Drupal as an Intranet/Extranet Solution

Drupal can be readily configured to act as an Intranet or Extranet solution.  An Intranet is generally defined as an information system for posting and sharing information that functions in much the same way as the general Internet, except that the information is restricted for people within the organization: employees, managers, board of directors, etc.  An Extranet is simply an Intranet the allows select access to groups or individuals outside of the organization: vendors, partners, clients, etc.

To use Drupal as an Intranet one has to first look at the general requirements of such a solution that are not necessarily handled out-of-the-box:

• Mechanism for uploading files/documents easily and securely.
• Mechanism for restricting access to content.

The first issue of handling the ability to upload files and documents requires some configuration of the Drupal core installation, along with the implentation of a few modules:

1. First, we need to ensure that any files that are uploaded to the system are not accessible to the outside world.  Drupal can handle this through a Private Download function.  By default Drupal creates a files directory within the web root where all documents go.  The problem with this is that it means anybody can link directly to your files, as in http://www.somesite.com/files/myfile.doc .  To change this, go to Administer->Site Configuration->File System and set the Download Method to Private.  You also need to change the File System Path to be somwhere outside of the web root.  For example, if you have a linux/apache configuration where your site is located at /var/www/htdocs, you would perhaps set the path to /var/www/files.  Assuming apache has rights to the /var/www directory then Drupal will automatically create this folder for you.
2. Now we need an easy way for users to upload files.  There are a bunch of modules that can handle this, but one of the older, more stable and widely used modules is IMCE.  Although typically thought of in the context of an image uploader, IMCE can easily handle uploading of virtually any file type.
3. Lastly, one needs an easy way for users to link to content once it has been uploaded.  IMCE integrates with a number of WYSIWYG editors, we generally prefer installing and configuring the FCKEditor to work with it.
4. One final thought about uploading files securely--if you really want them to be secure and your site will be accessed over the Internet then you should of course install an SSL certificate and force a secure connection.

After setting all of this up the user can now upload files and create links to those files on pages.  Other typical Intranet functions, such as posting general content (web pages), announcements, etc., can all be handled out-of-the-box with Drupal with some attention to how categories, content types, etc., are configured.  However, one now needs to be able to restrict access to that content.  There are a number of modules that can be used to do this, the following is one example:

1. Install the ACL module.  This module is an API that is used by other modules to control per-user access to nodes.
2. Install the Content Access module.  In conjunction with ACL, this module allows you to now specify custom view, edit, and delete permissions for each Content Type.  You can also specify permissions on a per node basis.
3. Install the Taxonomy Access Control module.  This allows you to customize permissions to nodes based on taxonomy terms.

So with the above, you now have several ways in which you can control access to content:

• You can control access to specific nodes on a per-user basis.
• You can restrict access to nodes based on Content Type by Role.  For example, you can have a Role called Employee and can create a Content Type called Intranet Story and restrict Intranet Stories to only be access by Employees.
• You can control access based on taxonomy term.  So, for example, you can create a Vocabulary called Access with terms that include Public and Private.  You can then restrict access to a node tagged with Private to only be accessed by Employees.

Depending on what you want your Intranet/Extranet to do for you, there are many other items that could be considered.  For example, you may have all of your internal users authenticating against a Microsoft Active Directory setup.  In this case, you may want to consider installing the LDAP Integration module which can be used in conjunction with the above to manage all your users from your AD installation.  In general, though, we have found that Drupal is a perfectly adequate solution for use as an Intranet or Extranet.