[development] OG User Roles

Ron Parker sysop at scbbs.com
Sun Mar 18 21:11:16 UTC 2007

Hello. I'm new to this list, so please bear with me.  I've been working 
on a module for the past 9 months and recently submitted a request to 
the CVS administrator for a project account.  The administrator told me 
I needed to run this project past the developers mailing list.

I have posted details on the proposed project here: 

Essentially, I updated the existing og_roles module to be able to define 
roles by individual groups.  So, instead of assigning a role to a user 
account and that user then having that role everywhere in the site, my 
module assigns a role to a user in a group, and the user only has the 
access granted by that role in the group that role is assigned to him.  
Therefore, a user can now have different roles in different groups.

The problem is that in order to make this work, I needed to modify the 
user_access function of the user.module to recognize roles based upon 
the group context. 

Specifically, the changes I make are:

1. Creating the og_users_roles table which is the same as the 
users_roles table except that adds the GroupID.
2. Modifying the user_access function so that it additionally reads the 
og_users_roles table, recognizes the existing group context (if any), 
and adds whatever roles are appropriate.

The change to the user.module is small: simply replacing $user->roles 
with my function that returns the results of $user->roles + whatever 
roles are allowed based upon the group (og user roles).  I haven't 
changed the core functionality of the function, only added the og user 
roles addtional functionality.  In other words, if there are no og user 
roles, then the function still returns only $user->roles.  If there are 
og user roles, then the function returns those roles + $user->roles.

Needless to say, the CVS administrator has a big problem with #2.  He 
asked that I run this concept by the developers mailing list in order to 
see if anyone might have a workaround solution that doesn't involve 
"hacking" the core.  I don't see how you do it without user_access 
recognizing the group context, but then again, everything I've learned 
about Drupal has been through trial and error, so there is certainly a 
ton of things I don't know.

Any suggestions? 


Ron Parker
Software Creations               http://www.scbbs.com
Self-Administration Web Site     http://saw.scbbs.com
SDSS Subscription Mgmt Service   http://sdss.scbbs.com
Central Ave Dance Ensemble       http://www.centralavedance.com
R & B Salsa                      http://www.randbsalsa.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070318/44905682/attachment.htm 

More information about the development mailing list