Drupal has an authorization system based on permissions and roles. The permissions grant or deny authorization to do various things. Examples include create an Article, perform a backup, and send a message via users' personal contact forms. Each role consists of a complete set of yes/no settings for each of the myriad permissions. You can view or edit our site's roles here, and the permissions here.
Drupal has three standard roles that cannot be changed:
- Administrator: Can do anything on the site, regardless of permission settings.
- Anonymouse User: Someone who is not logged in.
- Authenticated User: Someone who has a user account on the system, and is currently logged in. We plan to use this role in conjunction with the site-specific roles described below.
I created three additional roles specifically for our site:
- Editor, for WEB Team members who are authorized to create, edit, and delete pages on the site. They also have all the permissions of a Current Member. This, combined with the fact that the Editor accounts de facto have no expiration date.
- Current Member, allowed to view members-only content, post comments, and contact other members.
- Lapsed Member, for IAC members whose membership has expired. They have the same permissions as an Anonymous User.
See the Updating Member Currency page for details on how we toggle between the Current Member and Lapsed Member states.
Drupal's Node Option Premium module implements role-based permissions for each node type, and allows overrides for individual nodes. We use this feature to implement the members-only paywall.
