[development] temporary access module

Metzler, David metzlerd at evergreen.edu
Fri Feb 16 21:42:22 UTC 2007

Yep that would work, but you have to be concerned about what links they
click on after they visit that node.   There's some similar code in the
cas_init hook for my cas module (to back door log into the user), so I
know that can be done easily.  Would be trivial if you store $user->name
of the peek user in your tables, just a call to user_load(). 

One strategy: 
peek/<uid>/<md5 hash>

then determine the rest from background tables.  The timestamp doesn't
really y provide anything, unless you're using it to generate the hash.
The rest could be determined by background tables. 

Remember that if you don't use the hash in the node access tables, then
users will be able to click on other links on the page and get
permissions until they log out. IF you're really trying to limit them to
a single node, you should try and tackle node access. 


-----Original Message-----
From: development-bounces at drupal.org
[mailto:development-bounces at drupal.org] On Behalf Of Alan Dixon
Sent: Friday, February 16, 2007 12:48 PM
To: development at drupal.org
Subject: [development] temporary access module

Hi drupalites:

I've been working on a little module i'm calling 'peek' and just
wanted to check in on duplication of efforts, existing wisdom, etc.

The client wants to be able to create a page, and then fire off a
bunch of emails to people who may or may not have accounts, allowing
them to access the page temporarily.

So an administrator needs to be able to generate a semi-secret url
(like the ones generated by the user module) that would give someone
temporary access to a single node page.

After struggling with the node_access stuff for a while, i realised
that i probably want to sidestep the usual permissions by providing
access to the node page via a callback anyway.

So the url i'm generating looks like '/peek/<uid>/<timestamp>/<hd5
and my peek table keeps track of things like the corresponding nid,
when it was generated, how long it's valid for, when it was first
accessed, and how long it remains valid after first access. I've also
got a helper function to generate new users for email address that
don't already have a user. When the link is generated, the user gets
authenticated to this uid. That way all subsequent activity is
connected to their userid for tracking purposes.

Thoughts anyone?

Alan Dixon, Web Developer

More information about the development mailing list