Rushing out the door now, but:

  1. TAC/OG Integration completely re-written. Using node grants now, so much more efficient and simpler to implement. See: http://drupal.org/node/243731 Need to generate updated OGR release and documentation.
  2. Please post this as support request in OGR issues: http://drupal.org/project/issues/og_user_roles. That way I can explain it to everyone.

Thanks!

-ron

Quoting adrianrf@gmail.com:

SomebodySysop,

am hastily putting together a site for a cool startup, using Drupal 5.x, because key contrib modules for D6 aren't yet production-ready. the immediate need exactly fits your use-case that "all content must have taxonomy and either belong to a OG group, or be explicitly marked as "public" to be seen. Obviously, these modifications are for a site that is OG-centric and security minded."

thanks for your work in the last year digging into this whole area. am trying to understand [fast!] what patches may still apply, if any -- and dearly hoping to save a lot of tedious trial-and-error thrashing with a few short pointers.

  1. you wrote on 2007-07-30 that "As of the 2.0 release of OG User Roles, only one patch will be required for TAC/OG integration," referring to: http://drupal.org/files/issues/nodeapi_access_4.patch"

    so, with OG User Roles now at version 5.x-2.8, is this patch still needed under Drupal 5.7/OG 5.x-6.1? others?
  2. for integration purposes, is TAC Lite interchangeable with the full TAC module? (the lite version looks a lot easier to train site editors to use than the rather intimidating "Heavy" TAC...
  3. do you have any recommendations about UI treatments to simplify taxonomy & group selection when people are node editing? (I'm struggling with Hierarchical Select at the moment.)
  4. if the current releases of TAC/OG UserRoles/OG xxx aren't known to work together pretty solidly, is there a particular combination of versions that you do know to work best together, which I could fall back to?

I really appreciate your time in reading this; and I'd be eternally grateful for any wisdom you can share.

best,

Adrian
Adrian Russell-Falla

Comments

somebodysysop’s picture

somebodysysop commented

Sorry for the delay. OGR TAC/OG integration has been completely re-written to use node grants rather than nodeapi and db_rewrite_sql. This approach is more in line with Drupal standards and, quite frankly, more efficient from a performance standpoint. Details on the new approach are here: http://drupal.org/node/243731 and here: http://drupal.org/node/196922.

The hold up right now is documentation and distribution of the updated OGR module. There is a lot of material to be updated.

I can, however, respond to your questions as they relate to the new version of OGR (that has yet to be released):

1. Patches required. There will now be two patches required: One for the node.module, and one for TAC. See: http://drupal.org/node/196922#comment-830656 The nodeapi_access_4.patch is deprecated and will no longer be used.

2. While it may be possible to use TAC Lite, OGR TAC/OG integration is designed around the Taxonomy Access Control (TAC) module. That is what I recommend using.

3. This is a hard question not knowing your site requirements. I use single taxonomy terms. I use TAC to determine what roles have what permissions with each term. When creating a node, I than then simply select the term which matches the role permission desired. It would also simply things on the OG side if you require that nodes be posted only to the current group, and that "Public" not be an option. That way, you have no "Audience" UI to worry about.

4. In the new OGR TAC/OG architecture, the current releases of TAC/OG UserRoles/OG work together pretty solidly.

Hope this helps. Will post here when new release is available, and what to do.

Thanks!

somebodysysop’s picture

somebodysysop commented
Version: 5.x-2.8 » 5.x-3.0
Status: Active » Needs review

OGR 5.x-3.0 now released. http://drupal.org/project/og_user_roles

Please read the release notes.

There is now only ONE patch required for TAC/OG Integration: node.module.multinode.patch. It is included in the release. Documentation updated here to reflect changes: http://groups.drupal.org/node/3700

TAC Lite may be worth investigating in the new TAC/OG Integration scheme. OGR only cares about the node grants, which are the same for both TAC and TAC Lite (i.e., "term_access"). So, it should be possible to configure a workable environment using TAC Lite instead. I suggest you check it out.

I've also tested TAC/OG with Content_Access and Access Control List: http://groups.drupal.org/node/5392 This configuration appears to work fairly well also.

Please try out this new release and post any issues here. Thanks.

somebodysysop’s picture

somebodysysop commented
Status: Needs review » Fixed

Latest changes and fixes will be in 3.2 release.

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.