Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By kxerc on
I have made several custom modules for entering different content types, and I did so (rather than using CCK) to be able to handle permissions uniquely. Of course now I am having trouble with the node access and permissions for 'view' -- specifically I can't lock the view of content down to a particular group without restricting 'public' content.
I have created a group type permissions module using the profile values and field tables. So, as administrator, I define groups. I then assign each user to a group through a profile field. I have it now so that a person must belong to a group (profile value) to be able to edit or delete a field. Put another way as long as user X is a member of group A, she can edit or delete any node associated with that group. This is working great, easy, no trouble.
My problem is that I want to restrict access on the view, but the Drupal logic defaults to anyone "accessing content". I can of course remove this permission, but then all the dang content I've already created through non-custom content types becomes unreadable / unaccessable. I'd have to literally go through several hundred pages to convert them or open them up to everyone again.
Clearly when I have the 'view' access set, it is overwritten by the global 'access content' setting. My only solution is in the hook_view() to handle my own access denied message, but I hate this hack-ish solution. Any recommendation? Organic Groups is not the solution at all for me. It has its own permission logic which doesn't work for my app. Nodeaccess causes more labor than I want, and again is not the solution. Maybe it is the hook_node_grants(), but honestly I can't figure its application out. Anyone with a good example?
Anyway, thoughts, suggestions, solutions welcome. Thanks in advance for the help.
