I recently released a project on Drupal.org called Advanced Access. The project is the implementation of my vision for extensible Access Control in Drupal 8, and the baseline improvements that I think are needed to make this part of Drupal a more extensible and usable platform. I am here now to intro the basics of the project and to give an over view of how it’s used. Hopefully as further development is done on the Advanced Access platform, there will be more to come.
A Humble Beginning
I won't go too far into the details on the premise and origin of the Advanced Access module. To avoid adding that to this post, I gave an overview of its development in another recent post, focusing on one of my current projects. The background you need here, is that I found the Drupal access control layer lacking when it came to working with complicated access requirements. In my case, I was dealing with access controlling content and abstract sub content items implemented with Paragraphs.
Filling the Void.
Drupal's access control to me was missing one major feature. On a small scale complex access requirements could be solved, using the node access API. Using community modules, the node access API can be used to control access to pages and content across the site. However, due to the focus on the core Content nodes, this access API extends no further, like a paradise island floating in space.
We have reached the void. When working with entity types beyond just content nodes, there is a gap and limitation to what a developer is able to achieve. My first solution, as seen in my other post above, was to extend and replicate the core node access API beyond just node. The early implementations can be found in the Field Collection Access and Paragraphs Access modules. These two projects were just extensions of the paradise island, but still left a great deal of work for a developer when they wished to implement access control. The same project would need to be duplicated again and again for every content type. It could only become a waste of time and effort, not to mention a major maintenance burden on a developer.
The Rise of Advanced Access
I hereby present Advanced Access. A plugin based access control ecosystem, designed to make access extensible and simple. Moving beyond the advanced access core, Drupal module developers and site maintainers can build out extensive access control systems without bloating their applications.
Plugins for Everything
The first major feature that Advanced Access gives over the core implementation, is using a plugin based design. Allowing for developers to create object oriented components that work together. This also allows greater flexibility and customization over the Drupal hook system, used by Node Access. These plugins, in the form of Access Consumers and Access Providers implement everything needed to create an access control ecosystem.
From these plugins, Advanced Access implements a system of access grants the same as node access does. This makes the move of existing node access implementations almost seamless.
Access Providers are the core premise of the Advanced Access module. The access provider is the mechanism that can allow modules to be able to interact with multiple entity types. Instead of using hooks to define targeted entity types the Access Provider Plugins can be enabled for any applicable entity type. The provider itself, contains logic to determine if the entity type supports the Provider. A good example of this is the Role Access Control (RAC) module. The 2.0 version of RAC is implemented around Advanced Access. It however only supports Fieldable entity types with Role Reference Fields.
Access Consumer plugins implement the remaining gaps for access control. They provide the other side of the equation; enabling entity types for access control. These plugins, often supper light weight and only a few lines of code to define, are used to allow configuration of an entity type for Advanced Access. These plugins could either be bundled as standalone modules, or integrated into the module that provides the entity type. In version 2.0, Paragraphs Access implements a simple access control handler, that tell Advanced Access to configure the paragraphs entity type to have access control implemented using Advanced Access. The overriding access consumer here, allows the access handler definition on the Entity type to be replaced with a mechanism that integrates Advanced Access into the entity type.
Node access is already built, but it still can implement Advanced Access. The Advanced Access providers a sub module that bridges the node access hooks into Advanced Access Control. This Consumer plugin for Nodes is light weight and only extends from the base AccessConsumer class since core already implements limiting the access based on the node access API and all grants from Advanced Access are published to node access.
Where from here?
Advanced Access has a long why to go before its widely used. The first phase for growth would require that popular modules, such as Taxonomy Access Control Lite to implement Access Provider plugins, as well as developers to integrate and depend on Advanced Access for the complicated mechanics of their modules.
Let me know if you have any thoughts, or would like support for advanced access. I want to make this, and my other modules, succeed within the Drupal Community. To achieve that, I am willing to help module maintainers incorporate advanced access, and to support and solve any issues with the module. Feel free to reach out if you have any questions.