xv ocd2010-jsharp
TRANSCRIPT
Multi DepartmentalMulti‐Departmental Authoring in Drupalg p
Jason Sharp (@soawiz)President Crossvale IncPresident, Crossvale, [email protected]
www.crossvale.comhttp://facebook.com/crossvalehttp://facebook.com/crossvale
OutlineOutline
IntroductionIntroductionCase Study HighlightsI l t ti T t i lImplementation TutorialRecap
2
Introducing CrossvaleIntroducing Crossvale
Proud Platinum Sponsor of OpenCampProud Platinum Sponsor of OpenCampCrossvale’s technical sweet spots:
S ft i t ti Software integration Automated workflows Enterprise portals and Web applications Enterprise portals and Web applications
Headquartered in the DFW metroplexOWe want to work with YOU
If you need a teaming or prime partner If you want to sell through a GSA Schedule 70 As we need responsible and capable specialists
3
Case Study: Employee PortalCase Study: Employee Portal
“Crossvale delivered our employee enterprise portal in just two months, on time and on budget. We now have a modern, effective intranet portal to support our 5000 employees and 14 departments, providing a central location for all forms, policies, guides, news, and more!”
Dan W., Director Employee Communications
Portal went live with the corporate rebranding at the start of the yearThe #1 reason we won it: Time to market Completed in less time than a technical evaluation Cost savings vs. commercial software, and especially
the additional man-hours, were beyond compelling
4
Employee Portal HighlightsEmployee Portal Highlights
The home page for 5000 employeesThe home page for 5000 employeesSupported on IE6 (now IE8) and FireFoxP id ll l i ti li iProvides all employee communications, policies and guidelines14 departments with non-technical authors E.g. HR, IT, Finance, Legal, Security…
2000+ nodes of content1800+ binary documents and videos
5
Some Employee Portal Features…Some Employee Portal Features…
LDAP (Active Directory) authenticationLDAP (Active Directory) authenticationDynamically evaluated roles for content access
I t t d ith th HR W h Integrated with the HR WarehousePublic/private file systemSarbanes-Oxley (SOX) CompliantBanners, links and resources related to current content and roleLive stock market updates Integrating Yahoo! Finance
6
…Some Employee Portal Features…Some Employee Portal Features
Many many content typesMany, many content typesCompany-wide live webcastsVid lib hiVideo library archiveBulk pre-configured quotes of the dayIntegrated search support for users, nodes, and attachments/binariesPrinter-friendly and PDF generation from pagesDrupal version: current (6.19 as of printing)p ( p g)Module Count: 70+
7
Goal: Departmental AuthorsGoal: Departmental Authors
Departmental authors can only author content thatDepartmental authors can only author content that belongs to their departmentWithin their department departmental authors canWithin their department, departmental authors can access each other’s content, even if it is unpublishedunpublishedDevise a repeatable, scalable approach to managing this capabilitymanaging this capabilityDevise a manageable way for authors to review the content for which they are responsiblethe content for which they are responsible
8
Implementation RoadmapImplementation Roadmap
1 Departmental Content1. Departmental Content2. Departmental Authors3 M lti l A th3. Multiple Authors
9
1. Departmental Content1. Departmental Content
At its simplest Drupal can segment nodes byAt its simplest, Drupal can segment nodes by content type But it is too limiting to design departments with their But it is too limiting to design departments with their
own typesDepartments each have use for most of the sameDepartments each have use for most of the same content types: E.g. banners, news, pages, books, forms, policies,E.g. banners, news, pages, books, forms, policies,
guides, videos, links, etc.
10
Approach: Departmental ContentApproach: Departmental Content
Keep universal content types across departmentsKeep universal content types across departmentsDiscriminate by a custom field specifying the department to which the node belongsdepartment to which the node belongsWhen a node is created, the author specifies the department fielddepartment fieldPolicies, filtering, grouping, etc. can then be
li d i d t t l f hiapplied in a departmental fashion
11
Module: TaxonomyModule: Taxonomy
Part of the Drupal Core Taxonomy provides forPart of the Drupal Core, Taxonomy provides for the categorization (i.e. tagging) of content Enables cool capabilities with Views Token and other Enables cool capabilities with Views, Token and other
powerful modulesCreate a Department vocabulary specifying:Create a Department vocabulary, specifying: To which content types it applies (e.g. Pages) That it is requiredThat it is required
Add vocabulary terms: Finance, HR, IT, etc.
12
Module: Content Construction Kit (CCK)Module: Content Construction Kit (CCK)
CCK is used to extend content types with tailoredCCK is used to extend content types with tailored fieldsEssential for tailored rich content typesEssential for tailored, rich content types Control for clean forms and display settings
htt //d l / j t/ khttp://drupal.org/project/cckEnable these essential module components: Content, Number, Option Widgets, Text
Not related to taxonomy, unless you add…
13
Module: Content Taxonomy…Module: Content Taxonomy…
Content Taxonomy enables the addition of fieldsContent Taxonomy enables the addition of fields that map to taxonomy vocabulariesSuch fields can support automatic taggingSuch fields can support automatic tagging You can choose content and/or taxonomy
htt //d l / j t/ t t thttp://drupal.org/project/content_taxonomyEnable these module components: Content Taxonomy, Content Taxonomy Options
14
…Module: Content Taxonomy…Module: Content Taxonomy
Create a “Department” taxonomy field for yourCreate a Department taxonomy field for your content types, specifying: It is Required and has only 1 value It is Required and has only 1 value Save values additionally to the core taxonomy system It contains terms from the Department vocabularyIt contains terms from the Department vocabulary
Move the field to just after the Title field Easier for authors to initially and obviously designate Easier for authors to initially and obviously designate
content if these two fields are first
15
Result: Departmental Content…Result: Departmental Content…
Our new content & taxonomy field
16
…Result: Departmental Content…Result: Departmental Content
Configure CCK “Display Fields” to [un]display this
fi ld d i dnew field as desired
17
2. Departmental Authoring2. Departmental Authoring
After setting up departmental content enableAfter setting up departmental content, enable security policies for departmental authorsFor a simplified and repeatable approach:For a simplified and repeatable approach: Create a generic (think “base”) author role granting
only content creation permissionsonly content creation permissions Create specific department author roles granting
editing permissions based on taxonomyg p y Assign users to the base AND their specific role
But how to associate permissions based onBut how to associate permissions based on taxonomy?
18
Module: Taxonomy Access Control (TAC)Module: Taxonomy Access Control (TAC)
Taxonomy Access Control enables access policiesTaxonomy Access Control enables access policies to content based on taxonomy attributeshttp://drupal org/project/taxonomy accesshttp://drupal.org/project/taxonomy_accessEnable the one module component:
T A C t l Taxonomy Access ControlNext, configure security roles: /admin/user/taxonomy_access
19
Configure a Role with TAC…Configure a Role with TAC…
1. Select the new taxonomy term
3 Add this new3. Add this new setting to this role 2. Specify the
permissions
20
…Configure a Role with TAC…Configure a Role with TAC
4. Be sure to save your changes!
21
Result: TACResult: TAC
With TAC enabled, only the granted taxonomies are made available.
22
Testing Best Practice: MasqueradeTesting Best Practice: Masquerade
Create dummy accounts of various roles thenCreate dummy accounts of various roles, then test via masqueradeMasquerade enables an entitled user to assumeMasquerade enables an entitled user to assume the identity of anotherhttp://drupal org/project/masqueradehttp://drupal.org/project/masqueradeEnable the one module component: Masquerade
Next, add the Masquerade block
23
Using MasqueradeUsing Masquerade
Use the masqueradeUse the masquerade block to switch user IDs
Switch back when Switch back when Switch back when finished. Use the URL if your user can’t see the switch back options.
finished. Use the URL if your user can’t see the switch back options.
finished. Use the URL if your user can’t see the switch back options.
/masquerade/unswitch
24
Bonus: Pre-populating DepartmentBonus: Pre populating Department
Q How can we pre populate the Department fieldQ. How can we pre-populate the Department field from the role membership of the author?A Specify the default value with PHP:A. Specify the default value with PHP:// map from author role name // to dept term id
foreach ($user->roles as $key => $my_role) {switch ($my role) {p
$map_role_to_dept["HR Author"] = 4;$map_role_to_dept["IT Author"] = 7;...
($ y_ ) {case "HR Author":case "IT Author":$my_department =
// access current user infoglobal $user;
$map_role_to_dept[$my_role];break;
}
// determine visitor’s dept$my_department = 0;
}return array( 0 => array(
'value' => $my_department));
25
Bonus: Restricted Visitor AccessBonus: Restricted Visitor Access
Restrict visitor access by:Restrict visitor access by: Non-union employees vs. union, manager,
departmental employee, departmental manager, etc.departmental employee, departmental manager, etc.Use TAC for View access on visitor roles Just like Add/Delete access on author roles Just like Add/Delete access on author roles
But don’t forget to first: Add a Restricted vocabulary and add a matching Add a Restricted vocabulary and add a matching
content field Setup the author permissions with this vocabularySetup the author permissions with this vocabulary
26
Config: Restricted Default AccessConfig: Restricted Default Access
“default” applies the policy across all terms in
the vocabularyy
Default visibility for anonymous and
Default visibility for anonymous andanonymous and
authenticated users is now DENIED
anonymous and authenticated users is now
DENIED
27
Config: Restricted Manager AccessConfig: Restricted Manager Access
Ensure authors can “see” the restricted content…but only the Ensure managers can “see” the restricted content…but only the
content they should!content they should!
28
Config: Restricted Author AccessConfig: Restricted Author Access
The proper result for an IT author
Authors must also be able to see the restricted content… Authors must also be able to see the restricted content… and d d l & liand add, delete, create, & listupdate, delete, create, & list
29
3. Multiple Authors3. Multiple Authors
Drupal supports many authors through role basedDrupal supports many authors through role-based permissionsKey limitation: only the administrator can seeKey limitation: only the administrator can see unpublished content i e Authors can only see each other’s published i.e. Authors can only see each other s published
contentIt is essential for multiple authors to collaborate onIt is essential for multiple authors to collaborate on unpublished content too!
30
Module: Module GrantsModule: Module Grants
Applies security policies from access modulesApplies security policies from access modules onto unpublished nodes, so authors’ access policies can be used in a team effortpolicies can be used in a team efforthttp://drupal.org/module_grantsEnable these module components:Enable these module components: Module Grants, Node Tools
31
Authoring Best Practice: Content ListAuthoring Best Practice: Content List
With lots of content especially with accessWith lots of content, especially with access restrictions, it becomes difficult to ensure accurate configurationsconfigurationsThe content list is a custom view specifically for authors listing all pertinent contentauthors, listing all pertinent contentExposed filters for easy review Type department restriction published status search Type, department, restriction, published status, search
termsEnables review of content access andEnables review of content, access, and convenient edit links (including “?destination”)
32
Result: Content ListResult: Content List
33
Recap:Recap:
Departmental ContentDepartmental Content Content Construction Kit (CCK) Taxonomy Taxonomy Content Taxonomy
Departmental AuthorsDepartmental Authors Taxonomy Access Control (TAC)
M lti l A thMultiple Authors Module Grants
H bl M tiHonorable Mentions: Masquerade, Views
34
Thank YOU!Thank YOU!
Questions?Questions?
J Sh (@ i )Jason Sharp (@soawiz)President, Crossvale, Inc.
www.crossvale.comhttp://facebook com/crossvalehttp://facebook.com/crossvale
35