content permission in drupal - drupal

How do I set content permission so that specific nodes are only visible to the admin user, while other nodes of the same content type may be visible by all users.

D6: Go to admin/user/permissions and make sure access content is unchecked for all roles.
D7: Go to admin/people/permissions and make sure View published content is unchecked for all roles other than Administrator

Best way would be to use Content Access module as it provides admin/structure/types/manage/content-type/access page to manage permissions.
There you can check PER CONTENT NODE ACCESS CONTROL SETTINGS to enable content level permission for different nodes of same content type.
Now you can go to node/node-id/access page to provide permission for particular node and only assign view any content permission to admin user.

If you don't want to go to the trouble of installing a new module you could just unpublish the content, then only administrators will be able to view it

Related

Only site administrators should be able to set default display view of folders on Plone 4.3

All logged-in members of my plone site have the permission to edit, create and publish content. Unfortunately, they are also able to change the default display view of a folder. This leads to a lot of problems as the site members sometimes - accidentically - change to a view template that a folder is not suitable for.
How can I change plone the way that only role administrator is able to set the default view of all folders? Normal site members should not be able.
Since I trust my members something like a JS+CSS solution that hides the display menu for everybody except site administrators would be acceptable, too.
The permission you are looking for is called Modify view template. All roles with this permission can change the template. If your Workflow manages the permission, give it only to the Administrators.
If your Workflow does not manage the permission you can change it globally by change the security configuration on the plone root.
Goto: http://plonesite/manage_access (Security-tab in ZMI)
Search for Modify view template.
Change the configuration. In your case only allow Administrator to change the view template.

Restricting access when using URL - Drupal

I have created several pages in my drupal website and set permissions to each of the page depending upon the roles I have.
The problem is if I know the URL, I can access that page even though I am not a registered and authorized user.
This will be a problem if some random person/hacker plays around with the URLs and comes across a page that is supposed to be viewed by an authorized user.
I am new to Drupal and any help is appreciated.
If you correctly set the permissions it will restrict access based on roles regardless if they know the URL. Are you sure that when you are testing it you are actually signed into or using a role that doesn't have access to that page?
Drupal lets you set permissions for who can Create, Edit and Delete content types. You need a contributed module for setting who can 'View' permissions of individual pages/nodes.
Download Content Access from https://drupal.org/project/content_acces. After you install it and configure the default values for the content type, you will need to click the content access tab after you create the page.
'Taxonomy Access Control Lite' is very light and more user-friendly; permissions are set within the edit view (normal fields), however, it takes some effort to understand how it works and to set it up.
See a comprehensive list of node access modules at https://drupal.org/node/270000
Tip: Don't use more than one module for node access permissions.

Alter the content overview page

I have created a Drupal 7 website where I want any (not just own) unpublished content to be editable for authenticated users. I wrote a module to change all the permissions so when I type the URL to edit the unpublished node with an authenticated user account it is editable.
The only thing I can't do is to display the unpublished node in the content overview page of the authenticated user.
Do you have any idea?
You can create a View which lists all unpublished content by all authors.
You may also want to keep track of this issue: http://drupal.org/node/1192074 since the View Unpublished module has the same problem you're experiencing.

Drupal: how to set role permissions for specific content types and views?

how can I set role permissions (content access) for specific content types, rather than CCK fields ?
I actually want the login page to appear of the user access to pages of a specific content type, or a specific view
thanks
I think this will solve your problem
http://drupal.org/project/content_access
http://drupal.org/project/node_privacy_byrole
Then in the site configuration change the access denied page to "user/login". This should do the job.

Drupal Private Publishing

Is there a way to have a content type that is only viewable to admins AND the person who created it, including comments? I feel like I know the answer to this but its escaping me.
Try the Nodeaccess module. Some more details about this module (from its project page):
Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. Users with the 'grant node permissions' permission will have a grant tab on node pages which allows them to grant access to that node by user or role. Administrators can set default access controls per content type, and also define which roles are available to grant permissions to on the node grants tab.
The upshot is, this module allows you to do things like 'node 123 can be viewed by authenticated users and edited by admin users and joeuser'. As an added bonus, update and delete permissions are separated, so you can make sure users with edit permissions cannot accidentally delete pages.
If the content type is defined by your own module, you can use hook_access to do this.
If the content type is defined by CCK or another module, things are a bit trickier. You can install a patch that adds an access op to hook_nodeapi, but unfortunately that's a hack to the core Drupal code, with all the potential upgrade pitfalls that ensue.

Resources