hook_access

5 node.php hook_access($op, $node)
6 node.php hook_access($op, $node, $account)

Define access restrictions.

This hook allows node modules to limit access to the node types they define.

Parameters

$op: The operation to be performed. Possible values:

  • "create"
  • "delete"
  • "update"
  • "view"

$node: Either a node object or the machine name of the content type on which to perform the access check.

$account: The user object to perform the access check operation on.

Return value

  • TRUE if the operation is to be allowed.
  • FALSE if the operation is to be denied.
  • NULL to not override the settings in the node_access table, or access control modules.

The administrative account (user ID #1) always passes any access check, so this hook is not called in that case. If this hook is not defined for a node type, all access checks will fail, so only the administrator will be able to see content of that type. However, users with the "administer nodes" permission may always view and edit content through the administrative interface.

For a detailed usage example, see node_example.module.

Related topics

Node access rights
The node access system determines who can do what to which nodes.
Hooks
Allow modules to interact with the Drupal core.

16 functions implement hook_access()

1 invocation of hook_access()

File

developer/hooks/node.php, line 160
These hooks are defined by node modules, modules that define a new kind of node.

Code

function hook_access($op, $node, $account) {
  if ($op == 'create') {
    return user_access('create stories', $account);
  }

  if ($op == 'update' || $op == 'delete') {
    if (user_access('edit own stories', $account) && ($account->uid == $node->uid)) {
      return TRUE;
    }
  }
}

Comments

It is still available in D7

Posted by Akex on August 14, 2010 at 2:41pm

Anyway, this very useful functionality for your modules is still available in D7. (And I hope it will never sweeped out...)
It was just renamed: use hook_node_access, instead.

You can find a reference for this hook here:
hook_node_access($node, $op, $account)

As you can read in node.module:

* Next, all implementations of hook_node_access() will be called. Each
* implementation may explicitly allow, explicitly deny, or ignore the access
* request. If at least one module says to deny the request, it will be rejected.
* If no modules deny the request and at least one says to allow it, the request
* will be permitted.

---

Posted by kiamlaluno on October 25, 2010 at 5:25am

Differently from hook_access(), hook_node_access() (defined in Drupal 7) can be implemented from a module to alter the access to any node, even for the content types it doesn't define.

hook_access only called if you declare a node type

Posted by oknate on November 10, 2010 at 5:49pm

It should be noted that hook_access is only called if your module declares a node type. If you're using CCK you can't use this hook.

Login or register to post comments