Specbee: How to Control Access to Restricted Pages with the Rabbit Hole Module in Drupal 8

How to Control Access to Restricted Pages with the Rabbit Hole Module in Drupal 8
Shruthi Shetty
20 Apr, 2021

There might be instances when you want to restrict access to some pages of your website. It could because you want increased security for the high-risk data that’s lying on the page or you want only your subscribed users to be able to view the content. This functionality is provided in Drupal 8 by a module with an interesting name called the Rabbit hole module. The module is also compatible with Drupal 9! In this article we will be elaborating on the module and how you can implement it in your next Drupal project.
Control Access to Restricted Pages 

What does the Rabbit Hole module do?

The Rabbit Hole module provides the ability to control what should happen when an entity is being viewed at its own page. It also controls what happens when someone visits an entity page.

In simple it allows you to easily redirect or prevent users from viewing specific types of entities on your site. You can grant or deny user access to entity types or specific Drupal entities based on user roles. For example: To display paid content to users with a subscription or to allow special user roles.

Some of the entities that it supports are Nodes, Taxonomy Terms, Users, Files, Group and Media Entity

The Rabbit hole module for Drupal 8 provides multiple options to restrict access to specified pages. You can choose to deliver access denied or page not found pages. You can also choose to redirect a page to any path/URL. Or you could choose to display the entity as it is.

Configuring the Rabbit hole module

Here’s how you can configure the Rabbit hole module for an entity type:

  • Download the module using
    composer require drupal/rabbit hole
  • Click on Extend in the Admin toolbar.
  • Scroll down and select the entities for which you want to add the functionality for
  • Click on install.

Configuring the Rabbit Hole Module

Configuring the Rabbit hole module: Select the required entities

Create a VIP Role

When you create a VIP role, only paid users will be allowed to view the content. Without a paid membership user will be Authenticated user.

  • On the Admin toolbar click on People -> Roles -> Add Role
  • Give the role name as VIP
  • Click on Save 

Creating VIP Role

Creating VIP roles

Create Users

Here let’s create an Authenticated user and a VIP user.

  • Click on People -> Add user
  • Enter the data and select the role as VIP
  • Click on Create a new account 

Create New User Account

Create a new user account

In the same way create another user with the role of Authenticated. After that, the People page will look like this.
All Users

All Users

Create VIP Content Type

  • Click on Structure -> Content type -> Add content type
  • Give a proper name and description for the content type
  • Click on Rabbit hole Settings
  • Keep “Allow these settings to be overridden for individual entities” option as checked. It will allow administering permissions on a node basis
  • Choose the redirect option and enter the URL of the site to which you want to redirect
  • Click on Save and manage Fields.

Create VIP Content Type

Create VIP Content Type

  • Add an image field and place it above the body field on the content type to manage display settings.
  • Click on Save 

Save VIP

Set Access Permissions

Users with a VIP role will have to be able to bypass the Rabbit Hole control. 

  • Click on People – > Roles
  • Click on the dropdown arrow of VIP role and click on Edit permissions
  • Search and Check for the Bypass Rabbit hole action for Content permission. Save the permissions. 

Bypass Rabbit Hole 

Create Content

  • Click on Content -> Add content -> VIP content
  • Create a node and hit Save 

Create Content

Create content

Test the Rabbit hole Module

  • Login as an Authenticated User
  • Click on the Teaser title of the VIP content on the Home page)

Testing Rabbit Hole

Testing the Rabbit hole module

  • It will (and should) redirect to the Access denied page.

Access Denied for Authorized User

Access denied for an Authenticated user

  • Now let’s logout and login again but this time as a VIP user.

Login VIP User

  • Go to home page and click on the Teaser title.

Committed to SafetyView Node and Content

  • As a VIP user, you will now be able to see the node and content.
Shefali ShettyApr 05, 2017


Go to Source