Group

A powerful module that allows you to group users, content, and other entities together with fine-grained permissions and access control within each group.

group
16,586 sites
283
drupal.org
gui api content
group membership access control permissions organic groups alternative entity grouping user groups content organization collaboration communities
Drupal 10 Drupal 11

インストール

Drupal 11, 10 v3.3.5
composer require 'drupal/group:^3.3'

概要

Groupモジュールは、ユーザー、コンテンツ、その他のエンティティのコレクションを作成するための柔軟なシステムを提供します。Organic Groups(OG)とは異なり、Groupは関連するコンテンツとメンバーのコンテナとして機能する専用の「Group」エンティティタイプを作成するという根本的に異なるアプローチを採用しています。

各グループは独自のロールとパーミッションのセットを持つことができ、Drupalのグローバルパーミッションとは独立して動作する高度なアクセス制御が可能になります。ユーザーは複数のグループのメンバーになることができ、各グループで異なるロールを持つことができます。また、設定に応じてコンテンツを1つまたは複数のグループに関連付けることができます。

このモジュールは「Group Relations」と呼ばれるプラグインベースのアーキテクチャを使用しており、さまざまなエンティティタイプをグループに追加する方法を決定します。この拡張可能なシステムにより、開発者は任意のエンティティタイプとのカスタム統合を作成できます。モジュールには、ユーザー用のGroup Membershipプラグインが組み込まれており、Node統合用のGroup Nodeサブモジュールを提供しています。

主な機能には、独自の設定を持つ複数のグループタイプ、柔軟なロールスコープ(Outsider、Insider、Individual)、グループ作成者の自動メンバーシップ、エンティティ関係の設定可能なカーディナリティ、グループのリビジョンサポート、包括的なViews統合が含まれます。

Features

  • フィールド、表示モード、リビジョンをサポートする設定可能なグループタイプ(バンドル)を持つカスタムGroupエンティティタイプ
  • 3つのスコープを持つ柔軟なグループロールシステム:Outsider(グローバルロールと同期される非メンバー)、Insider(グローバルロールと同期されるメンバー)、Individual(特定のメンバーに手動で割り当て)
  • Drupalのグローバルパーミッションとは独立して動作するきめ細かいパーミッションシステム。グループタイプとロールごとにパーミッションを割り当て可能
  • メンバーシップごとに複数のロールをサポートし、ユーザーをグループメンバーとして追跡するGroup Membershipシステム
  • 設定可能なカーディナリティとアクセス制御により、任意のエンティティタイプをグループに追加できるプラグインベースのGroup Relationsアーキテクチャ
  • グループ化されたコンテンツのエンティティアクセス制御 - グループが関連エンティティの閲覧、編集、削除権限を持つユーザーを決定可能
  • グループ対応の表示を構築するためのカスタムアクセスプラグイン、引数、リレーションシップハンドラーを備えた組み込みViews統合
  • 特定のグループに対して現在のユーザーが利用可能なコンテキスト対応のアクションを表示するGroup operationsブロック
  • グループに新しいエンティティを追加し、リレーションシップフィールドが適切に入力されることを保証する作成ウィザード
  • 作成者に設定可能なロールを割り当てる自動グループ作成者メンバーシップ
  • グループパーミッションに依存するコンテンツの適切なキャッシングのためのCache contextとtag
  • グループとグループリレーションシップのTokenサポート
  • 自動URLエイリアスのためのPathauto統合(オプション)

Use Cases

Private Intranet Departments

Create group types for company departments where each department is a group. Department heads get admin roles while regular employees are members. Content added to departments is only visible to department members. Outsider roles synchronized with global admin can manage all departments.

Online Learning Classes

Educational platform where each course is a group. Instructors create groups and automatically receive admin privileges. Students join or are added as members. Course materials (nodes) are added to the group and only visible to enrolled students. Different content types can have different permission rules.

Community Interest Groups

Social platform with user-created interest groups. Users can create groups on any topic and become the group admin. Other users join groups they're interested in. Group admins control membership and can assign moderator roles. Content is shared within the group community.

Client Portals

Agency website where each client has a dedicated group. Client contacts are added as members with view-only access. Agency staff have roles synchronized with their global roles, giving them automatic access to all client groups. Client-specific documents and project updates are organized within each group.

Multi-tenant Application

SaaS application where each tenant/organization is a group. Tenant administrators manage their own users, content, and roles without affecting other tenants. Global administrators have outsider admin roles to manage all tenants when needed.

Tips

  • Always configure synchronized group roles for your global administrator role to ensure site admins can manage groups without needing individual memberships.
  • Use the 'Automatically configure useful default roles' option when creating group types to set up a sensible starting configuration with Anonymous, Outsider, and Member roles.
  • The Group Operations block is the recommended way to provide users with join/leave links and other group actions - add it to your group page layout.
  • For complex permission requirements, consider using multiple group roles with different scopes rather than trying to handle everything in one role.
  • When adding fields to group relationships (memberships), enable the 'creation wizard' to ensure users complete all required fields.
  • Use the 'access content overview' permission sparingly - it shows technical relationship data that's mainly useful for debugging or power users.
  • Group permissions are entirely separate from Drupal's global permissions - a user with 'administer nodes' globally still needs group-specific permissions to manage nodes within a group.
  • The group_members view at /group/[id]/members can be customized or replaced with your own views while maintaining the same path.

Technical Details

Admin Pages 12
Group settings /admin/group/settings

Configure global settings for the Group module that affect all groups across the site.

Groups /admin/group

Overview page listing all groups on the site. Provides a tabbed interface to access groups list, group types, and module settings.

Group types /admin/group/types

List of all configured group types. Each group type acts as a bundle for the Group entity with its own configuration, roles, and available content plugins.

Edit group type /admin/group/types/manage/{group_type}

Configure a specific group type including its label, description, group settings, and creator settings.

Edit group type permissions /admin/group/types/manage/{group_type}/permissions

Configure permissions for all roles within this group type. Displays a matrix of permissions by role with checkboxes to grant/revoke permissions.

Roles /admin/group/types/manage/{group_type}/roles

Manage group roles for this group type. Roles can be in three scopes: Outsider (for non-members), Insider (for members synchronized with global roles), or Individual (manually assigned).

Add group role /admin/group/types/manage/{group_type}/roles/add

Create a new role for a group type with configurable scope and optional global role synchronization.

Configure available content /admin/group/types/manage/{group_type}/content

Manage which entity types can be added to groups of this type by installing or configuring Group Relation plugins.

Install content plugin /admin/group/content/install/{group_type}/{plugin_id}

Configure and install a Group Relation plugin on a group type, enabling that entity type to be added to groups.

Members /group/{group}/members

Views-powered page displaying all members of a group with their roles, join date, and operation links.

Join group /group/{group}/join

Self-service form allowing users to join a group if they have the 'join group' permission.

Leave group /group/{group}/leave

Confirmation form allowing members to leave a group if they have the 'leave group' permission.

権限 3
Administer group settings

Grants full control over all group configuration including group types, roles, permissions, and content plugins. Should only be granted to trusted administrators.

Access the Group overview page

Allows access to the administrative group listing at /admin/group.

[Type]: Create new group

Dynamic permission generated for each group type. Allows users to create new groups of that type.

Hooks 1
hook_group_operations_alter

Allows modules to alter the links displayed in the Group Operations block for a specific group.

Troubleshooting 6
User 1 (admin) cannot access groups

By design, Drupal user 1 does not automatically have group access. Create Outsider and Insider group roles synchronized with your global administrator role and mark them as admin roles. This grants full access to users with the global admin role.

Group creator has no permissions after creating a group

Edit the group type and enable 'The group creator automatically becomes a member'. Then configure 'Group creator roles' to assign one or more roles (including an admin role if desired) to creators.

Entity access not working for grouped content

Ensure the Group Relation plugin has 'entity_access' enabled (check plugin annotation/attribute). For gnode, this is enabled by default. Also verify that the user has the appropriate view/update/delete permissions for that entity type within the group.

Permissions changes not taking effect

Clear all caches. Group permissions use sophisticated caching with the user.group_permissions cache context. Running 'drush cr' should resolve most caching issues.

Cannot add content to groups

First, ensure the appropriate Group Relation plugin is installed on the group type (Admin > Groups > Group types > [type] > Content). Then verify the user has the 'create [plugin] relationship' permission within the group.

Anonymous users cannot view group content

Create an Outsider scope group role synchronized with the 'Anonymous user' global role. Grant the 'view group' and any other necessary permissions to this role.

Security Notes 6
  • The 'administer group' permission grants full control over all group configuration. Only grant this to fully trusted administrators.
  • Admin group roles have all permissions within that group type, including the ability to manage other members. Assign carefully.
  • By default, group creators don't have any special permissions unless configured. This is intentional for security - explicitly configure creator roles.
  • Entity access control (when enabled) operates in addition to, not instead of, Drupal's standard entity access. Both must allow access for a user to access content.
  • Outsider roles synchronized with the Anonymous user global role allow non-authenticated access to groups - configure permissions on these roles carefully.
  • Group memberships and roles are stored as content entities and are subject to data privacy considerations under regulations like GDPR.