Multi DepartmentalMulti‐Departmental Authoring in Drupalg p

Jason Sharp (@soawiz)President Crossvale IncPresident, Crossvale, Inc.jsharp@crossvale.com

www.crossvale.comhttp://facebook.com/crossvalehttp://facebook.com/crossvale

OutlineOutline

IntroductionIntroductionCase Study HighlightsI l t ti T t i lImplementation TutorialRecap

2

Introducing CrossvaleIntroducing Crossvale

Proud Platinum Sponsor of OpenCampProud Platinum Sponsor of OpenCampCrossvale’s technical sweet spots:

S ft i t ti Software integration Automated workflows Enterprise portals and Web applications Enterprise portals and Web applications

Headquartered in the DFW metroplexOWe want to work with YOU

If you need a teaming or prime partner If you want to sell through a GSA Schedule 70 As we need responsible and capable specialists

3

Case Study: Employee PortalCase Study: Employee Portal

“Crossvale delivered our employee enterprise portal in just two months, on time and on budget. We now have a modern, effective intranet portal to support our 5000 employees and 14 departments, providing a central location for all forms, policies, guides, news, and more!”

Dan W., Director Employee Communications

Portal went live with the corporate rebranding at the start of the yearThe #1 reason we won it: Time to market Completed in less time than a technical evaluation Cost savings vs. commercial software, and especially

the additional man-hours, were beyond compelling

4

Employee Portal HighlightsEmployee Portal Highlights

The home page for 5000 employeesThe home page for 5000 employeesSupported on IE6 (now IE8) and FireFoxP id ll l i ti li iProvides all employee communications, policies and guidelines14 departments with non-technical authors E.g. HR, IT, Finance, Legal, Security…

2000+ nodes of content1800+ binary documents and videos

5

Some Employee Portal Features…Some Employee Portal Features…

LDAP (Active Directory) authenticationLDAP (Active Directory) authenticationDynamically evaluated roles for content access

I t t d ith th HR W h Integrated with the HR WarehousePublic/private file systemSarbanes-Oxley (SOX) CompliantBanners, links and resources related to current content and roleLive stock market updates Integrating Yahoo! Finance

6

…Some Employee Portal Features…Some Employee Portal Features

Many many content typesMany, many content typesCompany-wide live webcastsVid lib hiVideo library archiveBulk pre-configured quotes of the dayIntegrated search support for users, nodes, and attachments/binariesPrinter-friendly and PDF generation from pagesDrupal version: current (6.19 as of printing)p ( p g)Module Count: 70+

7

Goal: Departmental AuthorsGoal: Departmental Authors

Departmental authors can only author content thatDepartmental authors can only author content that belongs to their departmentWithin their department departmental authors canWithin their department, departmental authors can access each other’s content, even if it is unpublishedunpublishedDevise a repeatable, scalable approach to managing this capabilitymanaging this capabilityDevise a manageable way for authors to review the content for which they are responsiblethe content for which they are responsible

8

Implementation RoadmapImplementation Roadmap

1 Departmental Content1. Departmental Content2. Departmental Authors3 M lti l A th3. Multiple Authors

9

1. Departmental Content1. Departmental Content

At its simplest Drupal can segment nodes byAt its simplest, Drupal can segment nodes by content type But it is too limiting to design departments with their But it is too limiting to design departments with their

own typesDepartments each have use for most of the sameDepartments each have use for most of the same content types: E.g. banners, news, pages, books, forms, policies,E.g. banners, news, pages, books, forms, policies,

guides, videos, links, etc.

10

Approach: Departmental ContentApproach: Departmental Content

Keep universal content types across departmentsKeep universal content types across departmentsDiscriminate by a custom field specifying the department to which the node belongsdepartment to which the node belongsWhen a node is created, the author specifies the department fielddepartment fieldPolicies, filtering, grouping, etc. can then be

li d i d t t l f hiapplied in a departmental fashion

11

Module: TaxonomyModule: Taxonomy

Part of the Drupal Core Taxonomy provides forPart of the Drupal Core, Taxonomy provides for the categorization (i.e. tagging) of content Enables cool capabilities with Views Token and other Enables cool capabilities with Views, Token and other

powerful modulesCreate a Department vocabulary specifying:Create a Department vocabulary, specifying: To which content types it applies (e.g. Pages) That it is requiredThat it is required

Add vocabulary terms: Finance, HR, IT, etc.

12

Module: Content Construction Kit (CCK)Module: Content Construction Kit (CCK)

CCK is used to extend content types with tailoredCCK is used to extend content types with tailored fieldsEssential for tailored rich content typesEssential for tailored, rich content types Control for clean forms and display settings

htt //d l / j t/ khttp://drupal.org/project/cckEnable these essential module components: Content, Number, Option Widgets, Text

Not related to taxonomy, unless you add…

13

Module: Content Taxonomy…Module: Content Taxonomy…

Content Taxonomy enables the addition of fieldsContent Taxonomy enables the addition of fields that map to taxonomy vocabulariesSuch fields can support automatic taggingSuch fields can support automatic tagging You can choose content and/or taxonomy

htt //d l / j t/ t t thttp://drupal.org/project/content_taxonomyEnable these module components: Content Taxonomy, Content Taxonomy Options

14

…Module: Content Taxonomy…Module: Content Taxonomy

Create a “Department” taxonomy field for yourCreate a Department taxonomy field for your content types, specifying: It is Required and has only 1 value It is Required and has only 1 value Save values additionally to the core taxonomy system It contains terms from the Department vocabularyIt contains terms from the Department vocabulary

Move the field to just after the Title field Easier for authors to initially and obviously designate Easier for authors to initially and obviously designate

content if these two fields are first

15

Result: Departmental Content…Result: Departmental Content…

Our new content & taxonomy field

16

…Result: Departmental Content…Result: Departmental Content

Configure CCK “Display Fields” to [un]display this 

fi ld d i dnew field as desired

17

2. Departmental Authoring2. Departmental Authoring

After setting up departmental content enableAfter setting up departmental content, enable security policies for departmental authorsFor a simplified and repeatable approach:For a simplified and repeatable approach: Create a generic (think “base”) author role granting

only content creation permissionsonly content creation permissions Create specific department author roles granting

editing permissions based on taxonomyg p y Assign users to the base AND their specific role

But how to associate permissions based onBut how to associate permissions based on taxonomy?

18

Module: Taxonomy Access Control (TAC)Module: Taxonomy Access Control (TAC)

Taxonomy Access Control enables access policiesTaxonomy Access Control enables access policies to content based on taxonomy attributeshttp://drupal org/project/taxonomy accesshttp://drupal.org/project/taxonomy_accessEnable the one module component:

T A C t l Taxonomy Access ControlNext, configure security roles: /admin/user/taxonomy_access

19

Configure a Role with TAC…Configure a Role with TAC…

1. Select the new taxonomy term

3 Add this new3. Add this new setting to this role 2. Specify the 

permissions

20

…Configure a Role with TAC…Configure a Role with TAC

4. Be sure to save your changes!

21

Result: TACResult: TAC

With TAC enabled, only the granted taxonomies are made available.

22

Testing Best Practice: MasqueradeTesting Best Practice: Masquerade

Create dummy accounts of various roles thenCreate dummy accounts of various roles, then test via masqueradeMasquerade enables an entitled user to assumeMasquerade enables an entitled user to assume the identity of anotherhttp://drupal org/project/masqueradehttp://drupal.org/project/masqueradeEnable the one module component: Masquerade

Next, add the Masquerade block

23

Using MasqueradeUsing Masquerade

Use the masqueradeUse the masquerade block to switch user IDs

Switch back when Switch back when Switch back when finished. Use the URL if your user can’t see the switch back options.

finished. Use the URL if your user can’t see the switch back options.

finished. Use the URL if your user can’t see the switch back options.

/masquerade/unswitch

24

Bonus: Pre-populating DepartmentBonus: Pre populating Department

Q How can we pre populate the Department fieldQ. How can we pre-populate the Department field from the role membership of the author?A Specify the default value with PHP:A. Specify the default value with PHP:// map from author role name // to dept term id

foreach ($user->roles as $key => $my_role) {switch ($my role) {p

$map_role_to_dept["HR Author"] = 4;$map_role_to_dept["IT Author"] = 7;...

($ y_ ) {case "HR Author":case "IT Author":$my_department =

// access current user infoglobal $user;

$map_role_to_dept[$my_role];break;

}

// determine visitor’s dept$my_department = 0;

}return array( 0 => array(

'value' => $my_department));

25

Bonus: Restricted Visitor AccessBonus: Restricted Visitor Access

Restrict visitor access by:Restrict visitor access by: Non-union employees vs. union, manager,

departmental employee, departmental manager, etc.departmental employee, departmental manager, etc.Use TAC for View access on visitor roles Just like Add/Delete access on author roles Just like Add/Delete access on author roles

But don’t forget to first: Add a Restricted vocabulary and add a matching Add a Restricted vocabulary and add a matching

content field Setup the author permissions with this vocabularySetup the author permissions with this vocabulary

26

Config: Restricted Default AccessConfig: Restricted Default Access

“default” applies the policy across all terms in 

the vocabularyy

Default visibility for anonymous and

Default visibility for anonymous andanonymous and 

authenticated users is now DENIED

anonymous and authenticated users is now 

DENIED

27

Config: Restricted Manager AccessConfig: Restricted Manager Access

Ensure authors can “see” the restricted content…but only the Ensure managers can “see” the restricted content…but only the 

content they should!content they should!

28

Config: Restricted Author AccessConfig: Restricted Author Access

The proper result for an IT author

Authors must also be able to see the restricted content… Authors must also be able to see the restricted content… and d d l & liand add, delete, create, & listupdate, delete, create, & list

29

3. Multiple Authors3. Multiple Authors

Drupal supports many authors through role basedDrupal supports many authors through role-based permissionsKey limitation: only the administrator can seeKey limitation: only the administrator can see unpublished content i e Authors can only see each other’s published i.e. Authors can only see each other s published

contentIt is essential for multiple authors to collaborate onIt is essential for multiple authors to collaborate on unpublished content too!

30

Module: Module GrantsModule: Module Grants

Applies security policies from access modulesApplies security policies from access modules onto unpublished nodes, so authors’ access policies can be used in a team effortpolicies can be used in a team efforthttp://drupal.org/module_grantsEnable these module components:Enable these module components: Module Grants, Node Tools

31

Authoring Best Practice: Content ListAuthoring Best Practice: Content List

With lots of content especially with accessWith lots of content, especially with access restrictions, it becomes difficult to ensure accurate configurationsconfigurationsThe content list is a custom view specifically for authors listing all pertinent contentauthors, listing all pertinent contentExposed filters for easy review Type department restriction published status search Type, department, restriction, published status, search

termsEnables review of content access andEnables review of content, access, and convenient edit links (including “?destination”)

32

Result: Content ListResult: Content List

33

Recap:Recap:

Departmental ContentDepartmental Content Content Construction Kit (CCK) Taxonomy Taxonomy Content Taxonomy

Departmental AuthorsDepartmental Authors Taxonomy Access Control (TAC)

M lti l A thMultiple Authors Module Grants

H bl M tiHonorable Mentions: Masquerade, Views

34

Thank YOU!Thank YOU!

Questions?Questions?

J Sh (@ i )Jason Sharp (@soawiz)President, Crossvale, Inc.

jsharp@crossvale.com

www.crossvale.comhttp://facebook com/crossvalehttp://facebook.com/crossvale

35