Same name and namespace in other branches
  1. 4.6.x developer/hooks/core.php \hook_node_grants()
  2. 4.7.x developer/hooks/core.php \hook_node_grants()
  3. 5.x developer/hooks/core.php \hook_node_grants()
  4. 6.x developer/hooks/core.php \hook_node_grants()
  5. 7.x modules/node/node.api.php \hook_node_grants()
  6. 8.9.x core/modules/node/node.api.php \hook_node_grants()
  7. 9 core/modules/node/node.api.php \hook_node_grants()

Inform the node access system what permissions the user has.

This hook is for implementation by node access modules. In this hook, the module grants a user different "grant IDs" within one or more "realms". In hook_node_access_records(), the realms and grant IDs are associated with permission to view, edit, and delete individual nodes.

Grant IDs can be arbitrarily defined by a node access module using a list of integer IDs associated with users.

A node access module may implement as many realms as necessary to properly define the access privileges for the nodes. Note that the system makes no distinction between published and unpublished nodes. It is the module's responsibility to provide appropriate realms to limit access to unpublished content.

Node access records are stored in the {node_access} table and define which grants are required to access a node. There is a special case for the view operation -- a record with node ID 0 corresponds to a "view all" grant for the realm and grant ID of that record. If there are no node access modules enabled, the core node module adds a node ID 0 record for realm 'all'. Node access modules can also grant "view all" permission on their custom realms; for example, a module could create a record in {node_access} with:

$record = array(
  'nid' => 0,
  'gid' => 888,
  'realm' => 'example_realm',
  'grant_view' => 1,
  'grant_update' => 0,
  'grant_delete' => 0,
);
\Drupal::database()
  ->insert('node_access')
  ->fields($record)
  ->execute();

And then in its hook_node_grants() implementation, it would need to return:

if ($op == 'view') {
  $grants['example_realm'] = array(
    888,
  );
}

If you decide to do this, be aware that the node_access_rebuild() function will erase any node ID 0 entry when it is called, so you will need to make sure to restore your {node_access} record after node_access_rebuild() is called.

Parameters

\Drupal\Core\Session\AccountInterface $account: The account object whose grants are requested.

string $operation: The node operation to be performed, such as 'view', 'update', or 'delete'.

Return value

array An array whose keys are "realms" of grants, and whose values are arrays of the grant IDs within this realm that this user is being granted.

See also

node_access_view_all_nodes()

node_access_rebuild()

Related topics

5 functions implement hook_node_grants()

Note: this list is generated by pattern matching, so it may include some functions that are not actually implementations of this hook.

node_access_test_empty_node_grants in core/modules/node/tests/modules/node_access_test_empty/node_access_test_empty.module
Implements hook_node_grants().
node_access_test_language_node_grants in core/modules/node/tests/modules/node_access_test_language/node_access_test_language.module
Implements hook_node_grants().
node_access_test_node_grants in core/modules/node/tests/modules/node_access_test/node_access_test.module
Implements hook_node_grants().
node_test_node_grants in core/modules/node/tests/modules/node_test/node_test.module
Implements hook_node_grants().
path_test_node_grants_node_grants in core/modules/path/tests/modules/path_test_node_grants/path_test_node_grants.module
Implements hook_node_grants().
1 invocation of hook_node_grants()
node_access_grants in core/modules/node/node.module
Fetches an array of permission IDs granted to the given user ID.

File

core/modules/node/node.api.php, line 76
Hooks specific to the Node module.

Code

function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $operation) {
  if ($account
    ->hasPermission('access private content')) {
    $grants['example'] = [
      1,
    ];
  }
  if ($account
    ->id()) {
    $grants['example_author'] = [
      $account
        ->id(),
    ];
  }
  return $grants;
}