node_access_example.module

  1. examples
    1. 6 node_access_example/node_access_example.module
    2. 7 node_access_example/node_access_example.module
    3. 8 node_access_example/node_access_example.module
  2. drupal
    1. 4.6 developer/examples/node_access_example.module
    2. 4.7 developer/examples/node_access_example.module
    3. 5 developer/examples/node_access_example.module

This is an example illustrating how to restrict access to nodes based on some criterion associated with the user.

Database definition:

  DELETE FROM node_access;
  INSERT INTO node_access (nid, gid, realm, grant_view, grant_update,
     grant_delete) VALUES (0, 1, 'example', 1, 0, 0)

This SQL needs to be run before the module will work properly. The installer system will probably perform this work in the future. The first line removes any existing grants, including (most importantly) the universal grant installed by default that gives read access to every node for everyone. The second line grants read access to every node for users with the "access private content" permission; in the scheme we're defining here, each node will either be private (in which case it can always be read by anyone with that permission) or public (in which case it can be read by everyone). We'll take care of public nodes in node_access_example_nodeapi().

Functions & methods

NameDescription
node_access_example_form_alterImplementation of hook_form_alter().
node_access_example_helpImplementation of hook_help().
node_access_example_nodeapiImplementation of hook_nodeapi().
node_access_example_node_grantsImplementation of hook_node_grants().
node_access_example_permImplementation of hook_perm().

File

developer/examples/node_access_example.module
View source
  1. <?php

  2. 

  3. /**

  4.  * @file

  5.  * This is an example illustrating how to restrict access to nodes based on some

  6.  * criterion associated with the user.

  7.  *

  8.  * Database definition:

  9.  * @code

  10.  *   DELETE FROM node_access;

  11.  *   INSERT INTO node_access (nid, gid, realm, grant_view, grant_update,

  12.  *      grant_delete) VALUES (0, 1, 'example', 1, 0, 0)

  13.  * @endcode

  14.  *

  15.  * This SQL needs to be run before the module will work properly. The installer

  16.  * system will probably perform this work in the future. The first line removes

  17.  * any existing grants, including (most importantly) the universal grant

  18.  * installed by default that gives read access to every node for everyone. The

  19.  * second line grants read access to every node for users with the "access

  20.  * private content" permission; in the scheme we're defining here, each node

  21.  * will either be private (in which case it can always be read by anyone with

  22.  * that permission) or public (in which case it can be read by everyone). We'll

  23.  * take care of public nodes in node_access_example_nodeapi().

  24.  */

  25. 

  26. /**

  27.  * Implementation of hook_help().

  28.  */

  29. function node_access_example_help($section) {

  30.   switch ($section) {

  31.     case 'admin/modules#description':

  32.       return t('An example illustrating how to restrict access to nodes based on some criterion associated with the user.');

  33.   }

  34. }

  35. 

  36. /**

  37.  * Implementation of hook_perm().

  38.  *

  39.  * In this example, we will use a simple permission to determine whether a user

  40.  * has access to "private" content. This permission is defined here.

  41.  */

  42. function node_access_example_perm() {

  43.   return array('access private content');

  44. }

  45. 

  46. /**

  47.  * Implementation of hook_node_grants().

  48.  *

  49.  * Since we are restricting access based on a permission, we need to check that

  50.  * permission and return the appropriate result.

  51.  *

  52.  */

  53. function node_access_example_node_grants($account, $op) {

  54.   $grants = array();

  55.   if (user_access('access content', $account)) {

  56.     $grants[] = 0;

  57.   }

  58.   if (user_access('access private content', $account)) {

  59.     $grants[] = 1;

  60.   }

  61.   return array('example' => $grants);

  62. }

  63. 

  64. /**

  65.  * Implementation of hook_form_alter().

  66.  *

  67.  * We use this to alter the node editing form and insert a check box so the

  68.  * admins can manage the node's access rights.

  69.  *

  70.  * Modules may wish to provide default grants per node type using this hook.

  71.  */

  72. function node_access_example_form_alter($form_id, &$form) {

  73.   // This hook is called for all forms. We only want to work with node settings

  74.   // and edit forms.

  75.   if (isset($form['type'])) {

  76.     // Node settings form.

  77.     if ($form['type']['#value'] .'_node_settings' == $form_id) {

  78.       // If the module needed it, this would be where you would insert controls

  79.       // for the node's settings form.

  80.     }

  81. 

  82.     // Node edit form for users with "administer nodes" permission.

  83.     if ($form['type']['#value'] .'_node_form' == $form_id && user_access('administer nodes')) {

  84.       $node = $form['#node'];

  85.        if (!isset($node->access_example)) {

  86.         // Load the grants from the database.

  87.         $result = db_query('SELECT na.gid FROM {node_access} na WHERE na.nid = %d AND na.realm = \'example\' AND na.grant_view = 1', $node->nid);

  88.         $grant = db_fetch_object($result);

  89.         if ($grant && $grant->gid == 0) {

  90.           // The "public" grant was set.

  91.           $node->access_example = 0;

  92.         }

  93.         else {

  94.           $node->access_example = 1;

  95.         }

  96.       }

  97.       $form['access_example'] = array(

  98.         '#type' => 'checkbox',

  99.         '#title' => t('Private Node Access'),

  100.         '#default_value' => $node->access_example,

  101.         '#weight' => -10,

  102.         '#description' => t('Make this node private.'),

  103.       );

  104.     }

  105.   }

  106. }

  107. 

  108. /**

  109.  * Implementation of hook_nodeapi().

  110.  *

  111.  * Most of a node access module's work will be done via this hook. Several

  112.  * values of $op will require responses:

  113.  *

  114.  * - "delete", "insert", and "update":

  115.  *   The module must take care of updating the node_access table appropriately

  116.  *   when nodes are modified, probably using the form element mentioned above.

  117.  *   Only the realm(s) handled by the module should be affected, so that multiple

  118.  *   node access modules can peacefully coexist.

  119.  * - "validate":

  120.  *   Depending on the user interface provided in the node form, the selection

  121.  *   may need to be verified and validated here.

  122.  */

  123. function node_access_example_nodeapi(&$node, $op, $arg = 0) {

  124.   switch ($op) {

  125.     case 'delete':

  126.       // When a node is deleted, delete any relevant grants.

  127.       db_query('DELETE FROM {node_access} WHERE nid = %d AND realm = \'example\'', $node->nid);

  128.       break;

  129.     case 'insert':

  130.     case 'update':

  131.       // Clear out any existing grants for the node, and set new ones.

  132.       db_query('DELETE FROM {node_access} WHERE nid = %d AND realm = \'example\'', $node->nid);

  133.       $node->access_example = isset($node->access_example) ? $node->access_example : 0;

  134. 

  135.       if ($node->access_example == 0) {

  136.         // If the node is public, we need to grant access to everyone.

  137.         db_query('INSERT INTO {node_access} (nid, gid, realm, grant_view, grant_update, grant_delete) VALUES (%d, %d, \'example\', %d, %d, %d)', $node->nid, 0, 1, 0, 0);

  138.       }

  139.       break;

  140.   }

  141. }

  142.
Login or register to post comments