A drupal based website that currently powers http://aamaadmiparty.org/, the "main" site. It is different from other AAP websites in drupal for primarily large scale email sending capabilities, among many other small things. (This website is a contender for merging with 'regional-domainsite-drupal' reposiroty when the latter is ready)
GNU General Public License v2.0
0
stars
1
forks
source link
State specific users should not be able to edit/delete content that is associated to All states. #174
The domain access permissions do not work for us just as we want, and need to be custom changed.
Here is a scenario - An admin user U1 creates a page ABC and publishes it to all the state affiliates. Another 'State Domains Approver' of the State = Karnataka U2 is then able to edit this content ABC since he has the permission Edit any content assigned to the affiliated State, and ABC in deed is assigned to Karnataka too (along with other states). And now this page ABC changes for all the other affiliates too. In fact user U2 can even delete this content!!!
It is also important to note that in Drupal and in Domain Access the permissions work on a GRANT basis and not on a DENY basis. For example if role R1 has permission to 'see user profile' and role R2 does not has permission to 'see user profile' an user U1 with both the roles R1 and R2 simultaneously assigned will have the permission to 'see user profile'.
Back to our scenario, we want to
prevent State Domain Approvers from editing the content that was created for Many affiliates and their domain just happened to be one of the affiliates.
but allow then to edit content created by multiple State Domain Authors that was primarily created for their domain.
This can be achieved by creating a new custom permission, say - Edit content directly owned by assigned domain. And writing custom code that for granting access we check if this permission is present + the content is directly owned by the domain in question. And then we can remove the permission Edit any content on assigned domains (keep it only with All Domains Approver, and Administrator) and while keep this new permission with the State Domain Approvers.
sumeetpareek
commented
10 years ago
The domain access permissions do not work for us just as we want, and need to be custom changed.
Here is a scenario - An admin user U1 creates a page ABC and publishes it to all the state affiliates. Another 'State Domains Approver' of the State = Karnataka U2 is then able to edit this content ABC since he has the permission Edit any content assigned to the affiliated State, and ABC in deed is assigned to Karnataka too (along with other states). And now this page ABC changes for all the other affiliates too. In fact user U2 can even delete this content!!!
It is also important to note that in Drupal and in Domain Access the permissions work on a GRANT basis and not on a DENY basis. For example if role R1 has permission to 'see user profile' and role R2 does not has permission to 'see user profile' an user U1 with both the roles R1 and R2 simultaneously assigned will have the permission to 'see user profile'.
Back to our scenario, we want to
This can be achieved by creating a new custom permission, say -
Edit content directly owned by assigned domain. And writing custom code that for granting access we check if this permission is present + the content is directly owned by the domain in question. And then we can remove the permissionEdit any content on assigned domains(keep it only with All Domains Approver, and Administrator) and while keep this new permission with the State Domain Approvers.See images below for hint.