function hook_access

You are here

4.6 node.php hook_access($op, $node)
4.7 node.php hook_access($op, $node)
5 node.php hook_access($op, $node)
6 node.php hook_access($op, $node, $account)

Define access restrictions.

This hook allows node modules to limit access to the node types they define.

Parameters

$op: The operation to be performed. Possible values:

  • "create"
  • "delete"
  • "update"
  • "view"

$node: Either a node object or the machine name of the content type on which to perform the access check.

$account: The user object to perform the access check operation on.

Return value

  • TRUE if the operation is to be allowed.
  • FALSE if the operation is to be denied.
  • NULL to not override the settings in the node_access table, or access control modules.

The administrative account (user ID #1) always passes any access check, so this hook is not called in that case. If this hook is not defined for a node type, all access checks will fail, so only the administrator will be able to see content of that type. However, users with the "administer nodes" permission may always view and edit content through the administrative interface.

For a detailed usage example, see node_example.module.

Related topics

19 functions implement hook_access()

Note: this list is generated by pattern matching, so it may include some functions that are not actually implementations of this hook.

$update_free_access in developer/globals.php
Access control for update.php script. Allows the update.php script to be run when not logged in as and administrator.
blog_access in modules/blog/blog.module
Implementation of hook_access().
blog_page_user_access in modules/blog/blog.module
Access callback for user blog pages.
comment_access in modules/comment/comment.module
This is *not* a hook_access() implementation. This function is called to determine whether the current user has access to a particular comment.
DRUPAL_BOOTSTRAP_ACCESS in includes/bootstrap.inc
Fourth bootstrap phase: identify and reject banned hosts.

... See full list

1 invocation of hook_access()
node_access in modules/node/node.module
Determine whether the current user may perform the given operation on the specified node.

File

developer/hooks/node.php, line 160
These hooks are defined by node modules, modules that define a new kind of node.

Code

function hook_access($op, $node, $account) {
  if ($op == 'create') {
    return user_access('create stories', $account);
  }

  if ($op == 'update' || $op == 'delete') {
    if (user_access('edit own stories', $account) && ($account->uid == $node->uid)) {
      return TRUE;
    }
  }
}

Comments

Anyway, this very useful functionality for your modules is still available in D7. (And I hope it will never sweeped out...)
It was just renamed: use hook_node_access, instead.

You can find a reference for this hook here:
hook_node_access($node, $op, $account)

As you can read in node.module:

* Next, all implementations of hook_node_access() will be called. Each
* implementation may explicitly allow, explicitly deny, or ignore the access
* request. If at least one module says to deny the request, it will be rejected.
* If no modules deny the request and at least one says to allow it, the request
* will be permitted.

Differently from hook_access(), hook_node_access() (defined in Drupal 7) can be implemented from a module to alter the access to any node, even for the content types it doesn't define.

It should be noted that hook_access is only called if your module declares a node type. If you're using CCK you can't use this hook.

For D6 (if your module does not declare a node type otherwise you can use hook_access). You can use hook_nodeapi instead. Example below will hide NODETYPE from anonymous users if they attempt to view it.

<?php
//Block anon users from viewing NODETYPE
function YOURMODULE_nodeapi (&$node, $op){
    if(
$node->type == 'NODETYPE' and $op == 'view'){
        if(
user_is_anonymous()){
           
drupal_access_denied();
        }
    }
}

?>