I am looking at a 'community' site where the main content (virtually all) is only accessible to approved members. However, I also need selected nodes (for instance, the main "Welcome" page node) to be visible to anonymous visitors to the site, explaining what the site is about and the criteria for membership.

To get the main access permissions to work effectively at base level, I have to disable node access permissions for both the default anonymous and authenticated roles (I have 5 other role types set up) which of course then gives anonymous users the correct menu items (Home page and contact form) but also gives the Access Denied page instead of the Welcome one.

By using npbr, is there any way that I can effect the access required for anonymous users for just the page node(s) without opening up the node access permissions, since what this does is also open up the blocks (and advanced forum links) that I don't want them to see?

Comments

deekayen’s picture

deekayen CreditAttribution: deekayen commented

Yes, and you can do the same with ACL/Content Access. When you edit your content types, you'll have a fieldset for setting default permissions per role for that content type and then when you create each node in that content type, admins will have rights to override the content type defaults for that particular node.

MGN’s picture

MGN CreditAttribution: MGN commented

NPBR allows you to set view, edit and delete permissions independently for whatever role. You can also choose the roles that are allowed to update the permissions - its not limited to the admin.

cYu’s picture

cYu CreditAttribution: cYu commented

You need to give your anonymous users 'Access Content' (it seems like you were saying you removed that permission) in order for NPBR to work. You can, however set the default NPBR permissions for content type 'Pages' so that approved members have access and anonymous to do not and then any newly created pages will only be viewable by members. Then for the limited set of nodes you'd like anonymous users to view you can edit that node and explicitly set view permission for anonymous users.

ezueff’s picture

ezueff CreditAttribution: ezueff commented

I know this is an older post but I'd like to share my solution. I have a site that where under no circumstance can I let Google bots or unauthenticated users see or access content. I had trouble with hard linking to the events module that kind of thing that were beating what I thought was originally secure. So I turned off access content for the anonymous role and that solved the access issues. Unfortunately that also meant now guest that found the sight couldn't read my ‘about us’ page and ‘contact info’ page. So I used the Views module to create a special view that pulled in each of my standard static pages like those I mentioned and also used that view to create a primary link for these nodes. Problem solved. Just be aware that Views will bypass other security as well so if you are going to try my solution make sure you really understand the security holes that Views can create. I hope this helps someone else.

deekayen’s picture

deekayen CreditAttribution: deekayen commented

I guess doing a Disallow: / in robots.txt isn't enough...

ezueff’s picture

ezueff CreditAttribution: ezueff commented

Well, I'm no expert. I can't say I trust the robots.txt against evil-doers.