- Status changed to Postponed: needs info
over 1 year ago 5:40pm 15 August 2023 - π·πΊRussia antiden
Hi, i have fresh installation.
- Drupal 9
- Group 3 β
- Group 3 patch #8 β¨ "View own" permission Needs work for permission "View own permission"
- TAC Light 1.7
-
Preparation
- Created Content type: "Group News"
- Created Taxonomy type: "News moderation" with statuses: "Draft", "Check", "Published", "Archived"
- In "Group News" created field with taxonomy reference "News moderation" with name "Moderation" with required and by default value "Draft"
- Created Group type: "Company" with all checkboxes, in Content Tab installed "Group News"
- Created 3 users: test (role - Auth), test1 (role - Auth), editor (role - Editor)
- In Group type "Company" added new role: "Editor" with Inside role in select global role "Editor"
- In system Roles page, for Editor checkboxes same Auth
- Created Group: "Company 1" and added 3 users with default roles (2 Member and 1 Editor)
- In Group Permissions: View published group and Entity: Add content item entities for roles member and Editor
-
TAC Light
- Settings -> Vocabularies -> News moderation
- Number of Schemes: 2
- Scheme 1 -> Name: View -> Grant -> Authenticated user and Editor -> Selected All
- Scheme 2 -> Name: Edit -> Grant -> Authenticated user -> Draft
- Scheme 2 -> Name: Edit -> Grant -> Editor -> Selected All
- Rebuild permissions and cache
-
Testing
- User "test", add new News from Group, Add Group News
/group/1/content/create/group_node%3Agroup_news - User "test" can view new post, but not edit (in TAC Light permission if draft can edit)
- User "editor", not view and edit permissions (in TAC Light can view and edit)
-
I think the Group's access rights override the rights of TAC Light. - Status changed to Closed: works as designed
about 1 year ago 10:37am 20 October 2023 - πΊπΈUnited States grndlvl
Oh I see now. Yes sadly, this is the default behavior of node_access controls in Drupal core. Typically node access modules do 1 or two things they either "ignore" (which means somebody else will be handling) OR access is "granted", but never revoked.
A user only needs 1 module to grant access to a node.
A user only needs 1 module to deny access to a module.This is why it's generally discouraged to not use too many overlapping node_access control modules as it will give unexpected results. You'll need to integrate the two together you may check out https://www.drupal.org/project/acb β . I have never used this one myself, but it certainly sounds like the behavior you are after:
It should be noted however that you should be well aware about the settings of each of the enabled access control modules since access will only be granted if all modules controlling access to a specific node explicitly allow it.
E.g if a node is controlled by Content Access and Workflow and the node should only be visible for anonymous users at a specific workflow state, you should grant anonymous users view permission in Content Access as this is further modulated by Workflow!Feel free to reach out if you need additional assistance.
- π¨π³China fishfree
@grndlvl Thank you for your tip. I test Access Control Bridge β , however, it still does not work. Access Control Bridge does not declare bridge between group β in its README.
@antiden Have you also test with Access Control Bridge?