125 lines
4.2 KiB
Plaintext
125 lines
4.2 KiB
Plaintext
VERSION: 7.x-1.x development build
|
|
|
|
OVERVIEW
|
|
--------
|
|
|
|
Tac_lite stands for Taxonomy Access Control Lite. This module
|
|
grants access so that some users may see content that is
|
|
hidden from others. A simple scheme based on taxonomy, roles and
|
|
users controls which content is hidden.
|
|
|
|
Bear in mind that, like all modules which use Drupal's built-in
|
|
node_access features, this module does not prevent users from
|
|
viewing/editing nodes which Drupal's permission allow them to
|
|
view/edit. To use, configure Drupal to not grant the permission, then
|
|
configure tac_lite to grant it.
|
|
|
|
As the name implies, this module shares some functionality with an
|
|
earlier module called Taxonomy Access Control (TAC). If you are
|
|
shopping around for an access control module to use, consider that one
|
|
as you may find that it suits your needs. In my case, I wanted access
|
|
control but without some of the complexity introduced by TAC. I also
|
|
wanted more flexibility in granting access on a per user basis.
|
|
|
|
Here are some key features of tac_lite:
|
|
|
|
* Designed to be as simple as possible in installation and administration.
|
|
|
|
* Uses Drupal's node_access hooks and taxonomy module to leave the
|
|
smallest possible footprint while doing it's job. For example, it
|
|
introduces no new database tables.
|
|
|
|
* Grant permissions based on roles.
|
|
|
|
* Grant permissions per user. (Give a specific user access beyond
|
|
what his/her roles allow).
|
|
|
|
* Supports view, update and delete permissions.
|
|
|
|
USE CASE
|
|
--------
|
|
|
|
Here's how I originally used this module. This description might make
|
|
it easier to understand why one might prefer tac_lite over TAC.
|
|
|
|
My website helps me manage my work projects. I use Drupal's project
|
|
module to track issues. Some of my projects are for the public to see
|
|
(i.e. Drupal modules) others are limited to my clients and partners.
|
|
These restricted projects should be visible only to me, the client in
|
|
question, and partner(s) working on that particular project.
|
|
|
|
I've defined a vocabulary for my projects (same one used by
|
|
project.module) and I've defined a client role and a partner role.
|
|
Partners can contribute to the website, while clients can read content
|
|
but post only issues.
|
|
|
|
Using TAC (or as far as I know all other access control modules) I
|
|
would have to create a new role for each project/role combination.
|
|
That is, for the Acme project I'd have to create roles 'Acme Client'
|
|
and 'Acme Partner' in order to assign permissions just the way I want
|
|
them.
|
|
|
|
Using tac_lite, I simply associate each user with the project(s) they
|
|
are allowed to see. That is, I associate some clients and some
|
|
partners with Acme. Their role (client or partner) controls what they
|
|
can do, and the associations through tac_lite control what they can
|
|
see.
|
|
|
|
INSTALL
|
|
-------
|
|
|
|
Enable taxonomy module. It's required.
|
|
|
|
Install this package the normal way.
|
|
- put this file in a subdirectory of the modules directory.
|
|
- enable using admin interface
|
|
- no database tables to install.
|
|
|
|
|
|
USAGE
|
|
-----
|
|
|
|
Log in as an administrator. (uid==1, or a user with
|
|
administer_tac_lite permission)
|
|
|
|
Create a vocabulary which you will use to categorize private nodes.
|
|
You may want to create a vocabulary called "Privacy" with terms like
|
|
"public", "private", and "administers only".
|
|
|
|
Associate the vocabulary with node types, as you would normally do.
|
|
|
|
Go to administer >> user management >> access control >> access
|
|
control by taxonomy.
|
|
|
|
Select the category you created in the earlier step ("Privacy").
|
|
|
|
Create some content. Choose a node type you've associated with "Privacy".
|
|
|
|
Note that you can view the content you just created. Other users cannot.
|
|
|
|
Edit the account of another user. Go to the tac_lite access tab under edit.
|
|
|
|
Select a term you selected when creating the node and submit changes.
|
|
|
|
Now the user can also access the node you created.
|
|
|
|
|
|
NOTES
|
|
-----
|
|
|
|
If behavior of this or any other access control module seems to be
|
|
incorrect, try rebuilding the node access table. This may be done
|
|
under administer >> content management >> post settings. There is a
|
|
button there labelled "rebuild permissions"
|
|
|
|
Another useful tool is a sub-module of the devel module, called
|
|
devel_node_access which can give you some insight into the contents of
|
|
your node_access table. Recommended for troubleshooting.
|
|
|
|
|
|
AUTHOR
|
|
------
|
|
|
|
Dave Cohen <http://drupal.org/user/18468>
|
|
http://www.dave-cohen.com
|