Hi all, new discourse user, first post, please be kind!
Can someone tell me if the following solution is possible?
Scenario:
Have a Drupal site
Have content on Drupal site which requires user authentication (“restricted Drupal content”)
Have SSO between Drupal and Discourse
Problem:
A Discourse user who pastes a link to “restricted Drupal content” in a post gets the 403 message: “Sorry, we were unable to generate a preview for this web page, because the web server returned an error code of 403. Instead of a preview, only a link will appear in your post.”
Desired Solution:
A Discourse user who pastes a link to restricted content gets the automatic preview if they have access to the content
There’s an ambiguity in what you’ve said so far. Do you mean that when viewing a discourse post with a Drupal link, the onebox preview should depend on
the viewers Drupal access; or
the creators Drupal access
Either way, it’s going to be easier to address if you can make it a discourse access issue. You can get automatic discourse group assignment based on Drupal role, that should be easy enough with the Drupal discourse SSO module.
You may also find you need some custom access logic on the Drupal end to make sure the onebox preview crawler can access restricted content.
If you want to show content to some viewers but not others, I suspect you’re going to need to make the content use a script of some kind. It would be much easier if the content depended on the creator not the viewer.
Thanks for the quick reply. I was thinking the preview would depend on the Discourse topic/comment creator’s access, not the Discourse viewer.
I was thinking about the preview as a snapshot that gets created and tied to the post as flat HTML, not a dynamic widget - I hadn’t even considered that as a possibility!
If I understand you correctly: this would possible with customization (via script) on the Discourse side, and/or custom access logic on the Drupal side?