Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By ea-1 on
hi,
i'm trying to setup a site with multiple users. this site will be used by my company to upload images, videos,vs... concerning ongoing projects for client approvals. So each client has a unique user. What i want is that i could be able to post content for a specific user, and the other users shouldn't see this content.
To achieve this, i setup all the users (eg. client1, client2, etc...), i set each user a unique role (eg. roleclient1 for client1, roleclient2 for client2, etc...), then using the simple access module, i setup separate access groups for each of these roles. So, when i post content, i can tick the access group (which is actually tied to my related client) to make sure that this post will only be viewable by this client.
1st question:
Is there a better way to achieve this? (In fact, in another scenario, i used Organic Groups, it did the same thing but it brought complications to the site structure, so i dumped that idea and went with the simple access module.)
2nd question:
Please imagine this: i login to the site as one of my clients. everything is fine,i cannot see any other content that's related to another client. But when i try to post something, the dilemma starts. If as an admin, i restrict users to not be able to see and chose from access groups, the post is public therefore seen by anyone (hence all clients), but on the other hand, if i make the access group accessible to these users to chose from, then they will see the list of my clients without even trying!!! I don't know if i'm clear enough, but...
Is there a solution to this?
Thank you
Comments
Consider
Consider http://drupal.org/project/tac_lite. With it, you would not need to create a role for each client, but you would need to create a taxonomy term for each client. Perhaps that amounts to the same thing. For each user, you would select which of the terms they can view.
When one of your users creates a node, they would again see only the terms they are allowed to see. Which in your case may be just one. That is, they would not see the entire list of clients.
You might want to develop your own access control module which uses user ids instead of roles or taxonomy terms. I don't think such a thing exists, but I could be wrong. I suspect you may not want that, though, because one day you may have multiple users per client firm, and you'd want to give all those users access to the same content, without having to go back and update all the content. (I hope that made sense).