Token Content Access Nodes

Token Content Access Nodes (tca_node) is an included submodule within the Token Content Access module.  It can be used as a model to extend to other entities such as taxonomy terms, users, files and custom entities. It protects access to the node view page and also removes from Views, though that can be overridden on particular Views Displays. The token and protection status are available to include in a View, which supports both the use of contextual filters and being able to display the URL with token so an authorised user can copy it to share.

This module is designed with performance in mind, so it doesn't use traditional solutions like node grants. This also means that it's not guaranteed to block access in all situations, for instance, if you expose node content via means other than Views such as using the "Existing content" block in a layout or in an Entity Reference field.

Views

By default, Token Content Access Nodes removes nodes from the Views results if they are protected by TCA. There are a few scenarios (feel free to suggest more) where this may not be desirable:

  • You want to show a View of the nodes with limited details available.
  • You have a user who has the bypass permission but not the administer permission and you want to show them the token on the page, perhaps with the full URL to copy to an email.
  • You display some fields of a node within a block with a contextual filter to show on the node page and you want this to show if the token is validated.

Override

Within each View Display (i.e. Block/Page etc.) there is a 'Token Content Access Node Override' switch:

By setting this to 'Yes' all nodes will be included in the View results regardless of any TCA protection that the node has.
 

Using Override with Contextual Filter

In some scenarios, you want to include values but only if the person has bypass permission or has successfully authenticated the token for that node. Here is where using a contextual filter can help. With the View Display:
  1. Token Content Access > Token Content Access Node Override: Yes
  2. Contextual Filters > Add > Token Content Access Token - select
  3. Add and Configure Contextual Filters

  4. When the filter value is NOT available > Provide default value > Type > PHP Code (note, if this content type uses a different parameter key, replace 'tca' with the actual parameter key (enclosed in single quotes) in the first two lines. 

    if (isset($_GET['tca'])) {
  return $_GET['tca'];
}
elseif (isset($_SESSION['tca_token']) {
  return $_SESSION['tca_token'];
}
elseif (user_access('bypass tca_node')) {
    $node = menu_get_object();
    return $node->tca_token;
  }
else {
  return;
}
  5. Skip default argument for view URL = unchecked
  6. When the filter value IS available or a default is provided > Specify validation criteria = checked
  7. Validator > '- Basic validation - '
  8. Action to take if filter value does not validate > Hide view

If you want to preview in the view config, add the node id and the token (e.g. 2/2A2VLheZynTG5SJ0DYas8zzcGBXPciM_i0eh1iKOdvY) to 'Preview with contextual filters.

tca
Module