Each day, between migrations and new projects, more and more features are becoming available for Drupal 8, the Drupal community’s latest major release. In this series, the Acquia Developer Center is profiling some prominent, useful, and interesting projects available for Drupal 8--modules, themes, distros, and more! This week: Permissions by Term.
I spoke with the module’s creator, Peter Majmesku (jepSter) about this lightweight content access solution. Peter has contributed code in the past, but this is his first fully-fledged module of his own; congratulations, Peter! We live not too far away from each other in Germany, so you can picture us sitting down to talk about this over something cold and frothy if it helps :-)
What does the Permissions by Term Module do?
“Permissions by Term (PbT) lets you easily build access-restricted content areas on your websites. With it, you let certain users or groups of users see (or not see) specific pieces of content,” explains Peter. It restricts user access to specified Drupal nodes based on taxonomy terms. These permissions can be associated with individual user accounts and/or user roles. While Drupal has generally good, granular access permissions for the creation and editing of content, its fundamental assumption is also, more or less, that site visitors should all be able to see all published content on a site. A number of use cases come to mind where you’d want to be able to restrict access to some content at a more granular level than authenticated/anonymous (aka “logged-in/not-logged-in”):
- A club or service site with premium- or member-only content.
- School websites with content intended for teachers only and content aimed at individual classes within the school.
- Company intranets with sensitive or proprietary content alongside non-restricted content.
Why is this important?
Permissions by Term is a lightweight alternative to Organic Groups or Group in that it only provides access control over content, but not things like subscribing to groups, and everything else that the two “group” alternatives offer. Furthermore, Permissions by Term restricts user access to specified Drupal nodes based on taxonomy terms--a core part of Drupal’s functionality. PbT lets you restrict content access while relying on very little contributed code. Group and Organic Groups come with their own entity types and additional overhead. PbT simply extends your existing content types by a single field, “It provides functionality to restrict access by taxonomy terms. This works out-of-the-box for Drupal site-builders and non-coders. Developers can build custom functionality on top of the Permissions by Term module.”
Peter explains his dilemma at the time he chose to create Permissions by Term, “I looked around for a content access solution that met my needs or one that I could adapt. That didn’t work out for me--hence, my module. Now that my module is running on more than 100 sites, what I really want is for this to be a solid, supported, community-proven code-base. I’d be very happy to accept more patches, create new sub-modules, or whathaveyou. With this project, we can share and build on our experiences together. The point is, we don’t need to reinvent stuff. We can work together as a community and build our websites more efficiently.”
“Please don't hesitate to install the module, check it out! If you have feedback, want to share something, file an issue, work on something together, create an issue in the project's issue queue or contact me and I’ll be very happy to answer you!”
Much like adding images and galleries, access-control is an area in Drupal that has seen a number of approaches and solutions over the years. For a blast from the past, here’s an older Drupal.org post trying to get an overview of this tricky landscape: Controlling Access to Content Overview. You’ll see it’s full of abandoned projects, varied use cases, and some extremely niche solutions.
When was Permissions by Term created?
“An NGO client involved in educational fundraising essentially wanted to separate content between its various institutional partners in a way that I felt was perfectly suited to tying together two tried and tested Drupal core concepts: taxonomies and permissions. I started working on Permissions by Term on August 21, 2014. It took about a half a year to go through the community review process. When I got full project-release permission on Drupal.org, I was so happy! I had created a Drupal module that passes all the Drupal coding standards ... and it does it's job, too!”
Writing Drupal 8 code--so good!
After writing a lot of code “the good old Drupal way,” as he puts it, Peter loves Drupal 8’s new coding paradigms. “Drupal 8 has a much more mature code architecture than Drupal 7 and the D8 code is much better documented. I can better inspect the code within my PHPStorm IDE, learn how the code works by the class-method comments. Autocompletion is better supported, there are better re-usable objects. With Composer and the Symfony components, the door is open for interoperability with other PHP projects.”
“The upgrade to Drupal 8 took me 20-40 development hours. It wasn’t that hard. The Drupal Module Upgrader Drupal module helped (see this Acquia Podcast with Adam Hoenich about building the Upgrader). Also, as usual in the Drupal world, there are very good tutorials out there now. After I published the D8 version, I got helpful feedback from the community that helped me fix bugs and improve the functionality further.”
“Creating and maintaining this module has changed me; it opened the door to the Drupal community for me. Since then, I’ve really gotten into helping other people review their code. I participated in the code sprints at the 2016 Developer Days in Milan (such a great event--I learned a lot and caught up with old Drupal friends). Since I released this module, people have helped me so much, generously giving me patches; sharing their ideas and use cases with me. Special thanks to Travis Johnston for sharing his code and squashing my bugs. Thanks also to Chris Riffey, who created a series of screenshots for the project as part of a blog post about the module.”