Home » API reference » node.module

node_access

Versions
4.6 – 4.7
node_access($op, $node = NULL, $uid = NULL)
5
node_access($op, $node = NULL)
6 – 7
node_access($op, $node, $account = NULL)

Determine whether the current user may perform the given operation on the specified node.

Parameters

$op The operation to be performed on the node. Possible values are:

  • "view"
  • "update"
  • "delete"
  • "create"

$node The node object (or node array) on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.

$uid The user ID on which the operation is to be performed.

Return value

TRUE if the operation may be performed.

Related topics

Node access rights
The node access system determines who can do what to which nodes.

▸ 17 functions call node_access()

▾ 17 functions call node_access()

blogapi_blogger_edit_post in modules/blogapi.module
Blogging API callback. Modifies the specified blog node.
blogapi_blogger_new_post in modules/blogapi.module
Blogging API callback. Inserts a new blog post as a node.
blogap_mti_publish_post in modules/blogapi.module
Blogging API callback. Publishes the given node
comment_menu in modules/comment.module
Implementation of hook_menu().
node_add in modules/node.module
Present a node submission form or a set of links to such forms.
node_delete in modules/node.module
Delete a node.
node_delete_confirm in modules/node.module
Menu callback -- ask for confirmation of node deletion
node_form_array in modules/node.module
Generate the node editing form array.
node_form_submit in modules/node.module
node_menu in modules/node.module
Implementation of hook_menu().
node_preview in modules/node.module
Generate a node preview.
node_revisions in modules/node.module
Menu callback for revisions related activities.
node_revision_delete in modules/node.module
Delete the revision with specified revision number. A "delete revision" nodeapi event is invoked when a revision is deleted.
node_revision_overview in modules/node.module
Generate an overview table of older revisions of a node.
node_revision_revert in modules/node.module
Revert to the revision with the specified revision number. A node and nodeapi "update" event is triggered (via the node_save() call) when a revision is reverted.
upload_file_download in modules/upload.module
_blogapi_get_node_types in modules/blogapi.module

Code

modules/node.module, line 2374

<?php
function node_access($op, $node = NULL, $uid = NULL) {
  // Convert the node to an object if necessary:
  if ($op != 'create') {
    $node = (object)$node;
  }
  // If the node is in a restricted format, disallow editing.
  if ($op == 'update' && !filter_access($node->format)) {
    return FALSE;
  }

  if (user_access('administer nodes')) {
    return TRUE;
  }

  if (!user_access('access content')) {
    return FALSE;
  }

  // Can't use node_invoke(), because the access hook takes the $op parameter
  // before the $node parameter.
  $access = module_invoke(node_get_base($node), 'access', $op, $node);
  if (!is_null($access)) {
    return $access;
  }

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($op != 'create' && $node->nid && $node->status) {
    $grants = array();
    foreach (node_access_grants($op, $uid) as $realm => $gids) {
      foreach ($gids as $gid) {
        $grants[] = "(gid = $gid AND realm = '$realm')";
      }
    }

    $grants_sql = '';
    if (count($grants)) {
      $grants_sql = 'AND ('. implode(' OR ', $grants) .')';
    }

    $sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) $grants_sql AND grant_$op >= 1";
    $result = db_query($sql, $node->nid);
    return (db_result($result));
  }
  return FALSE;
}
?>
Login or register to post comments
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.