How to create collections of content that can be accessed by users with various access levels?

1
0
-1

I'm looking for a way to create collections of content (nodes) that can be accessed by sets of users and with variations of access levels (such as read only versus update/delete allowed).

Some examples:

  • A school where each class (= set of users) has a specific set of collections (eg training materials used during classes), with collections specific to 1st grade, 2nd grade, etc. Whereas users with a role of "teacher" have update/delete access to those collections, and users with a role of "students" have read access only to those collections.
  • A company where each department (= set of users) has a specific set of resources (brochures, forms, etc), with collections specific to HRM, Accounting, Marketing, etc. Whereas users with a role of "manager" have update/delete access to those collections, and users with a role of "employees" have read access only to those collections.

In a Drupal 7 site you might use Organic Groups (OG), with the typical facilities that OG offers. But for Drupal 8, apart from the initial port available on GitHub, there doesn't seem to be a stable release of Organic Groups yet (as confirmed also by Issue 2591017).

Any suggestions, different from "writing custom code"?

Topics: 

1 answer

1
0
-1
This one is the BEST answer!

About

The Group module allows for creating arbitrary collections of your content and users on your site, and grant access control permissions on those collections.

Group creates groups as entities, making them fully fieldable, extensible and exportable. Every group can have users, roles and permissions attached to it. Groups can also act as a parent of any type of entity. Group provides an extensive API to attach entities to groups.

Configuration

Example

Group type ID ! Group type ! Group role ID ! Role
--------------+------------+---------------+------------
 1            ! Class      ! 3             ! Instructor
 1            ! Class      ! 4             ! Student
 2            ! Customers  ! 5             ! Lead
 2            ! Customers  ! 6             ! Prospect
 2            ! Customers  ! 7             ! Licensed Customer
 2            ! Customers  ! 8             ! Sales
 2            ! Customers  ! 9             ! Support
 2            ! Customers  ! 10            ! Accounting
 2            ! Customers  ! 11            ! R&D
 3            ! Project    ! 12            ! Project Manager
 3            ! Project    ! 13            ! Developer
 3            ! Project    ! 14            ! Customer 

Group Types

The above example consists of 3 group types:

  • Class.
  • Customers.
  • Project.

Group Roles

For each of the 3 group types, there are specific Roles defined. E.g., for the the Project group type, these are the 3 roles that are configured:

  • Project Manager.
  • Developer.
  • Customer.

These are the Group Specific Roles: these roles can be configured per group type and will only be available on groups of that group type. As an example, for group type "Class", the defined roles are Instructor and Student (which are not available for the other group types.

On top of the group specific roles, there are also Special Global Roles: These are the special (hardcoded) roles named Outsider (= a signed in user that did not join a group) and Member (= a signed in user that did join a group). These cannot be defined by the Drupal administrator, and they are always available for any group. These roles can have different permissions sets for each group type. Special case: the role Anonymous is related to a user that is not signed.

Groups

Each of the configured group types can have any number of Groups. E.g., for the Customers group type, there could be these Groups:

  • Service Requests.
  • Order Processing.
  • Sales Orders.
  • Relationship Management.

Permissions

For each of the configured group types, you can then also configure for each Content Type which Role has what kind of access (= none, view, create, edit, delete). Be aware: even though this looks similar to Drupal's permission configuration, these permissions are not the same permissions (they are specific to the Group module).

Module integrations

The Group module integrates with various other (popular) modules, such as Views, Rules, etc. These integrations are more or less out-of-the box (not dozens of extra modules needed to make those integrations work). Simply because everything is entity based.

Resources