ASU Web Community

Home :: Forums :: Drupal

ASU Webauth and Taxonomy Access Control

Monday, April 14th, 2008 - 4:57 pm
  • jbhannah

The ASU Webauth module for Drupal has the option to automatically register Webauth-logged-in users on the Drupal site. What I'm wondering (and am probably going to test) is:

  1. Is it possible to have new visitors automatically registered, and assign specific such users to a role, which when combined with the Taxonomy Access Control module would allow only those people access to certain parts of the site?
     
    Or:
     
  2. Is it possible to let only certain users register and use ASU Webauth to log in, and allow only those users (assigned to a role) access to part of the site using TAC?

Basically, can ASU Webauth and TAC be used to protect part of a Drupal site? I'm a new hire, and the person who had been working on what is now my job was told no, that won't work, but I'm not convinced. Like I said I'll probably end up guinea-pigging this anyway, and I'll post my results--I'm sure that this is something that would be useful, if it hasn't been discussed and answered before already.

‹ Best SVN respository conventions with Drupal Connecting to Directory ›
Thursday, April 17th, 2008 - 4:43 pm
  • jbhannah

I have figured out that you can do basically exactly what I suggested above using the ASU Webauth module. Settings enabled:

  • Verify on every page view
  • Force login on user login page
  • Automatically register new users
  • Users cannot change password
  • Obfuscate local login form
  • Auto-assign users to the role(s): anonymous user
  • Require ASU Webauth login for: specific pages

Using Taxonomy_access, certain pages and a sidebar block had been specified as only accessible by a certain user role. The protected pages I listed as the pages that require login, so when an unauthenticated user tries to visit those pages they are asked to log in with their ASURITE ID. On the admin end, the administrators can create a user whose username is the same as the ASURITE ID of a person who should be allowed to access the protected pages. If such a user exists for the ASURITE ID the unauthenticated user tries to log in with, and they have the permissions necessary to view the protected page, then they'll be allowed in; if not (any user who has not explicitly been given a role will still have the "anonymous user" role) then they'll be told "access denied."

Thursday, April 17th, 2008 - 4:45 pm
  • jbhannah

Put "admin" and "admin/*" in the "Specific pages" text box to prompt for login to access the admin page and admin section of the site.

Thursday, April 17th, 2008 - 5:23 pm
  • ngudmuns
  • ngudmuns's picture

you might try using the node_access module. You can create any role (called 'protected content user' for example), then grant certain nodes to be accessed only by those people in the 'protected content user' role. 

http://drupal.org/project/nodeaccess

This seems like it would solve your problem. Am I understanding it correctly? 

 

Tuesday, May 27th, 2008 - 10:37 am
  • myakerso

Nodeaccess sounds good, but there is no official release for Drupal v5. Which version have you used, and is it "ready for prime time"? We're currently in the development stage, but will soon be looking to take this thing live.

Wednesday, June 4th, 2008 - 12:11 pm
  • jrbeeman
  • jrbeeman's picture

It may not be what you're looking for, but Organic Groups provides some great access control stuff, as well. I wrote a module for ASU called Simple LDAP that lets you use LDAP attributes to automatically populate groups, which can then be used to control access to content. The module also allows you to automatically set user roles based on LDAP attributes, so it could provide nice integration with TAC, as well.

You can check out the module via Subversion at https://svn.asu.edu/svn/drupal/modules/simple_ldap/branches/5.x