Advanced permissions system with Groups

Jan Zavrl

Drupal Dev Days Ghent, April 2022

Jan Zavrl

Full stack developer

Senior Drupal developer at NDP

Acquia certified Drupal 8 Grand Master

@jnzavrl | jzavrl | janzavrl.me

@ndp_studio | ndp-studio.com

Advanced permissions system with Groups, London, March 2020

Some background first

  • Permission system based on various factors outside of the core permissions
  • Several types of entities, several roles and permissions in different context

Advanced permissions system with Groups, London, March 2020

Advanced permissions system with Groups, London, March 2020

User

User

User

Entity

Entity

Entity

Entity

Entity

Entity

Group

Group

Group

Supervisor

Supervisor

Editor

Editor

But, Groups has that built in?

Advanced permissions system with Groups, London, March 2020

One step at a

time

  • Being able to set entity type level permissions in Groups
  • Entity level access
  • List level access
  • Special cases
  • Managing all components

Advanced permissions system with Groups, London, March 2020

Allowing new entities in Groups

  • Using GroupContentEnabler plugin
  • Providing a system to easily add new entities

Advanced permissions system with Groups, London, March 2020

Entity level

access

  • View, update and delete actions on entities
  • Overriding the existing Access Control Handlers

Advanced permissions system with Groups, London, March 2020

List level

access

  • Entity level access would prevent from viewing
  • Queries need to be altered to remove the unaccessible entities all together

Advanced permissions system with Groups, London, March 2020

There will always be special cases

  • Allow or special cases in permission logic
  • Allow other modules to implement their special cases
  • Custom plugin manager and type

Advanced permissions system with Groups, London, March 2020

One manager to rule them all

  • Service manager to manage all components and logic

Advanced permissions system with Groups, London, March 2020

Putting everything together

Advanced permissions system with Groups, London, March 2020

@jnzavrl | jzavrl | janzavrl.me

@ndp_studio | ndp-studio.com

Questions, comments?

Feel free to give me a nudge outside.

Thank you

Advanced permissions system with Groups, London, March 2020

Copy of Advanced permissions system with Groups

By Jan Zavrl

Copy of Advanced permissions system with Groups

While working on rebuilding a Royal College platform in the United Kingdom, we were tasked with a challenge on how to manage permissions where Groups played a major role in granting the correct access.

  • 374