So I like your initial thought as it works without any coding BUT what you could do is create a custom event handler for the order processing. You can override the
ProcessOrderIsPaidChangeInternal(OrderInfo oi) method. When the order is marked as paid, do some checking and add the user to a role.
Unfortunately, you have 2 scenarios with this approach:
- Only users who purchase an event can only see the event and related info in child nodes they purchased. So very restricted.
- All user who purchase an event can see all events related info and child nodes. Simplest and less restrictive.
With option 1, you will still have to create a new security role for each event and assign the permissions on the event page itself. Although you could automate this with a custom event handler for creating those page types. Create a new role based on the
NodeAlias field, assign the permissions to the page. Then in your order processing event handler you can check for that node alias name and assign them to the role.
With option 2, you'll have a single generic security role which you will assign to every event and every user when they pay for their event.
Hope this helps give you some other ideas.