Same name and namespace in other branches
- 4.6.x modules/node.module \node_access()
- 4.7.x modules/node.module \node_access()
- 6.x modules/node/node.module \node_access()
- 7.x modules/node/node.module \node_access()
Determine whether the current user may perform the given operation on the specified node.
Parameters
$op: The operation to be performed on the node. Possible values are:
- "view"
- "update"
- "delete"
- "create"
$node: The node object (or node array) on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.
Return value
TRUE if the operation may be performed.
Related topics
1 call to node_access()
- node_menu in modules/
node/ node.module - Implementation of hook_menu().
1 string reference to 'node_access'
- system_update_169 in modules/
system/ system.install
File
- modules/
node/ node.module, line 2752 - The core that allows content to be submitted to the site. Modules and scripts may programmatically submit nodes using the usual form API pattern.
Code
function node_access($op, $node = NULL) {
global $user;
if (!$node || !in_array($op, array(
'view',
'update',
'delete',
'create',
), TRUE)) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// Convert the node to an object if necessary:
if ($op != 'create') {
$node = (object) $node;
}
// If the node is in a restricted format, disallow editing.
if ($op == 'update' && !filter_access($node->format)) {
return FALSE;
}
if (user_access('administer nodes')) {
return TRUE;
}
if (!user_access('access content')) {
return FALSE;
}
// Can't use node_invoke(), because the access hook takes the $op parameter
// before the $node parameter.
$module = node_get_types('module', $node);
if ($module == 'node') {
$module = 'node_content';
// Avoid function name collisions.
}
$access = module_invoke($module, 'access', $op, $node);
if (!is_null($access)) {
return $access;
}
// If the module did not override the access rights, use those set in the
// node_access table.
if ($op != 'create' && $node->nid && $node->status) {
$grants = array();
foreach (node_access_grants($op) as $realm => $gids) {
foreach ($gids as $gid) {
$grants[] = "(gid = {$gid} AND realm = '{$realm}')";
}
}
$grants_sql = '';
if (count($grants)) {
$grants_sql = 'AND (' . implode(' OR ', $grants) . ')';
}
$sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) {$grants_sql} AND grant_{$op} >= 1";
$result = db_query($sql, $node->nid);
return db_result($result);
}
// Let authors view their own nodes.
if ($op == 'view' && $user->uid == $node->uid && $user->uid != 0) {
return TRUE;
}
return FALSE;
}