Introduction

This section contains notes about how to integrate with Rules.

Note: This only work on individual nodes. The rules for access control that you set up will not be executed unless you have enabled per content node access control settings.

Rules integrations example

In this example, there will be two user roles: “writer” and “editor”. There will also be two users: A writer named “Bob” and an editor named “Ben”. There will also be a third user named “Alice” that will not belong to any of there roles. We shall set up a workflow where “Bob” creates content, and when that content is saved, only users with the “editor” user role (e.g. “Ben”) will be allowed to see it.

Set up:

• Ensure Content Access is enabled (if you can read this in the browser, it is).
• Enable both the Rules and Rules UI modules.
• Enable the Content Access Rules Integrations module.
• Create the roles: “writer” and “editor” and the users “Bob”, “Ben” and “Alice”. Assign roles.
• Set up default role based access control settings. Give the “anonymous user” role and the “authenticated user” role access to “View any article content” and “View own article content”.
• Check “Enable per content node access control settings”. You find this checkbox under the “Access Control” tab located on the settings page for the content type.

Create the rules:

• Navigate to Configuration » Workflow » Rules.
• Click “Add new rule”.
• Name the rule “editor oversight”.
• Leave the field “Tags” empty.
• In the pulldown menu for “React on event”, select “After saving new contents”.
• Leave “Restrict by type” set to “- None -”.
• Click “Save”.

Adding a new rule

This sets up a new rule named “editor oversight” that triggers when a new node is saved.

• Under “Conditions”, click “Add condition”,
• From the pulldown menu “Select condition to add”, select “User has role(s)”.
• After making the selection, you automatically continue to a new page to set up a data selector.
• For the “Data selector” field, choose “node:author”.
• Under “Roles”, for “Value”, select “writer”.
• Click “Save”.

This sets up a contition for following the rule. The rule is only followed when the user with the role “writer” triggers an event that matches “After saving new contents”.

The final step adds an action that happens when the rule is triggered and the conditions are met.

• Under “Actions”, click “Add action”,
• From the pulldown menu “Select action to add”, select “Grant Access by role”.
• After making the selection, you automatically continue to a new page to set up role based access settings.
• Look under “Role-based access control settings”. Give the “editor” the right to “View any content” “View own content”. Checking a box grants the access.
• Under “Actions”, again click “Add action”,
• From the pulldown menu “Select action to add”, select “Revoke Access by role”.
• After making the selection, you automatically continue to a new page to set up role based access settings.
• Look under “Role-based access control settings”. Revoke “View any content” “View own content” for the “anonymous user” role and the the “authenticated user” role. Checking a box revokes the access.
• Click “Save”.

Verify that it works:

• Create an artcle as “Alice” (no special role). Verify that is viewable by everyone.
• Create an artcle as “Bob” (the writer). Verify that is viewable by “Ben” (the editor), but not by “Alice”.