Last updated August 16, 2007. Created on January 22, 2007.
Edited by add1sun, karldied, Turuu. Log in to edit this page.

Version: This topic is for Drupal versions 4.6, 4.7, and 5.x, although some menu paths will be slightly different for pre-5.x versions.

The purpose of this page is to:

A private forum is one which is only available to registered members, or to only a certain class of users (or 'members'). A private-side web site is when a section of a web site is only accessible to a certain class of users.

New users to Drupal often look for the functionality to create private forums in the forum module. Why isn't it there?

The root of it, in my opinion, is that Drupal divides its modules by functionality rather than by specific use. The functionality is access control; the use is for private forums. The reason Drupal does this, is so that the functionality can be applied not just for one use, the forums, but for any use across the web site, including books, pages, stories, and whole private-side web sites.

Options for forum access control are:

Other access control modules, which may or may not be able to readily accomplish private forums, and how I think they compare:

  • Front Page (only if entire site is private, only allows one public page)
  • node privacy byrole (by role; by action; by node, not by taxonomy; 4.7)
  • nodeaccess (by role or user; by action; by node, not by taxonomy; 4.7 beta)
  • Nodeperm_role (by role; by action incl edit own; not by taxonomy; 4.7 alpha or beta)
  • simple access (by role; by action; by node, not by taxonomy; defaults to all viewable; 4.7)
  • Taxonomy Access Control Lite (by role or user; ? lacks by action for each taxonomy term ?; by taxonomy)

These are all non-core contributed modules. Taxonomy Access Control will be described here as the method; it completely and efficiently provides selected private-side access. Like many things in Drupal, there is more than one way to accomplish private forums and member-only web sites; this describes just one.

This page will use an example with the goal to set up a site with:

  • One public forum board, which anyone can view.
  • Log-in required for posting in forum boards.
  • Special premium (or 'members-only') forum board.
  • Special moderator-only forum board.
  • Special 'moderator' role to run the forum boards.
  • Stories and blogs 'writers' create and 'editors' edit.
  • Web pages that are created and edited by 'maintainers.'

Taxonomy Access Control works with the core (built-in) Taxonomy module, which is used by the forum module. In fact, the forums have taxonomy terms built in. This page also describes how to set up private-side web sites, since it is done in essentially the same manner. A private-side web site might be useful if you want marketing information pages public, but maintain other content for subscribers or members.

The built-in 'access control' that comes standard is by module, such as access to the forum module, the book module, or the taxonomy module. It doesn't give permissions by forum board, or provide access limitations for different actions. Taxonomy Access Control, on the other hand, sets access by taxonomy term, as well as by two other criteria; it sets access by:

  • Each taxonomy term (rather than by module).
  • By role (like regular Access control).
  • By action: view, update, delete, create, list.

Comparison of the built-in 'Access Control' to 'Taxonomy Access Control' to keep them straight:

Access Control Taxonomy Access Control
core module (built in) contributed module (plug in)
Path: (administer > content management > categories) Path: (administer > user management > taxonomy access permissions)
Sets access to modules Sets access to taxonomy terms
Sets access by role Sets access by role
(some modules have action control) Sets access for each action (view, update, delete, create, list)

Private forum step-by-step directions:

Set up roles: Go to (administer > user management > roles), and create roles for the different classes of users. 'anonymous user' and 'authenticated user' are automatic. This example also uses 'moderator,' 'writer,' 'editor,' and 'maintainer.'

Down load and install the taxonomy_access module, and enable it at (administer > site building > modules). It works with the Taxonomy module. Taxonomy is built in to Drupal. The 'Taxonomy' module and the 'Forum' module should be enabled if not already.

Set up your forums at (administer > content management > forums). Forums have taxonomy terms built-in: the vocabulary is titled "Forum" and the different forum boards are each a term in the vocabulary. This example will use three boards: 'open,' 'premium,' and 'removed threads,' the latter for moderator use.

Set up other taxonomy vocabularies: Just to make things confusing, taxonomies are called 'categories' in the menu system. Go to (administer > content management > categories). Set up a 'vocabulary' for each different type of content. For this example, create 'web pages' vocabulary for node types 'Book pages' and 'Pages.' Create 'news' vocabulary for node types 'Blog entries' and 'Stories.'

Then assign terms to each of these vocabularies. Keeping the terms of each 'vocabulary' unique from terms in other vocabularies will help reduce confusion. The example 'web pages' vocabulary will have terms: contact, marketing, information, links, and miscellaneous. The example 'news' vocabulary will have terms: hot, current, and archive.

Set permissions: (administer > user management > access control) for the built-in access. Make sure both "authenticated users" and "anonymous users" have "node module > access content" privileges. They should also have access to the forum module, the story module, the page module, the book module, etc.: any node type for which there is a public version that they should be able to view. In other words, in the 'basic' access permissions, fairly open access is granted so that even anonymous users will be able to view stories, pages, and forums. That way, they'll be able to see the public content. The private content will be controlled by 'Taxonomy access control.'
      Note that some modules provide finer control to actions (such as the book module: create pages, edit own pages, edit all pages) which are similar to 'Taxonomy access control.' But Taxonomy access control will allow some pages to be public and others not, with the vocabulary terms that were defined earlier.
      Just to keep things confusing, note that the function of editing comments written by others (including replies to forum topics) is part of the comment module. Thus, the forum moderator function is assigned to the moderator role under basic access at "comment module > administer comments."

Forum access by role is at (administer > user management > taxonomy access permissions). Here you specify actions each role has permission to do (view, update, delete, create, list) for each taxonomy term! Note that the taxonomy vocabularies (and therefore the terms) can span across more than one node type, but you can grant access by terms, which are (to the extent you set them up) independent of node type.

For the "anonymous user" role, you can allow them to view which nodes (by vocabulary term) they can view. For the "forum" vocabulary, the "open" board.

For the "authenticated user" role, allow posting (not just viewing) in the "open" forum board.

For the "full member" role, add permissions to view and post to the premium board.

For the "moderator" role, you can let them view the "removed threads" forum board by checking the 'List' box in 'Taxonomy Access permissions,' and marking 'View' and 'Update' for this board as 'Allowed.' The permission to maintain the comments on the boards was done earlier by setting the basic access at "comment module > administer comments."
      For editing comments, an 'edit' and 'delete' link will be placed next to the 'reply' link at the bottom of every comment. For editing the original forum post, the 'edit' tab at the top of the main content area will be added.

Private-side web site setup is similar. It uses the taxonomies that you manually defined earlier. With 'Taxonomy' turned on, and the 'news' vocabulary set up for blog and story nodes, there will be a taxonomy section for each blog and story node created. Assign which term(s) apply to each page, story, or other node type. Then assign permissions in (administer > user management > taxonomy access permissions), where you setup who can view, update, delete, create, and list all the content on your site.

For the "anonymous user" role, allow viewing of "web pages" with terms "contact info," and "marketing." For the "news" vocabulary, say, only "hot" news.

For the "authenticated user" role, allow access to "current" news in addition to "hot."

For the "full member" role, add all the private-side content, including "web page" nodes that are information, links, and miscellaneous (not just 'contact info' and 'marketing') and access to the "news" 'archive' stories and blog posts.

For the "maintainer" role, you can give permission to edit pages and create new ones (but not edit member posts in the forums).

For the "reporter" role, you can give permission to create "story" nodes and "blog" nodes, and edit their own.

For the "editor" role, you can give permission to update (edit all) "story" nodes, and adjust them from "hot," "current," or "archive."

Overview of all these privileges crammed into one table:

Vocabulary: Forum Web Pages News
Node types: forum book, page story, blog
Terms: open premium removed threads contact, marketing information, links, miscellaneous hot current archive
Anonymous users: V N N V N V N N
Authenticated users: V, C, E N N V N V V N
Full Members: V, C, E V, C, E N V V V V V
Moderators: V, C, E, U, D V, C, E, U, D V, C, E, U V V V V V
Writers: V, C, E V, C, E N V V V, C, E V, C, E V, C, E
Editors: V, C, E V, C, E N V V V, C, E, U, D V, C, E, U, D V, C, E, U, D
Maintainers: V, C, E V, C, E N V, C, E, U, D V, C, E, U, D V V V
Privilege abbreviations:   N - None; V - View; C - Create; E - Edit (own); U - Update (all); D - Delete

How do I view a list of forum moderators? The answer to this question parallels the answer about setting up private forums: it is not part of the forum module. That would be the use. The function that you used to create the forum moderators was the assignment to a role that was then granted access to edit the forums. So the more general form of the question is, "How do I view a list of people in the role I set up to moderate forums?" The answer is go to (administer > user management > users) and use the 'filter' feature, which is inside the box 'Show only users where.' Select the 'role' radio button, and from the drop-down the role you set up to moderate the forum, and click the 'filter' button.

Performance of the web site will be affected by using 'Taxonomy access control,' but I don't have any hard information.

References:

  • Lullabot.com article on Forum Access vs. Taxonomy Access vs. Taxonomy Access Control Lite by Angie Byron webchick; excellent article complete with screen shots.

Summary: Hopefully that gives the idea. You could also set up your site to give your customers access to the private side of your company web site while maintaining the marketing pages open to everyone.

There is probably a way to use the workflow module to automatically assign users to roles, thereby granting them permissions through 'Taxonomy Access Control.' Likewise, 'Organic groups' sets up private taxonomy by group. If groups are distinct (rather than being super-sets and sub-sets of each other), this may be a better tool.

 

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Comments

CasaDelGato’s picture

It was just pointed out to me that this is an easier method to control access to Forums:
http://drupal.org/project/forum_access

FiNeX’s picture

It looks that none of this module allows to set a rule for a "comment moderator" role for a specific forum: it could be useful when you need a role for users which have to edit/delete comments (reply of topics) without having the full "administer comments" permission.