Drupal 7 Field Permissions Module

By shane
Fri, 2012-11-30 21:52
Daily Dose of Drupal Episode #58

Share with Others

The Drupal 7 Field Permissions module can be used to customize the view and edit permissions on individual Drupal 7 fields. It is a very flexible permissions management system that gives the Drupal site builder fine grained permissions control allowing you to give certain users access view/edit fields while not allowing other users. It is based on the Drupal 7 roles system for allowing the setting of the field permissions to specific user groups (roles).

In this episode you will learn:

  • How the Drupal 7 Field Permissions module can be used to set custom permissions on a Drupal 7 field attached to a content type
  • How the Drupal 7 Field Permissions module can be used to grant field view access
  • How the Drupal 7 Field Permissions module can be used to grant field edit access

Welcome to another Daily Dose of Drupal, this is Episode Number 58. As always; I’m Shane, you can follow me on Twitter @smthomas3, you can also find me on Google + and you can also check out the newsletter on codekarate.com.

Today we’re going to be talking about the Field Permissions Module. This is very useful in a lot of situations especially if you’re building a larger Drupal 7 site or even Drupal 6 of course that is permissions based and you need to control permissions for a specific fields.

An example would be if you have a content type or user object that has a field on it and maybe you only want administrators to see and be able to edit that field. Maybe there’s specific roles on your Drupal site and certain roles can edit certain fields while others cannot.

So this module is going to allow you to be able to do that, as you can see it gives you the ability to create your own value, edit own value, edit anyone’s value, view your own value and view anyone’s value for each field.

So we’re going to go ahead and get started by downloading it and we will go ahead and enable it using Drush … I kind of spell it right the second time, now it worked, we’re going to hop over to our test site, I’ll hop into the modules page just to show you that it is in fact installed, there it is, you can set the permissions which will pop that open and we’ll look at that here, you can see just administer field permissions and you can access other users private fields, you can also configure this module and this just allow you to view all the fields that are on the site where it’s use and some of the different permissions for that field.

So let’s go ahead and as example build a simple content type and we’re just going to keep it simple, go ahead and save it. I’m going to add to this content type, the first one is going to be a public field and we’ll just make it a text field, save that, go ahead and hit save and go on, here you can see field visibility and permissions.
We’ll leave this one public, we will also add a field for private field and make that a text field again, this time though we will of course select but we want this to be a private field. It says only author and administrators can view and edit. So as you can see we have our public field and we may have a private field.

Now if we come back into the field permissions configuration page you’ll notice that those extra fields of course show up, one show up as a private field and one shows up as the public field. So let’s go ahead and go to the regular permissions page; go here and I will just refresh this page and we’re going to go to the various roles on this site. In this case there’s just authenticated user administrator and then anonymous user.

When we come back here there will be a permission for this new content type for us to be able to allow authenticated users to create new test content. We’ll allow then to create it, edit their own and delete their own. So we’re just allowing authenticated users to be able to go ahead and create that content type that we set up.

The next step is to go ahead and find a user, I’ll have to add a new one here, let’s call this user test and we’re just going to leave them authenticated user for now, we’ll create a new account and before we go ahead and create that test content we’re going to go back into our content type page and go to manage fields on our test content type and under the private field I’m going to go back into edit and click on field settings.

Okay I just want to go back in actually to the edit section and instead of private we’re going to go ahead and do custom permissions. So private would only be for the author who created the content type and administrators can edit in View but you can also go ahead and set up custom permissions.

In this case we’ll only allow the administrator to create values or edit values but we will allow authenticated users to view anyone’s value for private field and I’ll show you what this will allow you to do. So this is just of course one example, this is flexible enough to build it out however you want and be extremely flexible with building out custom permissions for your content types or anything that can be … anything that you add fields to can be very or mean very flexible with choosing field permissions module.

So I’ll do a test 1 and add some information into the public field and private field, I will save it of course as the administrator I can see the data and public field, I can see the data in private field and I can of course change those values. If I go ahead and log out, come back to the homepage here and come into this test 1 content type that I just created, you can see that this public field shows up but the private field is not there, if I log in as my test user I will be able to see both of those, this is the public field, this is the private field, I can even go ahead and add a test content type and you can see I can add public field information but I as the authenticated user cannot add any private field data.

So in order to do that I’d have to go ahead and log out and log in as the admin user again, come back to this test 2 article you’ll see I can see the public field. I as the admin can of course go in and add private field data.

So that’s just a very quick easy example of how that can work, can be expanded to or made flexible for many different types of fields and is very very beneficial on a lot of large Drupal sites that I’ve worked on. So go ahead and give it a try, let me know if you have any questions about it and as always; thanks for watching.