A site I work on has resources in assigned to specific resource groups. Some resources are not accessible if a user does not have access to a specific resource group. However, if the user has a specific URL, they need to be allowed to temporarily access the resources assigned to the resource group (in addition to whatever resources and resource groups they normally have access to).
Is there a “normal” or recommended way to do something like this?
The idea I have so far is to add a special flag/value to the session to note that the user has accessed the special URL and then have a plugin that looks for that value to allow access to a page even though the user is normally not authorized to view the page. Does that seem reasonable? Which event do I need to respond to in order to make this work? Or is there a better way?