modules/simple_access/README.txt

------------------------------------------------------------------------------
  Simple Access Module for Drupal
    developed by: Jeff Robbins | jjeff | robbins (att) jjeff (d0t) com
------------------------------------------------------------------------------

After testing out most of Drupal's node-access modules, I found myself
frustrated with their tendency toward confusing user interfaces,
defaulting to hiding all nodes, or allowing me to inadvertently make
nodes editable or deletable by non-administrators.

Simple Access is an attempt to solve these problems with a focus on
simplicity and ease of use. This module provides an easy way to make
nodes accessible by only a group (or groups) of users. It defaults to
only managing access of viewability, so that administrators can simply
make some nodes "private". However, the module can also manage
editability and deleteability of nodes as well, allowing for nodes that
are editable by anyone in a certain role.

Access groups are based on roles. So for example, my site has roles
entitled "Coach Level 1", "Coach Level 2", and "Coach Level 3". I can
create an access group called "Coaches" and assign all of these roles to
it. Then when I assign a node to be viewable only by "Coaches", only
users who are a member of these roles will be able to view.

Nodes that are not assigned to any access groups will remain viewable by
all users, so all nodes will remain viewable when activating this
module. And nodes only become private when they are assigned to an
access group.


-------------------------------------------------------------------------
The following is an summation of an email exchange that sheds some light
on the way that simple_access works and how node access works in Drupal
in general.
-------------------------------------------------------------------------

On Jun 27, 2005, at 8:45 AM, David Norman wrote:

I'd like to try Simple Access. If I don't like it, does it make any
changes other than the two tables it comes with that I wouldn't like if
I decided to deactivate it?

Jeff Robbins wrote:

Yes it does. All modules that manage node access need to alter Drupal's
node_access table. They need to remove the entry that allows all users
to see all nodes. Many of those modules don't give you any control over
this, however simple_access allows you to add and remove the appropriate
stuff from the node_access table from its settings pages. So enabling
the module is a two step process: 1) enable the module in admin/modules,
and then 2) go to the simple access settings and enable the database.

To deactivate the module: 1) Go to simple_access settings and deactivate
the database, 2) disable the module in admin/modules. This should put
you back to where you were before you installed and all nodes should be
viewable.

-Jeff


On Jul 11, 2005, at 11:03 AM, David Norman wrote:

I put simple_access together with og.module (Organic Groups) and it
seems simple_access rights don't get enforced. I'm still investigating
it, but is there something you can think of that would cause that?


	From: 	  robbins@xxxxxxx
	Subject: 	Re: simple_access.module
	Date: 	July 11, 2005 12:43:50 PM EDT
	To: 	  deekayen@xxxxxx

Hi David,

Yeah, that's a tricky one. I haven't looked at how OG handles its node
access stuff. But this actually may be more of a core Drupal problem
than a problem with the modules.

Drupal doesn't handle the node access as restrictions, but rather as
"grants". And if any module grants access to view, edit, or delete a
node to a certain user, another module cannot take it away.

In order to
make simple_access "simple", it grants view access to all nodes when it
is enabled and access only becomes restricted (i.e. there is no 'grant'
for all users) when access groups are assigned to a node. It's
confusing, I know! The intent of this is to be able to enable
simple_access without needing to assign specific permissions to every
node in order to make them viewable. That is how most of the other
access modules work, and what happens is that all of your nodes "go
away" when you enable them.

So my guess is that simple_access' default view grant for all users is
in conflict with OG's tendency toward hiding all nodes. The only
workaround that I can think of for this is kind of dodgy:

1. Create a new user role without any users assigned to it. You could
call it 'nobody'. 2. Create an access group in simple_access called
'Nobody' and assign this role to it. 3. Select 'Only viewable by'
'nobody' for nodes that you want managed by Organic Groups.

This will remove simple_access' universal view grant for those nodes and
leave it up to OG to grant or deny access.

Although I have to admit that this solution makes simple_access look not
so simple anymore. :-)

-Jeff


1	------------------------------------------------------------------------------
2	Simple Access Module for Drupal
3	developed by: Jeff Robbins \| jjeff \| robbins (att) jjeff (d0t) com
4	------------------------------------------------------------------------------
5
6	After testing out most of Drupal's node-access modules, I found myself
7	frustrated with their tendency toward confusing user interfaces,
8	defaulting to hiding all nodes, or allowing me to inadvertently make
9	nodes editable or deletable by non-administrators.
10
11	Simple Access is an attempt to solve these problems with a focus on
12	simplicity and ease of use. This module provides an easy way to make
13	nodes accessible by only a group (or groups) of users. It defaults to
14	only managing access of viewability, so that administrators can simply
15	make some nodes "private". However, the module can also manage
16	editability and deleteability of nodes as well, allowing for nodes that
17	are editable by anyone in a certain role.
18
19	Access groups are based on roles. So for example, my site has roles
20	entitled "Coach Level 1", "Coach Level 2", and "Coach Level 3". I can
21	create an access group called "Coaches" and assign all of these roles to
22	it. Then when I assign a node to be viewable only by "Coaches", only
23	users who are a member of these roles will be able to view.
24
25	Nodes that are not assigned to any access groups will remain viewable by
26	all users, so all nodes will remain viewable when activating this
27	module. And nodes only become private when they are assigned to an
28	access group.
29
30
31
32
33	-------------------------------------------------------------------------
34	The following is an summation of an email exchange that sheds some light
35	on the way that simple_access works and how node access works in Drupal
36	in general.
37	-------------------------------------------------------------------------
38
39	On Jun 27, 2005, at 8:45 AM, David Norman wrote:
40
41	I'd like to try Simple Access. If I don't like it, does it make any
42	changes other than the two tables it comes with that I wouldn't like if
43	I decided to deactivate it?
44
45	Jeff Robbins wrote:
46
47	Yes it does. All modules that manage node access need to alter Drupal's
48	node_access table. They need to remove the entry that allows all users
49	to see all nodes. Many of those modules don't give you any control over
50	this, however simple_access allows you to add and remove the appropriate
51	stuff from the node_access table from its settings pages. So enabling
52	the module is a two step process: 1) enable the module in admin/modules,
53	and then 2) go to the simple access settings and enable the database.
54
55	To deactivate the module: 1) Go to simple_access settings and deactivate
56	the database, 2) disable the module in admin/modules. This should put
57	you back to where you were before you installed and all nodes should be
58	viewable.
59
60	-Jeff
61
62
63	On Jul 11, 2005, at 11:03 AM, David Norman wrote:
64
65	I put simple_access together with og.module (Organic Groups) and it
66	seems simple_access rights don't get enforced. I'm still investigating
67	it, but is there something you can think of that would cause that?
68
69
70	From: robbins@xxxxxxx
71	Subject: Re: simple_access.module
72	Date: July 11, 2005 12:43:50 PM EDT
73	To: deekayen@xxxxxx
74
75	Hi David,
76
77	Yeah, that's a tricky one. I haven't looked at how OG handles its node
78	access stuff. But this actually may be more of a core Drupal problem
79	than a problem with the modules.
80
81	Drupal doesn't handle the node access as restrictions, but rather as
82	"grants". And if any module grants access to view, edit, or delete a
83	node to a certain user, another module cannot take it away.
84
85	In order to
86	make simple_access "simple", it grants view access to all nodes when it
87	is enabled and access only becomes restricted (i.e. there is no 'grant'
88	for all users) when access groups are assigned to a node. It's
89	confusing, I know! The intent of this is to be able to enable
90	simple_access without needing to assign specific permissions to every
91	node in order to make them viewable. That is how most of the other
92	access modules work, and what happens is that all of your nodes "go
93	away" when you enable them.
94
95	So my guess is that simple_access' default view grant for all users is
96	in conflict with OG's tendency toward hiding all nodes. The only
97	workaround that I can think of for this is kind of dodgy:
98
99	1. Create a new user role without any users assigned to it. You could
100	call it 'nobody'. 2. Create an access group in simple_access called
101	'Nobody' and assign this role to it. 3. Select 'Only viewable by'
102	'nobody' for nodes that you want managed by Organic Groups.
103
104	This will remove simple_access' universal view grant for those nodes and
105	leave it up to OG to grant or deny access.
106
107	Although I have to admit that this solution makes simple_access look not
108	so simple anymore. :-)
109
110	-Jeff
111
112
113
114