temporary access module

Hi drupalites:

I've been working on a little module i'm calling 'peek' and
just
wanted to check in on duplication of efforts, existing
wisdom, etc.

The client wants to be able to create a page, and then fire
off a
bunch of emails to people who may or may not have accounts,
allowing
them to access the page temporarily.

So an administrator needs to be able to generate a
semi-secret url
(like the ones generated by the user module) that would give
someone
temporary access to a single node page.

After struggling with the node_access stuff for a while, i
realised
that i probably want to sidestep the usual permissions by
providing
access to the node page via a callback anyway.

So the url i'm generating looks like
'/peek/<uid>/<timestamp>/<hd5 hash>'
and my peek table keeps track of things like the
corresponding nid,
when it was generated, how long it's valid for, when it was
first
accessed, and how long it remains valid after first access.
I've also
got a helper function to generate new users for email
address that
don't already have a user. When the link is generated, the
user gets
authenticated to this uid. That way all subsequent activity
is
connected to their userid for tracking purposes.

Thoughts anyone?

-- 
Alan Dixon, Web Developer
http://alan.g.di
xon.googlepages.com/

Yep that would work, but you have to be concerned about what
links they
click on after they visit that node.   There's some similar
code in the
cas_init hook for my cas module (to back door log into the
user), so I
know that can be done easily.  Would be trivial if you store
$user->name
of the peek user in your tables, just a call to user_load().


One strategy: 
peek/<uid>/<md5 hash>

then determine the rest from background tables.  The
timestamp doesn't
really y provide anything, unless you're using it to
generate the hash.
The rest could be determined by background tables. 

Remember that if you don't use the hash in the node access
tables, then
users will be able to click on other links on the page and
get
permissions until they log out. IF you're really trying to
limit them to
a single node, you should try and tackle node access. 

Dave


-----Original Message-----
From: development-bouncesdrupal.org
[mailto:development-bouncesdrupal.org] On Behalf Of
Alan Dixon
Sent: Friday, February 16, 2007 12:48 PM
To: developmentdrupal.org
Subject: [development] temporary access module

Hi drupalites:

I've been working on a little module i'm calling 'peek' and
just
wanted to check in on duplication of efforts, existing
wisdom, etc.

The client wants to be able to create a page, and then fire
off a
bunch of emails to people who may or may not have accounts,
allowing
them to access the page temporarily.

So an administrator needs to be able to generate a
semi-secret url
(like the ones generated by the user module) that would give
someone
temporary access to a single node page.

After struggling with the node_access stuff for a while, i
realised
that i probably want to sidestep the usual permissions by
providing
access to the node page via a callback anyway.

So the url i'm generating looks like
'/peek/<uid>/<timestamp>/<hd5
hash>'
and my peek table keeps track of things like the
corresponding nid,
when it was generated, how long it's valid for, when it was
first
accessed, and how long it remains valid after first access.
I've also
got a helper function to generate new users for email
address that
don't already have a user. When the link is generated, the
user gets
authenticated to this uid. That way all subsequent activity
is
connected to their userid for tracking purposes.

Thoughts anyone?

-- 
Alan Dixon, Web Developer
http://alan.g.di
xon.googlepages.com/

Why not just use Actions.module to set the published flag on
the node true and then send emails, then another action to
set the published flag false after some period of time?  Not
sure about the auto-account-creation, but you may want to
look into logintobaggan.

--Larry Garfield

On Fri, 16 Feb 2007 15:47:55 -0500, "Alan Dixon"
<alan.g.dixongmail.com> wrote:
> Hi drupalites:
> 
> I've been working on a little module i'm calling 'peek'
and just
> wanted to check in on duplication of efforts, existing
wisdom, etc.
> 
> The client wants to be able to create a page, and then
fire off a
> bunch of emails to people who may or may not have
accounts, allowing
> them to access the page temporarily.
> 
> So an administrator needs to be able to generate a
semi-secret url
> (like the ones generated by the user module) that would
give someone
> temporary access to a single node page.
> 
> After struggling with the node_access stuff for a
while, i realised
> that i probably want to sidestep the usual permissions
by providing
> access to the node page via a callback anyway.
> 
> So the url i'm generating looks like
'/peek/<uid>/<timestamp>/<hd5 hash>'
> and my peek table keeps track of things like the
corresponding nid,
> when it was generated, how long it's valid for, when it
was first
> accessed, and how long it remains valid after first
access. I've also
> got a helper function to generate new users for email
address that
> don't already have a user. When the link is generated,
the user gets
> authenticated to this uid. That way all subsequent
activity is
> connected to their userid for tracking purposes.
> 
> Thoughts anyone?
> 
> --
> Alan Dixon, Web Developer
> http://alan.g.di
xon.googlepages.com/

> The client wants to be able to create a page, and then
fire off a
> bunch of emails to people who may or may not have
accounts, allowing
> them to access the page temporarily.

Great. Unpublish nodes, generate a random, store (random,
nid) pairs and send

peek/<random>

URLs. 

function peek_menu($may_cache) {
  if ($may_cache) {
    $items[] = array('path' => 'peek', 'access' =>
TRUE, 'type' => MENU_CALLBACK);
  }
  return $items;
}

function peek_view($random) {
  $nid = db_result(db_query("SELECT nid FROM 
WHERE random = '%s'", $random));
  if ($nid && ($node = node_load($nid))) {
    return node_show($node);
  }
  drupal_not_found();
}

The above works because we bypass node_access thus peek_view
can view unpublished nodes but your users who are not node
admins can't.

Why are you generating users, I can't readily understand.