Posted by stpaultim on Tue, May 24, 2022 - 4:46pm --- Updated: May 24 '22 - 6:01pm

I would like to create a recipe (a module) that provides a user guide for site editors using the book module. One of the main requirements of this recipe or module would be that the content (book pages) is only visible to authenticated users.

I can't think of anyway to do this in core alone and there are 4 different content access contrib modules. (See my suggestion to add this ability to core -- and comment on the issue if you think it's a good idea): https://github.com/backdrop/backdrop-issues/issues/5634 

Until that happens, I think I'll need to make my recipe dependent upon contrib module and configure that module in the module.install file. 

I'm looking for suggestions:

1) Is there a way to accomplish my tasks in core using layouts and visibility rules (without a context access module)? I tried this, but I don't think it works. 

2) If I need a content access module and my only need is make a single content type inaccessible to unauthenticated users, which one is the best (least overkill)?

3) Could or should I be doing this with a little custom code without a contrib module? Maybe add a boolean field to book pages that when "true" hides them from unauthenticated users and make it "true" by default. If I had such a setting, would it be easy enough to write code to hide these nodes? (Tips on what that code might look like would be appreciated). 

Accepted answer

"Content View Access" seem to provide exactly the permissions you need.

If you're looking for a solution without other contributed modules, you may set your Book content type to "Hide path display", show the content in a Views block  and restrict access using visibility conditions.

Comments

Tue, May 24, 2022 - 6:10pm by BWPanda (not verified)

  1. Even if you worked out how to do this (it's likely possible), users would still be able to access the content directly (e.g. /node/NID) since this isn't a full access/permission solution (depends if that matters to you or not).
  2. It sounds like all you need is a new 'View' permission for each content type (so you can allow Authenticated users to view/access Book nodes, but not Anonymous users). If that's the case, then Content View Access sounds like it does just that.
  3. While it may be simple to implement your own custom solution, considering this may involve security/privacy (again, depending how much this is important to you), I'd advise against writing your own solution from scratch and suggest instead using a contrib module that at least has the benefit of getting more eyes on it to find bugs, etc.

So I recommend option 2 with the Content View Access contrib module.

Tue, May 24, 2022 - 7:18pm by stpaultim

So I recommend option 2 with the Content View Access contrib module.

Thanks for feedback. I think your suggestions are all correct. Just need to decide which module. Content Access does a lot more than I need right now, so looking at the other options.

Olafski's picture

Wed, May 25, 2022 - 1:41am by Olafski

"Content View Access" seem to provide exactly the permissions you need.

If you're looking for a solution without other contributed modules, you may set your Book content type to "Hide path display", show the content in a Views block  and restrict access using visibility conditions.

Wed, May 25, 2022 - 9:46pm by stpaultim

@Olafski - Interesting suggestion regarding use of "hide path display."

I've moved forward using the "Content View Access" module. For my simple requirements, this module seems to work very well and is easy to use.