[consulting] Restrict Group Access to one User Login Account

Eric Goldhagen eric at openflows.com
Thu Oct 8 16:18:34 UTC 2009 

I have to agree with all the folks that think it's a terrible idea to 
share accounts.

Maybe there is a way to do what is necessary without using a drupal 
login at all? I wonder if you could do what's necessary using 
.htaccess user/pass and url access restrictions for the content? this 
would give them what they want and not create such a huge potential 
for problems.

--Eric

At 9:12 AM -0700 10/8/09, Matt Chapman wrote:
>First, I also think to goal is a bad one, but I can see how it would
>potentially be more work for the administration (or for the developer)
>to devise a means to authenticate each user as a nursing student.
>
>So to the point, I think the OP wanted to restrict the user edit form
>entirely, not just certain form fields. And IMO, presenting a form with
>no enabled fields is bad for UX.
>
>So the better solution is hook_menu_alter on
>['user/%user_category/edit']['access callback'] etc...
>
>Docs:
>http://api.drupal.org/api/function/hook_menu_alter/6
>http://api.drupal.org/api/function/user_menu/6
>
>Don't forget to rebuild the menu cache after implementing this...
>
>-Matt
>
>
>
>Brian Vuyk wrote:
>>  Hacky, but...
>>
>>  Hide the form elements on the user form for that user with hook_form_alter.
>>
>>  To stop the pesky bugger with Firebug, write a quick hook_user
>>  implementation to trigger on $op = 'update' to not allow the username,
>>  email, and password to be changed unless the logged in user making the
>>  change is an administrator.
>>
>>  Brian
>>
>>  Michael Goldsmith wrote:
>>  
>>>  I tend to agree with Shai here. It¹s not a great practice by any
>>>  stretch of the imagination. HOWEVER, I¹ve never met a bad idea that I
>>>  didn¹t like. How about setting up a script to run on cron to
>>>  periodically change the email and password back to what you want it
>>>  to. Or you can probably set up some kind of an action to do it, where
>>>  whenever a user gets edited, change the email and password to whatever
>>>  you wanted. So try as they might, every time they edit the user, the
>>>  action runs.
>>>
>>>  Just a thought. If I come up with anything else, I¹ll let you know.
>>>
>>>  *Thank you very much for your time and consideration,*
>>>
>>>  */Michael Goldsmith/*
>>>  /(732) 619-6865 - mobile/
>>>  /ixlr8 at comcast.net <mailto:ixlr8 at comcast.net> - email/
>>>  /http://www.platypustheory.com <http://www.ixlr8.org/> - website/
>>>
>>>  *From:* consulting-bounces at drupal.org
>>>  [mailto:consulting-bounces at drupal.org] *On Behalf Of *Shai Gluskin
>>>  *Sent:* Thursday, October 08, 2009 11:30 AM
>>>  *To:* A list for Drupal consultants and Drupal service/hosting providers
>>>  *Subject:* Re: [consulting] Restrict Group Access to one User Login
>>>  Account
>>>
>>>  Holly,
>>>
>>>  The whole idea is asking for trouble.
>>>
>>>  I don't even want to think about how to answer this question because
>>>  this is such a bad idea. I'd tell the folks that Drupal simply doesn't
>>>  do this.
>>>
>>>  Maybe a single userid/pw can be encoded into the video files themselves?
>>>
>>>  Is the video file being streamed from your site or a third party service?
>>>
>>>  I'm sure someone else will have an idea how to help. But I'd recommend
>>>  against ideas that get Drupal itself to hide the account page for a
>>>  logged in user. Among other bad consequences, you'd be defeating a
>>>  huge amount of Drupal functionality and crippling the site for future
>>>  use-cases.
>>>
>>>  Shai
>>>
>>>  On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree at gmail.com
>>>  <mailto:hferree at gmail.com>> wrote:
>>>
>>>  Hi All,
>>>
>>>  I work for a college (drupal 6). They want all of the nursing students
>>>  to be
>>>  able to login using the same username and password that will allow them to
>>>  access only nursing tagged content (video pages). I got the access
>>>  issue to
>>>  work with tac-lite. But have had no luck in researching my problem.
>>>
>>>  My problem is:
>>>
>>>  How do I restrict a username (ex. Nursing) from accessing the
>  >> user/(number)/edit and going to the Account Information section where they
>>>  can change the email and reset the password? I don't want one student
>>>  to be
>>>  able to block out 100+ fellow students. That just seems like asking for
>>>  trouble.
>>>
>>>  Thanks,
>>>  Holly Ferree
>>>
>>>  PS On a related note...Is there a good module to play movie files or do I
>>>  even need one with Drupal 6?
>>>
>>>
>>>  _______________________________________________
>>>  consulting mailing list
>>>  consulting at drupal.org <mailto:consulting at drupal.org>
>>>  http://lists.drupal.org/mailman/listinfo/consulting
>>>
>>>  ------------------------------------------------------------------------
>>>
>>>  _______________________________________________
>>>  consulting mailing list
>>>  consulting at drupal.org
>>>  http://lists.drupal.org/mailman/listinfo/consulting
>>>  
>>>    
>>
>>  _______________________________________________
>>  consulting mailing list
>>  consulting at drupal.org
>>  http://lists.drupal.org/mailman/listinfo/consulting
>>  
>_______________________________________________
>consulting mailing list
>consulting at drupal.org
>http://lists.drupal.org/mailman/listinfo/consulting


-- 
------------------------------------------------
| Openflows Community Technology Lab, Inc.
|
| Members of: the Mayfirst/Peoplelink Network
| Local 1180, Communications Workers of America
|
| http://openflows.com
| People are intelligent. Machines are tools.
------------------------------------------------

More information about the consulting mailing list