4.6 node.module node_access($op, $node = NULL, $uid = NULL)
4.7 node.module node_access($op, $node = NULL, $uid = NULL)
5 node.module node_access($op, $node = NULL)
6 node.module node_access($op, $node, $account = NULL)
7 node.module node_access($op, $node, $account = NULL)

Determine whether the current user may perform the given operation on the specified node.


$op: The operation to be performed on the node. Possible values are:

  • "view"
  • "update"
  • "delete"

$node: The node object (or node array) on which the operation is to be performed.

$uid: The user ID on which the operation is to be performed.

Return value

TRUE if the operation may be performed.

Related topics

13 calls to node_access()
blogapi_blogger_edit_post in modules/blogapi.module
Blogging API callback. Modifies the specified blog node.
blogapi_blogger_new_post in modules/blogapi.module
Blogging API callback. Inserts a new blog post as a node.
blogap_mti_publish_post in modules/blogapi.module
Blogging API callback. Publishes the given node
comment_menu in modules/comment.module
Implementation of hook_menu().
node_add in modules/node.module
Present a node submission form or a set of links to such forms.

... See full list


modules/node.module, line 1870
The core that allows content to be submitted to the site.


function node_access($op, $node = NULL, $uid = NULL) {
  // Convert the node to an object if necessary:
  $node = array2object($node);

  // If the node is in a restricted format, disallow editing.
  if ($op == 'update' && !filter_access($node->format)) {
    return FALSE;

  if (user_access('administer nodes')) {
    return TRUE;

  if (!user_access('access content')) {
    return FALSE;

  // Can't use node_invoke(), because the access hook takes the $op parameter
  // before the $node parameter.
  $access = module_invoke(node_get_module_name($node), 'access', $op, $node);
  if (!is_null($access)) {
    return $access;

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($node->nid && $node->status) {
    $sql = 'SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) AND CONCAT(realm, gid) IN (';
    $grants = array();
    foreach (node_access_grants($op, $uid) as $realm => $gids) {
      foreach ($gids as $gid) {
        $grants[] = "'" . $realm . $gid . "'";
    $sql .= implode(',', $grants) . ') AND grant_' . $op . ' = 1';
    $result = db_query($sql, $node->nid);
    return (db_result($result));
  return FALSE;