Description of the need
Currently #24
on the new feature priority poll - https://forum.backdropcms.org/feature-requests (July 3, 2024)
I have never understood why I can set permissions per content type for everything, but access.
I frequently want to set up an internal content type that is only for site administrators or editors, but never available to unauthenticated users. It always surprises me that I can't do this in core and need an additional module. I believe that there are multiple modules for Drupal 7 to do this. In Backdrop land we have several of them available. I think that the two most basic use cases would be:
- Members only content. In this case, special groups are not necessary. Members login to the site, non-members don't. I'd like to make some content available to members that is not available to the public.
- Admin User Guide - I like to enable the book module and create a site user guide that is only accessible to site admins (on sites where admins are the only ones that login). But, in order to make the content only accessible to admins, I have to add another module.
I'm not sure we need all of the functionality of content access in core. But, I'd like the ability to create content types that are accessible by role (using permissions).
Is there a reason why this is difficult in core?
Here is something @quicksketch said in the past when this came up:
You've probably noticed that there are per-type controls on creating/editing/deleting content, but no "view" permissions at all other than "access content". This is because there are so many ways of controlling access to content: by type, by taxonomy terms, by "groups" (as provided by OG) and many other ways. Core does provide a central mechanism for controlling access, through a combination of hook_node_access() and hook_node_grants(). The first is for viewing an individual node, the second when doing queries of multiple nodes that need to be shown in a list.
https://github.com/backdrop/backdrop-issues/issues/1348#issuecomment-156...
Proposed solution
Related issues:
https://github.com/backdrop/backdrop-issues/issues/1348 https://github.com/backdrop/backdrop-issues/issues/1407
Alternatives that have been considered
https://backdropcms.org/project/simple_access (48 installs) https://backdropcms.org/project/content_access (95 installs) https://backdropcms.org/project/content_view_access (40 installs) https://backdropcms.org/project/simple_access_grants (28 installs)
Installs as of May 24, 2022
Additional information
As of May 2024 the "Content Acess" module is number 69 (with 185 installations) on the usage list. "Content View Access" is number 219 (with 61 installations). The Simple Access module is number 244 (with 54 installations).
That's a total of 300 installations for basic content access modules. If all of this modules were combined and used on 300 sites, it would be about the 35th most popular module.
I plan to vote for this in the new feature survey, once it shows up on that site. https://forum.backdropcms.org/feature-requests
You can vote for this feature here: https://forum.backdropcms.org/features/create-view-all-content-type-perm...
Draft of feature description for Press Release (1 paragraph at most)
Backdrop CMS now includes the ability to restrict access to content of any given type by role. This makes it easy to create an members only or admin only content type that used to be only possible with contrib modules.
Recent comments
What about Ubercart, Rules and Membership Entity? (theoretically, haven't tried it myself)
Suggest for - Backdrop Commerce
Just edit .htaccess in /files folder remove "-ExecCGI -Includes" in string "Options -Indexes -ExecCGI -Includes"
CSS and JS aggregation not working
This comment has been removed by myself.
Suggest for - Backdrop Commerce