You are here
Default permissions with nodeaccess.module
We have two roles: documentation-builders and customers. The documentation-builders want to hide some content from the customers, but they want some contents to be editable by the customers. The hiding part can be done with the nodeaccess.module - but how should we do the latter?
Nodeaccess can help us specify the permissions the documentation-builders should be able to alter per node. If I enable the view, the first part is done, since the customers will be granted the view permission at content submission by default. Anyway, to revoke it, the content must be submitted first, and the new "Grant" tab of nodeaccess (where the view permission can be revoked) becames visible/usable only at this point. So far so good, since we have only a few pieces of content to be hidden from the customers.
On the other hand if we enable the feature of nodeaccess which permits altering the edit permission for the documentation-builders, then customers will be granted the edit permission for every newly-submitted piece of content by default. Anyway, we want only a few pieces of content to be editable by customers, so this is not the best solution, as the majority of content should be submitted first, and then the edit permission must be revoked immediately on the "Grant" tab.
It would be much more easier to specify the default permissions at submission, besides the list of alterable permissions and roles on the "Grant" tab after submission. The above-mentioned problem could be solved quite easily by enabling grant both view and edit permissions for customers, but grant only the view permission at submission by default for them.
Well, this is what the attached patch does.