views:

315

answers:

4

I need to limit access of content on Drupal site based on the Drupal User's Role.

http://site.com/managers/intro

http://site.com/managers/reviews

http://site.com/managers/up-for-raises

The content can be of multiple content types and isn't limited to one specific content-type. These content types will be used elsewhere on the site so I can't lock down the whole content type.

I can get all the nodes/views to live at those addresses by menu settings when they are created, but I don't know how do I limit access via role other than a bunch of preprocess functions in template.php, but that seems to be the wrong way to do it.

I searched for a module and asked on #drupal-support IRC, but no results came up that use drupal roles as the limiting factor.

+2  A: 

Seems to me that if 'managers' is always going to be in the URL for that section, you could write a little tiny module that uses hook_init to basically say if the current user's role isn't one of these specified roles, and the url contains "/managers/", then drupal_goto() the login page.

You could also use the Rules module to get that done pretty easily, though if that's the only thing you'd be using Rules for, then it's not worth it.

There are also plenty of access-by-node modules (such as nodeaccess of all things), but these would also probably be more effort that it's worth to accomplish such a simple task.

Mike Crittenden
I have rules already installed, but I'm new to rules. How would I go about making a rule/trigger combo to detect role and url pattern?
easement
I have a triggered rule set up so that I can redirect to login when content is viewed. However, I don't know how to assign the rule to specific content.
easement
You should be able to add a condition that narrows down the pages to which the rule applies to.
Mike Crittenden
+1  A: 

If i got it right, what you are trying to achieve is to have only certain roles being able to access pages located at a given URL.

BY USING A CONTRIB ACCESS MODULE

As already mentioned by mcrittenden, there is a plethora of modules that allows you to tweak content access. Among them, content access can surely do what you want to, as it allows you to set up permission for each node separately.

BY USING FLAG + VIEWS

Another possible way to do this without coding, is with a combination of the flag module the views module. Here's a brief overview of how I would do:

  1. Create three flags, which you can use to mark content (any type of content!) that will have to be viewed at any of the addresses you specified in your question (for example: create a flag "intro" that you will use to mark nodes that have to be displayed at the page "/mangers/intro")
  2. Create 3 views (one for each address you listed in your question) that would pull out of the DB the nodes you need by filtering them on the basis of your flag.
  3. Set the permission of these views according to the role.

BY WRITING A MODULE THAT CHECKS THE URI AND BLOCK UNAUTHORIZED USERS

You surely can do this. The main advantage would be that it would be a very lightweight solution in terms of CPU and memory load, but there are a few gotchas you have to pay attention to. For example the fact that you can always access your content via urls in the format the http://example.com/node/nodenumber), so you have to check a URL for its aliases too. But also the fact that a user might append a bogus ?something to the URL and you have to write the regex to take in account for such case...

(Also the idea of the rules module given by mcrittenden is a good one, but I did not mention it as I thought to it only when I read his answer).

Hope this helps!

mac
The http://drupal.org/project/globalredirect module should take care of "node/123". It redirects all URLS to a single path, preferring to use the alias if possible. You could also use hook_menu_alter to deny access to every node, then re-enable access for nodes with a path as described.
Grayside
A: 

You could also investigate Menu Access, which allows you to associate access between a role and a menu, or a role and a menu tree. (Keep in mind that in Drupal, the "menu router" table is mysteriously not just the UI, but also the traffic router which connects every piece of content to a URL.)

Because all items are associated with menu entries, you do not have the problem of the path alias not necessarily being universal. You can also use modules such as Menu Block to mimic book navigation.

This module appears to be closer to an Alpha or Beta release despite it's full & recommended status, so be careful on production sites.

Grayside
+2  A: 

Although this is an old question, the http://drupal.org/project/path_access does exactly this now.

Mike Crittenden
Nice. This is one one those would have been really nice to know about a while back. I made a really lightweight module that does some simple checks, but would have been nice to save the dev time.
easement