[consulting] Restrict Group Access to one User Login Account

Thu Oct 8 15:46:52 UTC 2009

Hacky, but...

Hide the form elements on the user form for that user with hook_form_alter.

To stop the pesky bugger with Firebug, write a quick hook_user 
implementation to trigger on $op = 'update' to not allow the username, 
email, and password to be changed unless the logged in user making the 
change is an administrator.

Brian

Michael Goldsmith wrote:
>
> I tend to agree with Shai here. It’s not a great practice by any 
> stretch of the imagination. HOWEVER, I’ve never met a bad idea that I 
> didn’t like. How about setting up a script to run on cron to 
> periodically change the email and password back to what you want it 
> to. Or you can probably set up some kind of an action to do it, where 
> whenever a user gets edited, change the email and password to whatever 
> you wanted. So try as they might, every time they edit the user, the 
> action runs.
>
> Just a thought. If I come up with anything else, I’ll let you know.
>
> *Thank you very much for your time and consideration,*
>
> */Michael Goldsmith/*
> /(732) 619-6865 - mobile/
> /ixlr8 at comcast.net <mailto:ixlr8 at comcast.net> - email/
> /http://www.platypustheory.com <http://www.ixlr8.org/> - website/
>
> *From:* consulting-bounces at drupal.org 
> [mailto:consulting-bounces at drupal.org] *On Behalf Of *Shai Gluskin
> *Sent:* Thursday, October 08, 2009 11:30 AM
> *To:* A list for Drupal consultants and Drupal service/hosting providers
> *Subject:* Re: [consulting] Restrict Group Access to one User Login 
> Account
>
> Holly,
>
> The whole idea is asking for trouble.
>
> I don't even want to think about how to answer this question because 
> this is such a bad idea. I'd tell the folks that Drupal simply doesn't 
> do this.
>
> Maybe a single userid/pw can be encoded into the video files themselves?
>
> Is the video file being streamed from your site or a third party service?
>
> I'm sure someone else will have an idea how to help. But I'd recommend 
> against ideas that get Drupal itself to hide the account page for a 
> logged in user. Among other bad consequences, you'd be defeating a 
> huge amount of Drupal functionality and crippling the site for future 
> use-cases.
>
> Shai
>
> On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree at gmail.com 
> <mailto:hferree at gmail.com>> wrote:
>
> Hi All,
>
> I work for a college (drupal 6). They want all of the nursing students 
> to be
> able to login using the same username and password that will allow them to
> access only nursing tagged content (video pages). I got the access 
> issue to
> work with tac-lite. But have had no luck in researching my problem.
>
> My problem is:
>
> How do I restrict a username (ex. Nursing) from accessing the
> user/(number)/edit and going to the Account Information section where they
> can change the email and reset the password? I don't want one student 
> to be
> able to block out 100+ fellow students. That just seems like asking for
> trouble.
>
> Thanks,
> Holly Ferree
>
> PS On a related note...Is there a good module to play movie files or do I
> even need one with Drupal 6?
>
>
> _______________________________________________
> consulting mailing list
> consulting at drupal.org <mailto:consulting at drupal.org>
> http://lists.drupal.org/mailman/listinfo/consulting
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> consulting mailing list
> consulting at drupal.org
> http://lists.drupal.org/mailman/listinfo/consulting
>   