Introduction
This section contains notes about how to
integrate with Rules.
Note: This only work on individual nodes. The
rules for access control that you set up will not be
executed unless you have enabled per content node access
control settings.
Rules integrations example
In this example, there will be two user roles: “writer†and
“editorâ€. There will also be two users: A writer named “Bob†and an
editor named “Benâ€. There will also be a third user named “Aliceâ€
that will not belong to any of there roles. We shall set up a workflow
where “Bob†creates content, and when that content is saved, only
users with the “editor†user role (e.g. “Benâ€) will be allowed to see
it.
Set up:
- Ensure Content Access is enabled (if you can read this in the browser, it is).
- Enable both the Rules and Rules UI modules.
- Enable the Content Access Rules Integrations module.
- Create the roles: “writer†and “editor†and the users “Bobâ€, “Ben†and “Aliceâ€. Assign roles.
- Set up default role based access control settings. Give the “anonymous user†role and the “authenticated user†role access to “View any article content†and “View own article contentâ€.
- Check “Enable per content node access control settingsâ€. You find this checkbox under the “Access Control†tab located on the settings page for the content type.
Create the rules:
- Navigate to Configuration » Workflow » Rules.
- Click “Add new ruleâ€.
- Name the rule “editor oversightâ€.
- Leave the field “Tags†empty.
- In the pulldown menu for “React on eventâ€, select “After saving new contentsâ€.
- Leave “Restrict by type†set to “- None -â€.
- Click “Saveâ€.
Adding a new rule
This sets up a new rule named “editor oversight†that triggers when
a new node is saved.
- Under “Conditionsâ€, click “Add conditionâ€,
- From the pulldown menu “Select condition to addâ€, select “User has role(s)â€.
- After making the selection, you automatically continue to a new page to set up a data selector.
- For the “Data selector†field, choose “node:authorâ€.
- Under “Rolesâ€, for “Valueâ€, select “writerâ€.
- Click “Saveâ€.
This sets up a contition for following the rule. The rule is only
followed when the user with the role “writer†triggers an event that
matches “After saving new contentsâ€.
The final step adds an action that happens when the rule is
triggered and the conditions are met.
- Under “Actionsâ€, click “Add actionâ€,
- From the pulldown menu “Select action to addâ€, select “Grant Access by roleâ€.
- After making the selection, you automatically continue to a new page to set up role based access settings.
- Look under “Role-based access control settingsâ€. Give the “editor†the right to “View any content†“View own contentâ€. Checking a box grants the access.
- Under “Actionsâ€, again click “Add actionâ€,
- From the pulldown menu “Select action to addâ€, select “Revoke Access by roleâ€.
- After making the selection, you automatically continue to a new page to set up role based access settings.
- Look under “Role-based access control settingsâ€. Revoke “View any content†“View own content†for the “anonymous user†role and the the “authenticated user†role. Checking a box revokes the access.
- Click “Saveâ€.
Verify that it works:
- Create an artcle as “Alice†(no special role). Verify that is viewable by everyone.
- Create an artcle as “Bob†(the writer). Verify that is viewable by “Ben†(the editor), but not by “Aliceâ€.