[development] access control for periodicals - does my plan make
sense?
Dave Cohen
drupal at dave-cohen.com
Sat Sep 23 18:43:46 UTC 2006
Looking for some advice and ideas....
A client is publishing a periodical online. Only paid subscribers will have
access to the nodes that are part of the periodical. Subscriptions are not
necessarily continuous. So for example a user might subscribe in 2006; not
subscribe in 2007; then subscribe again in 2008. In 2008, such a user should
be able to view content from 2006 and 2008, but not 2007.
I have a flexible system in mind; in which each subscription has a start, end
and expiration. Whether a node is visible will depend on whether its
creation date falls between the start and end of a subscription. My question
is not about this part, but about how best to hide the nodes that the user
has not paid for.
I do not plan to use "standard" access control; that is, the node_access table
and grants, because I don't see how to cleanly map a subscription start and
end date to a grant id. But that's OK because I don't need to entirely hide
the existence of these nodes. I just need to hide the full contents of the
node.
So my plan is to put some logic in hook_nodeapi. If $op == 'view', and the
user has not subscribed to the node in question, I can do something like:
$node->body = t('Sorry, you have to subscribe to view this.');
I'm writing to this group because I think is a reasonable approach, but I'm
not sure. Any thoughts or suggestions?
Thanks,
-Dave
More information about the development
mailing list