Module Description
The Entity Access Password module allows to restrict access to fieldable entities by requiring to enter a password.
The module provides a new field type: Password protection.
The administrator can choose per field instance the behavior (among other settings):
* the password level (can be cumulative):
* entity password
* bundle password
* global password
* the protected view modes
When a protected content entity is displayed in a protected view mode, if the user does not have access then it is the "Password protected" view mode that is displayed instead. That way, the administrator have a very flexible way to control how the password form is displayed, with the field formatter and view mode granularity.
Warning! As the module only switches the displayed view mode, a user can still access the content if exposed through web services for example.
The modules does not implement hook_entity_access() to allow to still see password protected entities in listings otherwise the user would not be able to access the form to unlock the entity with a direct link.
Development notes The module makes an intensive usage of services and service collectors to be able to let you introduce your own logic if needed. Among those services, you can add your own password validation, access check and access storage logic by implementing services with the appropriate tags.
Installation
* Install as you would normally install a contributed Drupal module. See: https://www.drupal.org/docs/extending-drupal/installing-modules for further information.
* You need to enable at least one module providing an access backend otherwise the module loses its interest. By default there are two sub-modules providing an access backend:
* Entity Access Password Session Backend (entity_access_password_session_backend) - Allows to store granted access in the session.
* Entity Access Password User Data Backend (entity_access_password_user_data_backend) - Allows to store granted access in the user data backend for more persistent access storage. Does nothing for anonymous users.
Configuration This is a straight forward configuration example, please read the documentation pages for detailed instructions:
* Enable the Entity Access Password module on your site.
* You can configure a global password on the configuration page (/admin/config/content/entity_access_password/settings).
* Add a "Password protection" field to a content type.
* Configure the "Password protected" view mode to display the password field.
* Select the behavior on this field instance:
* entity password and/or bundle password and/or global password
* which view mode will be protected
* Go to one content edit form where the field is added and enable password protection.
* View your entity as an anonymous user, the content should be rendered in the "Password protected" view mode and so the password field should be displayed.
Similar projects and how they are different
* Protected Pages - Protected Pages uses the path to protect your page so you can password protect Views pages for example. With Entity Access Password, content creators can add the password as they create content, they don't have to go to another configuration page.
Maintainers
* Florent Torregrosa (Grimreaper)
Organizations without Drupal.org page which sponsored the project:
* Ludwig-Maximilians-Universität München: sponsored initial port from Protected Node D7.
The module provides a new field type: Password protection.
The administrator can choose per field instance the behavior (among other settings):
* the password level (can be cumulative):
* entity password
* bundle password
* global password
* the protected view modes
When a protected content entity is displayed in a protected view mode, if the user does not have access then it is the "Password protected" view mode that is displayed instead. That way, the administrator have a very flexible way to control how the password form is displayed, with the field formatter and view mode granularity.
Warning! As the module only switches the displayed view mode, a user can still access the content if exposed through web services for example.
The modules does not implement hook_entity_access() to allow to still see password protected entities in listings otherwise the user would not be able to access the form to unlock the entity with a direct link.
Development notes The module makes an intensive usage of services and service collectors to be able to let you introduce your own logic if needed. Among those services, you can add your own password validation, access check and access storage logic by implementing services with the appropriate tags.
Installation
* Install as you would normally install a contributed Drupal module. See: https://www.drupal.org/docs/extending-drupal/installing-modules for further information.
* You need to enable at least one module providing an access backend otherwise the module loses its interest. By default there are two sub-modules providing an access backend:
* Entity Access Password Session Backend (entity_access_password_session_backend) - Allows to store granted access in the session.
* Entity Access Password User Data Backend (entity_access_password_user_data_backend) - Allows to store granted access in the user data backend for more persistent access storage. Does nothing for anonymous users.
Configuration This is a straight forward configuration example, please read the documentation pages for detailed instructions:
* Enable the Entity Access Password module on your site.
* You can configure a global password on the configuration page (/admin/config/content/entity_access_password/settings).
* Add a "Password protection" field to a content type.
* Configure the "Password protected" view mode to display the password field.
* Select the behavior on this field instance:
* entity password and/or bundle password and/or global password
* which view mode will be protected
* Go to one content edit form where the field is added and enable password protection.
* View your entity as an anonymous user, the content should be rendered in the "Password protected" view mode and so the password field should be displayed.
Similar projects and how they are different
* Protected Pages - Protected Pages uses the path to protect your page so you can password protect Views pages for example. With Entity Access Password, content creators can add the password as they create content, they don't have to go to another configuration page.
Maintainers
* Florent Torregrosa (Grimreaper)
Organizations without Drupal.org page which sponsored the project:
* Ludwig-Maximilians-Universität München: sponsored initial port from Protected Node D7.
Module Link
Project Usage
346
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
The Entity Access Password module aims to solve the restriction of access to fieldable entities by requiring a password, with options for password levels and protected view modes.
Data Name
entity_access_password