how can I set role permissions (content access) for specific content types, rather than CCK fields ?
I actually want the login page to appear of the user access to pages of a specific content type, or a specific view
thanks
I think this will solve your problem
http://drupal.org/project/content_access
http://drupal.org/project/node_privacy_byrole
Then in the site configuration change the access denied page to "user/login". This should do the job.
Related
I'm using View Bulk Operations (VBO) to allow updating on a few specific fields of a custom content type. I've created a custom permission "Can assign task" to access this feature, however in order for the update to save my user currently also has the permission
custom type: Edit any content
I can see this as a potential security vulnerability as I only want the user to be able to edit this content using the VBO and not be able to go into the content type and use the "edit" button.
Any thoughts on how to address this?
You can go with this module which really helps me!!
Field Permissions
I need to create a website for a client using Drupal 7, the only problem is that I don't know how to handle multiples login forms and permissions.
The goal is that A type of user must be allowed to browse and do some stuff on the website but they can't post offers, however B type of users can only post their offers and manage their contents, the system is just as Upwork.
How can I achieve this ? I'm not good at PHP but I know how to use Drupal, so are there modules that can help me to do what I want?
This is exactly how Drupal works by default using role based permissions. You won't need to install a module or have different login forms.
Start by creating different roles. RoleA can view certain content types and maybe post comments. RoleB can do everything RoleA can do plus post offers and manage their own content. You can control create/edit/delete permissions by content type. It can all be done using the point and click admin interface.
On admin page /admin/user (root relative path to admin page) you can see your site users. There's also link "+ Add user" for creating new user. So if you edit/create an user, on user edit page there is a section "Roles" where you can set what roles that user can use. One role may be "Browse some stuff" and other "Edit some stuff".. You can add/edit roles at admin page /admin/people/permissions/roles. So create the roles you need there.
And to precisely set what role can do what there is admin page: /admin/people/permissions. So when you create all the roles you need, go to that page to set permissions and after that you can assign roles to your users.
I have created several pages in my drupal website and set permissions to each of the page depending upon the roles I have.
The problem is if I know the URL, I can access that page even though I am not a registered and authorized user.
This will be a problem if some random person/hacker plays around with the URLs and comes across a page that is supposed to be viewed by an authorized user.
I am new to Drupal and any help is appreciated.
If you correctly set the permissions it will restrict access based on roles regardless if they know the URL. Are you sure that when you are testing it you are actually signed into or using a role that doesn't have access to that page?
Drupal lets you set permissions for who can Create, Edit and Delete content types. You need a contributed module for setting who can 'View' permissions of individual pages/nodes.
Download Content Access from https://drupal.org/project/content_acces. After you install it and configure the default values for the content type, you will need to click the content access tab after you create the page.
'Taxonomy Access Control Lite' is very light and more user-friendly; permissions are set within the edit view (normal fields), however, it takes some effort to understand how it works and to set it up.
See a comprehensive list of node access modules at https://drupal.org/node/270000
Tip: Don't use more than one module for node access permissions.
I have created a Drupal 7 website where I want any (not just own) unpublished content to be editable for authenticated users. I wrote a module to change all the permissions so when I type the URL to edit the unpublished node with an authenticated user account it is editable.
The only thing I can't do is to display the unpublished node in the content overview page of the authenticated user.
Do you have any idea?
You can create a View which lists all unpublished content by all authors.
You may also want to keep track of this issue: http://drupal.org/node/1192074 since the View Unpublished module has the same problem you're experiencing.
How do I set content permission so that specific nodes are only visible to the admin user, while other nodes of the same content type may be visible by all users.
D6: Go to admin/user/permissions and make sure access content is unchecked for all roles.
D7: Go to admin/people/permissions and make sure View published content is unchecked for all roles other than Administrator
Best way would be to use Content Access module as it provides admin/structure/types/manage/content-type/access page to manage permissions.
There you can check PER CONTENT NODE ACCESS CONTROL SETTINGS to enable content level permission for different nodes of same content type.
Now you can go to node/node-id/access page to provide permission for particular node and only assign view any content permission to admin user.
If you don't want to go to the trouble of installing a new module you could just unpublish the content, then only administrators will be able to view it