|Created:||somebody at Wed, 07/25/2007 - 10:45am|
|Status:||Open (General Task / Priority 1-High)|
|Case ID:||OG User Roles: 72-185|
OG User Roles now supports these two modules:
These modules allow you to custom define roles and/or users who can access particular nodes.
The following discussion assumes you have, in addition to OG User Roles, installed both Content Access and ACL modules as well as Taxonomy Access Control (TAC). It also assumes you have created a content type called "Document". You can use any content type you wish, but for this discussion and testing, we've created a content type called "Document".
Configure "Document" content type (assumes you have already created it):
Click on "Access Control" tab for this content type:
From this screen:
"Document" content type is now set up to use Content Access.
I create a "Document" vocabulary and add the "Document" content type to it.
Home > Administer > Content management
I then use the "add terms" link to add a "NONE" term to the "Document" vocabulary.
Using Taxonomy Access Permissions (TAC), I grant NO role access to this term (except for privileged "Admin" users). This means that any node you assign this term to will not be viewable by anyone. This is the recommended category to use for content for which you intend to use Content Access (i.e., assign customized permissions).
You must do this because you cannot use Content Access to revoke permisisons granted by TAC. However, you can use Content Access to grant permissions to content that TAC does not grant permissions to.
Note: Your Admin role(s) should be given List/Create permisisons here for "NONE" term.
Give your Admin users permission to grant content access.
Gave "Admin" and "GroupAdmin" roles these permissions:
grant content access
grant own content access
These are my Admin roles which can create Content Access nodes. These roles need to be able to List/Create "NONE" term (use Taxonomy Access: Permissions).
It is first important to remember that if you want to create custom access to a node you create, that node must NOT have access granted by a vocabulary term. From a technical standpoint, Content Access and Taxonomy Access (TAC) do not work together. So, you can't, for example, assign a node a vocabulary in which TAC allows Role A to view it, then try to use Content Access to restrict Role A from viewing it.
In order to use Content Access, you must assign the node for which access is to be customized to the "NONE" category (you have used TAC to grant NO users access to "NONE" content, except for Admin users). Then from the node's "Access Control" tab (which will appear once the node is submitted) you assign what roles and/or users can view/edit/delete the node.
To create a node with customized content access (using the "Document" content type):
If you make any changes to this screen, don't forget to click on "Submit".
Don't forget that if you add users to the ACL using the "Add User" button, you must still click on the "Submit" button at the bottom of the screen for your entries to be valid.