access control for periodicals - does my plan make sense?
Looking for some advice and ideas.... A client is publishing a periodical online. Only paid subscribers will have access to the nodes that are part of the periodical. Subscriptions are not necessarily continuous. So for example a user might subscribe in 2006; not subscribe in 2007; then subscribe again in 2008. In 2008, such a user should be able to view content from 2006 and 2008, but not 2007. I have a flexible system in mind; in which each subscription has a start, end and expiration. Whether a node is visible will depend on whether its creation date falls between the start and end of a subscription. My question is not about this part, but about how best to hide the nodes that the user has not paid for. I do not plan to use "standard" access control; that is, the node_access table and grants, because I don't see how to cleanly map a subscription start and end date to a grant id. But that's OK because I don't need to entirely hide the existence of these nodes. I just need to hide the full contents of the node. So my plan is to put some logic in hook_nodeapi. If $op == 'view', and the user has not subscribed to the node in question, I can do something like: $node->body = t('Sorry, you have to subscribe to view this.'); I'm writing to this group because I think is a reasonable approach, but I'm not sure. Any thoughts or suggestions? Thanks, -Dave
Dave Cohen wrote:
So my plan is to put some logic in hook_nodeapi. If $op == 'view', and the user has not subscribed to the node in question, I can do something like:
$node->body = t('Sorry, you have to subscribe to view this.');
In Drupal 4.7, the Premium module uses a similar approach. I think you'll do pretty well with it. Under Drupal 5.0, it's a little more complicated but follows the same basic pattern. Looking at the code for Premium.module will definitely give you a good start. -Jeff
On Saturday 23 September 2006 11:54, Jeff Eaton wrote:
Dave Cohen wrote:
So my plan is to put some logic in hook_nodeapi. If $op == 'view', and the user has not subscribed to the node in question, I can do something like:
$node->body = t('Sorry, you have to subscribe to view this.');
In Drupal 4.7, the Premium module uses a similar approach. I think you'll do pretty well with it. Under Drupal 5.0, it's a little more complicated but follows the same basic pattern. Looking at the code for Premium.module will definitely give you a good start.
Thanks for the pointer. Premium defines a hook so that I can customize the logic that grants permission. Maybe I can use Premium as part of my solution.
So my plan is to put some logic in hook_nodeapi. If $op == 'view', and the user has not subscribed to the node in question, I can do something like:
$node->body = t('Sorry, you have to subscribe to view this.');
You could instead use the 'view' op in hook_access of the node type. As with all ops of hook_access, it overrides what's in the node_access table.
On Saturday 23 September 2006 16:42, Nedjo Rogers wrote:
So my plan is to put some logic in hook_nodeapi. If $op == 'view', and the user has not subscribed to the node in question, I can do something like:
$node->body = t('Sorry, you have to subscribe to view this.');
You could instead use the 'view' op in hook_access of the node type. As with all ops of hook_access, it overrides what's in the node_access table.
Yes, but only if I define the node type, which I prefer not to do. hook_access is only called for the module that defines the node.
You could instead use the 'view' op in hook_access of the node type. As with all ops of hook_access, it overrides what's in the node_access table.
Yes, but only if I define the node type, which I prefer not to do. hook_access is only called for the module that defines the node.
True. Another option would be to use a menu override in a module called after node.module. Something like: /** * Implementation of hook_menu(). */ function modulename_menu($may_cache) { $items = array(); if ($may_cache) { } else { if (arg(0) == 'node' && is_numeric(arg(1))) { $node = node_load(arg(1)); if ($node->nid) { if (your_test_here) { $items[] = array( 'path' => 'node/'. arg(1), 'title' => t('view'), 'access' => FALSE ); } } } return $items; }
participants (3)
-
Dave Cohen -
Jeff Eaton -
Nedjo Rogers