HomeBlogsKevin Millecam's blog

Limiting "Administer Nodes" Permission to Admins Inside Their Respective Groups

December 20, 2007 - 9:55pm — Kevin Millecam

We've all wrestled with the dilemma that comes with the "Administer Nodes" permission. It's a very powerful permission that really only belongs in the capable hands of the most your most experienced site administrators.

The rub, however, is that there are some very fundamental tasks (like publishing a node) that cannot be performed without this permission. If you have a large site and are trying to spread responsibilities, it's difficult not to grant this right.

We recently figured out a way to grant group managers *temporary* and limited Administer Nodes rights. Check it out.

Required Ingredients

  • Organic Groups Module: 'nuf said.
  • OG User Roles Module: Cool module that allows you to grant group administrators temporary rights (as long as they're working on group content).
  • Views Module: An amazing tool we use to bring content to the guys with the rights (group admins).

Empowering Group Admins

Here are the steps you'll need to take to set up and enable the OG User Roles module.

  1. Set up a group administration role. In this example we'll call this new role "group_admin".

    Click to view.

  2. Assign enough permissions to the group_admin role so the Group Administrators can do their job. The "administer nodes" permission will be needed if you want them to be able to publish nodes. Also, "configure member roles" will be necessary if you want your Group Administrator to be able to give rights to other group members (apprentice administrators).

    Here are the permissions we gave our fictional administrator (your choices may vary).

    Click to view.

  3. Now that you have a role to work with, you'll want to put it to use using the OG User Roles module. This module can perform all kinds of acrobatics with Organic Groups. For now, we just want to configure the very first section which asks us to choose the role we want to use in our groups. We're not dummies, so we'll choose the group_admin role.

    Click to view.

  4. Next, you (the webmaster) should go to the group's subscriber list. You'll see a new "Configure member roles" tab at the top of the list. Grant the group manager (and any others you wish to empower) the group_admin role. We granted the Grand Poobah the group_admin role. The power of this role will only be available to a user while they're acting on group content. Administrators will not have the power this role gives if they're outside the group (not working on content tagged for the group's audience).

    Click to view.

Putting Content Within Reach

Okay, you've given your Group Admins the rights necessary to add, delete, edit, and publish content in their groups. There's just one problem ... they can't access the /admin/content pages to monitor the list of unpublished content. Unless they have a freaky sixth sense, they'll have a tough time knowing when new content has been submitted and is ready for review and approval.

Here's where the Views module comes in. We can use this powerful tool to bring content to within reach of the empowered ones.

  1. First, you'll want to create a new view. Use the illustration below as a guide. We want to create a block that shows a group administrator the unpublished nodes in his/her group. This block will allow the administrator to see and act on content they're responsible for.

    One of the cool things about this view is it's context sensitive. So this single block can be used in every group. It'll only snow unpublished nodes that belong to the group currently being viewed.

    Click to view.

  2. If you want the block to display prominently (and you probably will) you should put it at the top of one of the left or right columns. As will all well-behaved blocks, it will only show up if there is something to show. No unpublished content in the group queue; no unsightly block.

    Click to view.

  3. Even though you specified that this block should only be visible to group_admins when you set up the View, you'll want to configure the block (by clicking the configure link next to the block on the /admin/blocks page) to only be visible to the group_admins role -- just in case.

    Click to view.

  4. Okay, let's test it. Log in as Fred, navigate to the "Loyal Order of Water Buffalo" group page. Since Fred doesn't have group_admin rights, there is no "Unpublished content" block anywhere in sight.

    Click to view.

  5. Now log in as the Grand Poobah. Ah, now look at the opportunities unfold. Wow, there's the "Unpublished content" block listing the group's unpublished content. Just waiting for the magic touch of the Poobah.

    Click to view.

  6. Just to check, we clicked on one of the articles to make sure the "Publishing opitons" where indeed available. It's a beautiful thing.

    Click to view.

If you have other (or better) ways to pull this off, please share them with us.

AttachmentSize
og_unpublished_view.txt2.04 KB

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Glossary terms will be automatically marked with links to their descriptions

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.