Protected Node Rules Support

The following features are available only when installing the Rules extension of protected nodes. This extension requires the thrid party Rules extension for Drupal.

Protected Node Rules Conditions

When handling a Node, it is possible to check whether the node is currently protected or locked.

Protected Nodes

A node is said protected when the node was protected by a password using the Protected node module.

Whether the user can view that node is irrevelant in this case. Only the fact that the node requires a password to be viewed is what this condition checks.

Locked Nodes

A node is said to be locked if the current user needs to enter a password before being able to visualize the node.

Note: at this point you cannot test whether the node is locked for someone else than the current user (global $user).

Protected Node Rules Actions

Protect Node

Mark a node as protected. The password is not changed in any way. For this to work as expected, you certainly want to make use of a form of global password (global to your entire site or to a node type.)

If no global password is defined, then the node becomes locked away from everyone except the few who have access to all protected nodes (See permissions for more information.)

Password protect node

Mark a node as protected and assign the specified password.

This action will protect as many nodes as you want, but all will be assigned the exact same password as defined in the action.

Unprotect the node

Mark the node as unprotected. Anyone can see the node afterward.

Lock the node away from current user

This action clears the session of the current user which in effect marks the node as locked again. This means the user will be required to re-enter the password to access the node again.

Note that this feature only works with the current user session. At this point you cannot delete the session of user A when user B is visiting your site.

Unlock the node for current user

This action adds a session for the current user offering the user access to the corresponding node without having to enter a password.

This can be useful to temporarily unlock a node only after a user visited a specific page on your website. If they don't first visit that page, going to the node would require a password which, if they don't have it, would ask them to enter the password or give them an access denied error.

Example of usage as a Logout feature

I was asked about a way to let users log out of a node where they went and had to enter a password. The problem is that if you're on a public computer, now the session cookie is saved on that computer and unless the user knows how to delete cookies, anyone who has access to that computer can find that protected node.

To palliate to that problem, we can add a Logout link on protected pages that send the user to a Thank You page, when a user arrives on that Thank You page1, the Rules module can detect it.

There an example link that will work for you. Notice the nocache=1 parameter, this is to prevent the system or boost caching features so the log out page always reacts (otherwise the .html version would be returned and the rules never executed!)

<p><a href="/logout-locked-page?nocache=1"
      title="Log out of this page.">Log Out</a> from this page.</p>

You may also want to add the path of the file in the boost field used to this effect:

Click to get a larger version of this boost setting image.

The following assumes that you installed the Protected Node rules extension module. Without it, you won't be able to change locks. Create a new Triggered rule.

Click to enlarge the Triggered rules list of rules.

The rule makes use of the trigger (event) named Content is going to be viewed. Don't forget to enter a label. This should be something like "logout page name".

Content is about to be viewed

You are likely to want a condition since without it any page (node) being viewed will react to the event and lock the user out (which means the user can never see the page.) A simple condition is to compare the node identifier (nid). This can be done with the compare numbers condition.

Add a numeric comparison condition

The condition makes use of a token (you have to have the Token module installed with this method!) with Can't find nid to include! as one of the numbers. That way you can make sure that the user is about to view your Log Out page. Note that you could also make use of a specific node type, you could send the user to the front page and detect that event, detect that the node has a specific term... the list is not limited to using the number comparison and other methods do not all require the use of the token module.

Compare the node NID against a specific number.

A simple way to see the number of a node, in case you have clean URLs with the automatic URL path aliases is to edit the page. Then the URI includes the number: node/###/edit. Make sure to enter that number in Number 2 of that condition form.

At this point we know that we are on the log out page. We want to load the node that is currently unlocked so we can lock it. This is done with a Load content by id action or similar. Change the Content ID with the node identifier of the node that needs to be locked.

Load content by id

Now, in the set of actions include the Lock the node away from the current user action and give it a weight of 1 so the load always happens first. Note that the lock needs to happen on the unprotected node, so your rule has to load that node first (since the Thank You page would be another node,) then apply the action on that node and that is done by selecting the node in the drop down.

Lock a node for a given user.

Note that your actions can include as many Load node and Lock the node away from current user... as you need. So the same Thank You page can be reused to lock many different nodes.

  • 1. Create a new rule with Content is going to be viewed as the trigger.