Made to Order Software Corporation Logo

Protected Node Permissions

The Protected Node module adds permissions to define who has the right to make use of the password feature.

  • access protected content

This is the basic access permission for users. Users who are given this permission can access a protected node as usual, except that they need to enter the password to handle the node.

This is true whether they want to view, edit, delete the node.

  • bypass password protection

Users with the bypass permission can access all nodes that are protected without having to enter the passwords. This is very handy for website administrators and moderators.

  • view protected content

At times, you want to use this module to protect the edit and delete functionality with a password, but not the view feature. This permission allows you to do so.

For example, you could let anonymous users create protected nodes with a password that only them know. That way, only the author and administrators can edit and delete the node. By giving anonymous users this permission, all the other users can see the content of the node, but cannot change it. (i.e. when they click the Edit button, they see the form asking them for the password.)

  • edit any password (was "edit protected content"1)

Whether a user has the right to change the password of a node.

You can give your moderator the right to by pass the password, but not the right to change the password. That way, they cannot mess around with the node author password, however, they can still fix the node or delete it.

  • edit <node type> password (was "edit protected <node type>")

You can allow password editing on a per node type basis.

The module also makes use of the usual node permissions to know whether a user can edit or delete a node. Therefore, the permission edit own story content is checked to know whether a user can edit the story content. If not, going to a node/#/edit for a password protected story node returns immediately with an access denied error2.

  • 1. The term edit protected content was very misleading, hence my change. The fact is that this permission has nothing to do with whether a user has permission with editing a given node type. So when this flag is off, your users may still have permission to edit the node, they just won't be able to change the password settings of that node.
  • 2. The old version of the module would not even ask for the password. Although if a user cannot edit, the result should be the same, but if the user needs to enter the password when viewing the node, one should be required to enter that same password when editing or deleting a node.