[consulting] Restrict Group Access to one User Login Account

Matt Chapman Matt at NinjitsuWeb.com
Thu Oct 8 16:12:22 UTC 2009 

First, I also think to goal is a bad one, but I can see how it would 
potentially be more work for the administration (or for the developer) 
to devise a means to authenticate each user as a nursing student.

So to the point, I think the OP wanted to restrict the user edit form 
entirely, not just certain form fields. And IMO, presenting a form with 
no enabled fields is bad for UX.

So the better solution is hook_menu_alter on 
['user/%user_category/edit']['access callback'] etc...

Docs:
http://api.drupal.org/api/function/hook_menu_alter/6
http://api.drupal.org/api/function/user_menu/6

Don't forget to rebuild the menu cache after implementing this...

-Matt



Brian Vuyk wrote:
> Hacky, but...
>
> Hide the form elements on the user form for that user with hook_form_alter.
>
> To stop the pesky bugger with Firebug, write a quick hook_user 
> implementation to trigger on $op = 'update' to not allow the username, 
> email, and password to be changed unless the logged in user making the 
> change is an administrator.
>
> Brian
>
> Michael Goldsmith wrote:
>   
>> I tend to agree with Shai here. It’s not a great practice by any 
>> stretch of the imagination. HOWEVER, I’ve never met a bad idea that I 
>> didn’t like. How about setting up a script to run on cron to 
>> periodically change the email and password back to what you want it 
>> to. Or you can probably set up some kind of an action to do it, where 
>> whenever a user gets edited, change the email and password to whatever 
>> you wanted. So try as they might, every time they edit the user, the 
>> action runs.
>>
>> Just a thought. If I come up with anything else, I’ll let you know.
>>
>> *Thank you very much for your time and consideration,*
>>
>> */Michael Goldsmith/*
>> /(732) 619-6865 - mobile/
>> /ixlr8 at comcast.net <mailto:ixlr8 at comcast.net> - email/
>> /http://www.platypustheory.com <http://www.ixlr8.org/> - website/
>>
>> *From:* consulting-bounces at drupal.org 
>> [mailto:consulting-bounces at drupal.org] *On Behalf Of *Shai Gluskin
>> *Sent:* Thursday, October 08, 2009 11:30 AM
>> *To:* A list for Drupal consultants and Drupal service/hosting providers
>> *Subject:* Re: [consulting] Restrict Group Access to one User Login 
>> Account
>>
>> Holly,
>>
>> The whole idea is asking for trouble.
>>
>> I don't even want to think about how to answer this question because 
>> this is such a bad idea. I'd tell the folks that Drupal simply doesn't 
>> do this.
>>
>> Maybe a single userid/pw can be encoded into the video files themselves?
>>
>> Is the video file being streamed from your site or a third party service?
>>
>> I'm sure someone else will have an idea how to help. But I'd recommend 
>> against ideas that get Drupal itself to hide the account page for a 
>> logged in user. Among other bad consequences, you'd be defeating a 
>> huge amount of Drupal functionality and crippling the site for future 
>> use-cases.
>>
>> Shai
>>
>> On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree at gmail.com 
>> <mailto:hferree at gmail.com>> wrote:
>>
>> Hi All,
>>
>> I work for a college (drupal 6). They want all of the nursing students 
>> to be
>> able to login using the same username and password that will allow them to
>> access only nursing tagged content (video pages). I got the access 
>> issue to
>> work with tac-lite. But have had no luck in researching my problem.
>>
>> My problem is:
>>
>> How do I restrict a username (ex. Nursing) from accessing the
>> user/(number)/edit and going to the Account Information section where they
>> can change the email and reset the password? I don't want one student 
>> to be
>> able to block out 100+ fellow students. That just seems like asking for
>> trouble.
>>
>> Thanks,
>> Holly Ferree
>>
>> PS On a related note...Is there a good module to play movie files or do I
>> even need one with Drupal 6?
>>
>>
>> _______________________________________________
>> consulting mailing list
>> consulting at drupal.org <mailto:consulting at drupal.org>
>> http://lists.drupal.org/mailman/listinfo/consulting
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> consulting mailing list
>> consulting at drupal.org
>> http://lists.drupal.org/mailman/listinfo/consulting
>>   
>>     
>
> _______________________________________________
> consulting mailing list
> consulting at drupal.org
> http://lists.drupal.org/mailman/listinfo/consulting
>

More information about the consulting mailing list