hook_access

5 node.php	`hook_access($op, $node)`
6 node.php	`hook_access($op, $node, $account)`

Define access restrictions.

This hook allows node modules to limit access to the node types they define.

Parameters

$op: The operation to be performed. Possible values:

"create"
"delete"
"update"
"view"

$node: Either a node object or the machine name of the content type on which to perform the access check.

$account: The user object to perform the access check operation on.

Return value

TRUE if the operation is to be allowed.
FALSE if the operation is to be denied.
NULL to not override the settings in the node_access table, or access control modules.

The administrative account (user ID #1) always passes any access check, so this hook is not called in that case. If this hook is not defined for a node type, all access checks will fail, so only the administrator will be able to see content of that type. However, users with the "administer nodes" permission may always view and edit content through the administrative interface.

For a detailed usage example, see node_example.module.

▸ 32 functions implement hook_access()

▾ 32 functions implement hook_access()

$update_free_access in developer/globals.php: Access control for update.php script. Allows the update.php script to be run when not logged in as and administrator.
blog_access in modules/blog/blog.module: Implementation of hook_access().
blog_page_user_access in modules/blog/blog.module: Access callback for user blog pages.
comment_access in modules/comment/comment.module: This is *not* a hook_access() implementation. This function is called to determine whether the current user has access to a particular comment.
DRUPAL_BOOTSTRAP_ACCESS in includes/bootstrap.inc: Fourth bootstrap phase: identify and reject banned hosts.
filter_access in modules/filter/filter.module: Returns TRUE if the user is allowed to access this format.
forum_access in modules/forum/forum.module: Implementation of hook_access().
menu_tree_check_access in includes/menu.inc: Check access and perform other dynamic operations for each link in the tree.
Node access rights in modules/node/node.module: The node access system determines who can do what to which nodes.
node_access in modules/node/node.module: Determine whether the current user may perform the given operation on the specified node.
node_content_access in modules/node/node.module: Implementation of hook_access().
poll_access in modules/poll/poll.module: Implementation of hook_access().
profile_category_access in modules/profile/profile.module: Menu item access callback - check if a user has access to a profile category.
user_access in modules/user/user.module: Determine whether the user has a given privilege.
user_admin_access in modules/user/user.admin.inc: Menu callback: list all access rules
user_delete_access in modules/user/user.module: Menu access callback; limit access to account deletion pages.
user_edit_access in modules/user/user.module: Access callback for user account editing.
user_register_access in modules/user/user.module
user_view_access in modules/user/user.module
_block_themes_access in modules/block/block.module: Menu item access callback - only admin or enabled themes can be accessed
_book_outline_access in modules/book/book.module: Menu item access callback - determine if the outline tab is accessible.
_book_outline_remove_access in modules/book/book.module: Menu item access callback - determine if the user can remove nodes from the outline.
_contact_user_tab_access in modules/contact/contact.module: Menu access callback for a user's personal contact form.
_menu_check_access in includes/menu.inc: Check access to a menu item using the access callback
_menu_tree_check_access in includes/menu.inc: Recursive helper function for menu_tree_check_access()
_node_add_access in modules/node/node.module
_node_revision_access in modules/node/node.module
_poll_menu_access in modules/poll/poll.module: Callback function to see if a node is acceptable for poll menu items.
_system_themes_access in modules/system/system.module: Menu item access callback - only admin or enabled themes can be accessed.
_tracker_myrecent_access in modules/tracker/tracker.module: Access callback for tracker/%user_uid_optional
_tracker_user_access in modules/tracker/tracker.module: Access callback for user/%user/track
_translation_tab_access in modules/translation/translation.module: Menu access callback.

File

developer/hooks/node.php, line 160: These hooks are defined by node modules, modules that define a new kind of node.

Code

<?php
function hook_access($op, $node, $account) {
  if ($op == 'create') {
    return user_access('create stories', $account);
  }

  if ($op == 'update' || $op == 'delete') {
    if (user_access('edit own stories', $account) && ($account->uid == $node->uid)) {
      return TRUE;
    }
  }
}
?>

Comments

It is still available in D7

Posted by Akex on August 14, 2010 at 2:41pm

Anyway, this very useful functionality for your modules is still available in D7. (And I hope it will never sweeped out...)
It was just renamed: use hook_node_access, instead.

You can find a reference for this hook here:
hook_node_access($node, $op, $account)

As you can read in node.module:

 * Next, all implementations of hook_node_access() will be called. Each
 * implementation may explicitly allow, explicitly deny, or ignore the access
 * request. If at least one module says to deny the request, it will be rejected.
 * If no modules deny the request and at least one says to allow it, the request
 * will be permitted.

---

Posted by kiamlaluno on October 25, 2010 at 5:25am

Differently from hook_access(), hook_node_access() (defined in Drupal 7) can be implemented from a module to alter the access to any node, even for the content types it doesn't define.

hook_access only called if you declare a node type

Posted by oknate on November 10, 2010 at 5:49pm

It should be noted that hook_access is only called if your module declares a node type. If you're using CCK you can't use this hook.