node_access_example.module

You are here

  1. 4.6 developer/examples/node_access_example.module
  2. 4.7 developer/examples/node_access_example.module
  3. 5 developer/examples/node_access_example.module

This is an example illustrating how to restrict access to nodes based on some criterion associated with the user.

This example module will simply set a single flag on a node: 'private'. If the flag is set, only users with the 'view private content' flag can see the node, and all users with 'edit private content' can edit (but not delete) the node.

Additionally we will ensure that the node author can always view, edit, and delete the node by providing an additional access realm that grants privileges to the node's author.

Database definition:

  CREATE TABLE node_access_example (
    nid int(10) unsigned NOT NULL default '0' PRIMARY KEY,
    private int,
    KEY `node_example_nid` (nid)
  )

Functions

Namesort descending Description
node_access_example_disabling Simple function to make sure we don't respond with grants when disabling ourselves.
node_access_example_form_alter Implementation of hook_form_alter()
node_access_example_help Implementation of hook_help().
node_access_example_nodeapi Implementation of hook_nodeapi().
node_access_example_node_access_records Implementation of hook_node_access_records().
node_access_example_node_grants Implementation of hook_node_grants().
node_access_example_perm Implementation of hook_perm().

File

developer/examples/node_access_example.module
View source
  1. /**
  2. * @file
  3. * This is an example illustrating how to restrict access to nodes based on
  4. * some criterion associated with the user.
  5. *
  6. * This example module will simply set a single flag on a node: 'private'. If
  7. * the flag is set, only users with the 'view private content' flag can see
  8. * the node, and all users with 'edit private content' can edit (but not
  9. * delete) the node.
  10. *
  11. * Additionally we will ensure that the node author can always view, edit,
  12. * and delete the node by providing an additional access realm that grants
  13. * privileges to the node's author.
  14. *
  15. * Database definition:
  16. * @code
  17. * CREATE TABLE node_access_example (
  18. * nid int(10) unsigned NOT NULL default '0' PRIMARY KEY,
  19. * private int,
  20. * KEY `node_example_nid` (nid)
  21. * )
  22. * @endcode
  23. */
  24. /**
  25. * Implementation of hook_help().
  26. */
  27. function node_access_example_help($section) {
  28. switch ($section) {
  29. case 'admin/modules#description':
  30. return t('An example illustrating how to restrict access to nodes based on some criterion associated with the user.');
  31. }
  32. }
  33. /**
  34. * Simple function to make sure we don't respond with grants when disabling
  35. * ourselves.
  36. */
  37. function node_access_example_disabling($set = NULL) {
  38. static $disabling = false;
  39. if ($set !== NULL) {
  40. $disabling = $set;
  41. }
  42. return $disabling;
  43. }
  44. /**
  45. * Implementation of hook_perm().
  46. *
  47. * In this example, we will use a simple permission to determine whether a user
  48. * has access to "private" content. This permission is defined here.
  49. */
  50. function node_access_example_perm() {
  51. return array('access private content', 'edit private content');
  52. }
  53. /**
  54. * Implementation of hook_node_grants().
  55. *
  56. * Tell the node access system what GIDs the user belongs to for each realm.
  57. * In this example, we are providing two realms: the example realm, which
  58. * has just one group id (1) and the user is either a member or not depending
  59. * upon the operation and the access permission set.
  60. *
  61. * We are also setting up a realm for the node author, though, to give it
  62. * special privileges. That has 1 GID for every UID, and each user is
  63. * automatically a member of the group where GID == UID.
  64. *
  65. */
  66. function node_access_example_node_grants($account, $op) {
  67. if ($op == 'view' && user_access('access private content', $account)) {
  68. $grants['example'] = array(1);
  69. }
  70. if (($op == 'update' || $op == 'delete') && user_access('edit private content', $account)) {
  71. $grants['example'] = array(1);
  72. }
  73. $grants['example_author'] = array($account->uid);
  74. return $grants;
  75. }
  76. /**
  77. * Implementation of hook_node_access_records().
  78. *
  79. * All node access modules must implement this hook. If the module is
  80. * interested in the privacy of the node passed in, return a list
  81. * of node access values for each grant ID we offer. Since this
  82. * example module only offers 1 grant ID, we will only ever be
  83. * returning one record.
  84. */
  85. function node_access_example_node_access_records($node) {
  86. if (node_access_example_disabling()) {
  87. return;
  88. }
  89. // We only care about the node if it's been marked private. If not, it is
  90. // treated just like any other node and we completely ignore it.
  91. if ($node->private) {
  92. $grants = array();
  93. $grants[] = array(
  94. 'realm' => 'example',
  95. 'gid' => TRUE,
  96. 'grant_view' => TRUE,
  97. 'grant_update' => FALSE,
  98. 'grant_delete' => FALSE,
  99. 'priority' => 0,
  100. );
  101. // For the example_author array, the GID is equivalent to a UID, which
  102. // means there are many many groups of just 1 user.
  103. $grants[] = array(
  104. 'realm' => 'example_author',
  105. 'gid' => $node->uid,
  106. 'grant_view' => TRUE,
  107. 'grant_update' => TRUE,
  108. 'grant_delete' => TRUE,
  109. 'priority' => 0,
  110. );
  111. return $grants;
  112. }
  113. }
  114. /**
  115. * Implementation of hook_form_alter()
  116. *
  117. * This module adds a simple checkbox to the node form labeled private. If the
  118. * checkbox is labelled, only the node author and users with 'access private content'
  119. * privileges may see it.
  120. */
  121. function node_access_example_form_alter($form_id, &$form) {
  122. if ($form['#id'] == 'node-form') {
  123. $form['private'] = array(
  124. '#type' => 'checkbox',
  125. '#title' => t('Private'),
  126. '#description' => t('Check here if this content should be set private and only shown to privileged users.'),
  127. '#default_value' => $form['#node']->private,
  128. );
  129. }
  130. }
  131. /**
  132. * Implementation of hook_nodeapi().
  133. *
  134. * - "delete", "insert", and "update":
  135. * The module must track the access status of the node.
  136. */
  137. function node_access_example_nodeapi(&$node, $op, $arg = 0) {
  138. switch ($op) {
  139. case 'load':
  140. $result = db_fetch_object(db_query('SELECT * FROM {node_access_example} WHERE nid = %d', $node->nid));
  141. $node->private = $result->private;
  142. break;
  143. case 'delete':
  144. db_query('DELETE FROM {node_access_example} WHERE nid = %d', $node->nid);
  145. break;
  146. case 'insert':
  147. db_query('INSERT INTO {node_access_example} (nid, private) VALUES (%d, %d)', $node->nid, $node->private);
  148. break;
  149. case 'update':
  150. db_query('UPDATE {node_access_example} SET private = %d WHERE nid = %d', $node->private, $node->nid);
  151. break;
  152. }
  153. }

Comments

Really helpful post that helped me understand how this functions work together - http://drupal.org/node/689458#comment-2497228