Home » API reference » File

node_access_example.module

<?php
// $Id: node_access_example.module,v 1.18 2009/10/13 21:21:52 salvis Exp $

/**
 * @file
 * This is an example illustrating how to restrict access to nodes based on
 * some criterion associated with the user.
 *
 * This example module will simply set a single flag on a node: 'private'. If
 * the flag is set, only users with the 'view private content' flag can see
 * the node, and all users with 'edit private content' can edit (but not
 * delete) the node.
 *
 * Additionally we will ensure that the node author can always view, edit,
 * and delete the node by providing an additional access realm that grants
 * privileges to the node's author.
 *
 */

/**
 * Implementation of hook_permission().
 *
 * In this example, we will use a simple permission to determine whether a user
 * has access to "private" content. This permission is defined here.
 */
function node_access_example_permission() {
  return array(
    'access private content' => array(
      'title' => t('Access private content'),
      'description' => t('May view posts that are marked private.'),
    ),
    'edit private content' => array(
      'title' => t('Edit private content'),
      'description' => t('May edit posts that are marked private.'),
    ),
  );
}

/**
 * Implementation of hook_node_grants().
 *
 * Tell the node access system what GIDs the user belongs to for each realm.
 * In this example, we are providing two realms: the example realm, which
 * has just one group id (1) and the user is either a member or not depending
 * upon the operation and the access permission set.
 *
 * We are also setting up a realm for the node author, though, to give it
 * special privileges. That has 1 GID for every UID, and each user is
 * automatically a member of the group where GID == UID.
 *
 */
function node_access_example_node_grants($account, $op) {
  if ($op == 'view' && user_access('access private content', $account)) {
    $grants['example'] = array(1);
  }

  if (($op == 'update' || $op == 'delete') && user_access('edit private content', $account)) {
    $grants['example'] = array(1);
  }

  $grants['example_author'] = array($account->uid);
  return $grants;
}

/**
 * Implementation of hook_node_access_records().
 *
 * All node access modules must implement this hook. If the module is
 * interested in the privacy of the node passed in, return a list of
 * node access values for each realm and grant ID we offer.
 */
function node_access_example_node_access_records($node) {
  // We only care about the node if it's been marked private. If not, it is
  // treated just like any other node and we completely ignore it.
  if (!empty($node->private)) {
    $grants = array();
    $grants[] = array(
      'realm' => 'example',
      'gid' => 1,
      'grant_view' => 1,
      'grant_update' => 1,
      'grant_delete' => 0,
      'priority' => 0,
    );

    // For the example_author array, the GID is equivalent to a UID, which
    // means there are many many groups of just 1 user.
    $grants[] = array(
      'realm' => 'example_author',
      'gid' => $node->uid,
      'grant_view' => 1,
      'grant_update' => 1,
      'grant_delete' => 1,
      'priority' => 0,
    );
    return $grants;
  }
}

/**
 * Implementation of hook_form_alter()
 *
 * This module adds a simple checkbox to the node form labeled private. If the
 * checkbox is checked, only the node author and users with 'access private content'
 * privileges may see it.
 */
function node_access_example_form_alter(&$form, &$form_state, $form_id) {
  if ($form['#id'] == 'node-form') {
    $form['private'] = array(
      '#type' => 'checkbox',
      '#title' => t('Private'),
      '#description' => t('Check here if this content should be set private and only shown to privileged users.'),
      '#default_value' => isset($form['#node']->private) ? $form['#node']->private : FALSE,
    );
  }
}

/**
 * Implementation of hook_node_load().
 */

function node_access_example_node_load($nodes, $types) {
  $result = db_query('SELECT nid, private FROM {node_access_example} WHERE nid IN (:nids)', array(':nids' => array_keys($nodes)));
  foreach ($result as $record) {
    $nodes[$record->nid]->private = $record->private;
  }
}

/**
 * Implementation of hook_node_delete().
 *
 * The module must track the access status of the node.
 */

function node_access_example_node_delete($node) {
  db_delete('node_access_example')->condition('nid', $node->nid)->execute();
}

/**
 * Implementation of hook_node_insert().
 *
 * The module must track the access status of the node.
 */
function node_access_example_node_insert($node) {
  if (isset($node->private)) {
    db_insert('node_access_example')->fields(array('nid' => $node->nid, 'private' => (int)$node->private))->execute();
  }
}

/**
 * Implementation of hook_node_update().
 *
 * The module must track the access status of the node.
 */
function node_access_example_node_update($node) {
  db_query('UPDATE {node_access_example} SET private = %d WHERE nid = %d', $node->private, $node->nid);
}

/**
 * Implementation of hook_node_access_explain().
 * 
 * hook_node_access_explain() is defined in devel_node_access.module, which
 * will help you and your users to figure out how node access works.
 * 
 * The explanations are purposely not translatable to allow getting support on
 * drupal.org.
 */
function node_access_example_node_access_explain($row) {
  switch ($row->realm) {
    case 'example':
      return array('Users with <i>access private content</i> (<i>' . (user_access('access private content')? 'yes' : 'no') . '</i>) may view and users with <i>edit private content</i> (<i>' . (user_access('edit private content')? 'yes' : 'no') . '</i>) may edit this node.');
      break;
    case 'example_author':
      return array("Full access for the author, user <i>$row->gid</i>.");
      break;
  }
}
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.