This project is not covered by Drupal’s security advisory policy.
Deprecated
This module is now deprecated due to the creation of the entity_access_by_role_field. I recommend manually switching to the drupal/entity_access_by_role_field module which contains more features and is actively supported.
Synopsis
Out of the box, Drupal doesn't provide access restrictions on a single entity basis.
This module allows you to place access restrictions via roles on an entity by entity basis.
It provides a role_access field, which is prepopulated with the roles available on your site. When added to an entity, only the roles selected in the field on that entity will have view access on that entity.
Requirements
Currently only available for drupal 8.
How to use
Once enabled the "role_access" field will be available to assign to your entities.
Once assigned, create some content and assign some roles to your newly created field.
Only those roles should be able to view that content.
the following function
function entity_access_by_role_check_access(EntityInterface $entity, AccountInterface $account)
is provided to allow to you perform custom checks on an entity.
E.g allowing access to a node based on the role_access values on an entity referenced taxonomy term. This would involve passing the taxonomy entity through as the first argument in your custom hook_entity_access hook.
Known problems
A RouteSubscriber has been included to revert the access requirements on a taxonomy term back to defaults
_entity_access: 'taxonomy_term.view'
taxonomy_term: \d+
so that hook_entity_access works on taxonomy terms again. It's changed from this in another route subscriber as a part of core.
Restrictions
Restricted to fieldable entities
This module does not integrate with the node system's access tables (via hook_node_grants and hook_node_access_records). This means that the access-by-role settings for individual nodes are not respected when a node is being queried by views, search results, etc. This module only protects direct view of an entity.
Project information
- Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed. - Obsolete
Use of this project is deprecated. - Module categories: Content Editing Experience, Access Control
- 8 sites report using this module
- Created by Shamrockonov on , updated
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.