Model
The team made a security model earlier. Here’s the content types part of it.
Content types
| Content type | View access | Change access |
| Person | Public: Name, majors, projects Org manager: the rest |
Org manager |
| Project | Public | Org manager |
| Event | Public | Org manager |
For Project and Event, anyone can view all the fields. Only managers can change the data.
Person is more complicated. Anyone can see three of the fields. Managers can see all of them, and change the data as well.
Implementation
Go to People | Permissions. Scroll down to the Node section. You’ll see permission settings for Person, Project, and Event. Give Org managers and Administrators permission to make any change. Anonymous and Authenticated can’t change anything. Here are the permissions for Person:
Hiding Person fields
We want to hide most Person fields from anonymous users. That’s usually done with the Content access module. At the time of writing, just after the official release of D8, the module doesn’t have a stable release.
Exercise
gamerz site, set the permissions for the person, project, and event content types. If you have not already done so, you will need to create the Org Manager role to properly complete this exercise.
Submit the URL of your site, and the login credentials for user 1. (If you were logged in as a student, you could submit an exercise solution, and get some feedback.)