by Reference" modules. But these modules are outdated and don't seem to work.
Related
We are evaluating Drupal as an enterprise CMS and need some help/recommendations for the following features.
Multi Step Approval Workflows with reassignments
PDF files in the media library requires authentication to view/download - Does drupal have any security features that does not allow anonymous access to media files?
Does Drupal support Roles, User Groups and security groups? We are looking to restrict users from certain areas of the website and CMS based on group and role permissions.
I understand that Drupal is modular by design so there are lots of modules available that does similar things or these functions available in Core?
Appreciate any advise/experience that members can share.
Thank you.
Drupal can do all these things.
Multi Step Approval Workflows with reassignments
There is the Workbench moderation module, but also now in Drupal core as of 8.4, the Content moderation system is available. You might need to do some research on how content review might be assigned to a specific user.
PDF files in the media library requires authentication to view/download - Does drupal have any security features that does not allow anonymous access to media files?
Yes, Drupal has a private file system available in core. You need to set this up when you are setting up the file fields initially, because converting from a public to private file system is a bit of a messy process (I literally just did it a couple months ago for a project). It you can store files in a directory outside of your webroot, and the user will request a path like /file/system/1234, and all appropriate access checks are made. You might need to set up some additional permissions to have these access checks respect things like "groups" or any other access rules that you want to implement.
Does Drupal support Roles, User Groups and security groups? We are looking to restrict users from certain areas of the website and CMS based on group and role permissions.
Yes! "Roles" are available out of the box in Drupal. You can define as many roles as you like, and apply permissions to each role.
There is a module called "Organic Groups" which provides the group functionality. You can restrict content access to group members as well. You can even define roles within a group, so different users can manage the group.
Have been asked to shift a custom made module of drupal site to another site (which is based on Openpublish d7). That module primarily is for providing web service data when a specific url is called (thus the module is implementing menu_hook).
However when adding and activating the module on the new site, it gives an error when that specific url is called that page does not exist.
First the assumption was that Openpublish may not have hooks but recently saw the path module installed (which in my knowledge required the menu hook).
Now the question was that whether it is possible that the path module may be causing issues for the custom module's menu hook to work properly.. ? if so, can there be any workarounds. cannot possibly turn off the path module as i have only been asked to add this new module and the site is already live (so experimentation may not be a choice :) )
Any help appreciated..
issue seems to have been solved after clearing the drupal cache . wasn't actually considering cache at that time.
thought to answer in case it helps others as well :)
I want to add a subscription block to my Drupal site.
I found these two module: subscription and simple-subscription.
I installed subscription (the first one) and put its related block in blocks section to right sidebar region but no block is shown.
Is this module reliable and where can i find a documentation for this module?
My guess would be permission problems.
If you are not logged in as user 1 and don't change default permissions, it probably won't show up.
In answer to your second question, one thing to determine if a module is reliable is to see how many other sites use it and how actively it is being worked on. If you see quite a few sites using the module and recent responses in the issues queue, then there is a good chance that it is a quality module or at the very least, being developed into a quality module.
I haven't used subscriptions, but it looks like it is maintained by quality developers and is used in many places. Here is some documentation http://drupal.org/node/344030
You have to configure display settings rightly in admin/settings/subscriptions
Is there a way to have a content type that is only viewable to admins AND the person who created it, including comments? I feel like I know the answer to this but its escaping me.
Try the Nodeaccess module. Some more details about this module (from its project page):
Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. Users with the 'grant node permissions' permission will have a grant tab on node pages which allows them to grant access to that node by user or role. Administrators can set default access controls per content type, and also define which roles are available to grant permissions to on the node grants tab.
The upshot is, this module allows you to do things like 'node 123 can be viewed by authenticated users and edited by admin users and joeuser'. As an added bonus, update and delete permissions are separated, so you can make sure users with edit permissions cannot accidentally delete pages.
If the content type is defined by your own module, you can use hook_access to do this.
If the content type is defined by CCK or another module, things are a bit trickier. You can install a patch that adds an access op to hook_nodeapi, but unfortunately that's a hack to the core Drupal code, with all the potential upgrade pitfalls that ensue.
I am building a DMS for our intranet and use a taxonomy hierarchy because we need access control that way. All company locations manage (upload,edit) their own documents but should be able to access all. This is inherited to the child terms and works fine.
Additionally we want simple 3-step workflow (draft,published,archived). So i introduced roles for editor, publisher and docadmin and set permissions for the transitions. Also triggers to effectivly (un)publish documents.
But (of course) a user of role publisher can do the transition for ALL documents. But we want publisher for each company location (top taxonomy level, see above).
Could this be achieved? Do i have to set it up by myself (i guess "rules" is appropriate to do this) or is there another module helping.
role inheritance was a guess, but that is only about roles (naturally).
"module grants" i use and checked first option. That way my thoughts are going. I hope you get my idea resp. problem.
drupal 6.16 current
edit:
I reread the docs and found ie. http://drupal.org/node/408018 Revisioning for categorized content. Will reread that.
It seems you're running into a know issue in Drupal 6's node access api. Grants only work as an approval, so if any access module says a user can perform an action no other module can take it away. The only other solution I can think of would be a mash of the modules to calculate based on both criteria, obviously a potentially complex task.
Certainly not recommended, but you could apply your own logic to scan the grants tables to remove entries for users that don't match up with both criteria. You would have to find the right hook to have it perform its work after both other modules have calculated their values and saved them to the database.
Good news: this is fixed in D7. Bad news: D7 will be a while.
Drupal 7 will allow modules to approve, deny, or abstain from node access decisions. As such, your taxonomy module could say the users are approved for these terms, denied for others. As well, workflow could approve for some stages and deny for others. A user would require at least one approval and no denials.