Talking Drupal #472 - Access Policy API

October 21, 2024

Today we are talking about Access Policy API, What it does, and How you can use it with guest Kristiaan Van den Eynde. We’ll also cover Visitors as our module of the week.

Listen:

direct Link

Topics

  • What is the Access Policy API
  • Why does Drupal need the Access Policy API
  • How did Drupal handle access before
  • How does the Access Policy API interact with roles
  • Does a module exist that shows a UI
  • What is the difference between Policy Based Access Control (PBAC), Attribute Based Access Control (ABAC) and Role Based Access Control (RBAC)
  • How does Access Policy API work with PBAC, ABAC and RBAC
  • Can you apply an access policy via a recipe
  • Is there a roadmap
  • What was it like going through pitchburg
  • How can people get involved

Resources

Module of the Week

Visitors
  • Brief description:
    • Have you ever wanted a Drupal-native solution for tracking website visitors and their behavior? There’s a module for that
  • Module name/project name:
  • Brief history
    • How old: created in Mar 2009 by gashev, though recent releases are by Steven Ayers (bluegeek9)
    • Versions available: 8.x-2.19, which works with Drupal 10 and 11
  • Maintainership
    • Actively maintained
    • Security coverage
    • Test coverage
    • Documentation guide is available
    • Number of open issues: 20 open issues, none of which are bugs against the 8.x branch
  • Usage stats:
    • Over 6,000 sites
  • Module features and usage
    • A benefit of using a Drupal-native solution is that you retain full ownership over your visitor data. Not sharing that data with third parties can be important for data protection regulations, as well as data privacy concerns.
    • You also have a variety of reports you can access directly within the Drupal UI, including top pages, referrers, and more
    • There is a submodule for geoip lookups using Maxmind, if you also want reporting on what region, country, or city your visitors hail from
    • It provides drush commands to download a geoip database, and then update your data based on geoip lookups using that database
    • It should be mentioned that the downside of using Drupal as your analytics solution is the potential performance impact and also a likely uptick in usage for hosts that charge based on the number of dynamic requests served