At arocom, we are constantly monitoring how the digital world is developing and which tools help us to make our web projects more secure and efficient. Drupal is a powerful content management system (CMS) known for its flexibility and extensibility. It enables developers and content managers to create complex websites and applications.
A significant part of this flexibility comes from so-called contrib modules - extensions developed by the Drupal community to enable additional functionality and customization. This enables us to create customized solutions for our customers
In this article, we introduce you to one of our developed contrib modules: Protected Nodes.
What is the "Protected Nodes" module?
Click, click, click, gone! Deleted content is very difficult to restore. If there is no backup of the content, this is probably impossible. This is extremely annoying and if system-relevant content is affected, it can quickly turn into a minor disaster.
The "Protected Nodes" module is a contrib module developed by us that enables certain content (nodes) on a website to be protected against accidental deletion. This setting can be made by all users who have an authorized role. We have set this up in our project for users who have the role of administrator.
Goal:
It should only be possible for selected roles to delete certain system-relevant content.
Background:
Certain content is essential to ensure the functionality of a website. For example, start pages, confirmation pages, imprint, data protection, etc. It is therefore important that this content is protected against deletion.
How does content deletion protection work
Administrators can manually activate protection by content type in the module settings. This adds a "Protected" checkbox to the activated node. This box can then be placed on the node form and is only visible to users with the "Set/Unset Node Protection" permission. If the protection is set per node, it cannot be deleted via the usual admin interface.
After module installation, authorized roles will find a "Protected" toggle on the top right-hand side of the content. If this content is marked as requiring protection, the delete button disappears for editors with insufficient authorization.
Key functions:
- Delete protection for individual nodes: ensure that only authorized users have delete permission for specific content.
- Easy integration: Fits seamlessly into existing Drupal installations.
- User-friendly management: Set protection directly at content level without having to dive into complex settings menus.
- Lean code base: Simple content protection without a complex module with countless configuration options.
After installation:
-
Configure permissions for roles:
Which user role can set the supported content types and which role can set or clear the actual "Protected" checkbox per node.
- Add the widget for the "Protected" field on the node form.
Security aspects
This module does not improve the access security of the content. It is intended to prevent the deletion of content through inadvertent human action. There are other modules for targeted access control, such as Taxonomy Access Control.
Further information
The "Protected Nodes" module is an indispensable tool for all Drupal website operators who take the protection of their content seriously. It offers a simple but efficient solution to ensure that system-relevant content is protected from deletion.