function node_access

Determine whether the current user may perform the given operation on the specified node.

Parameters

$op: The operation to be performed on the node. Possible values are:

• "view"
• "update"
• "delete"
• "create"

$node: The node object (or node array) on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.

$uid: The user ID on which the operation is to be performed.

Return value

TRUE if the operation may be performed.

Related topics

File

modules/node.module, line 2374

The core that allows content to be submitted to the site.

Code

function node_access($op, $node = NULL, $uid = NULL) {

  // Convert the node to an object if necessary:
  if ($op != 'create') {
    $node = (object) $node;
  }

  // If the node is in a restricted format, disallow editing.
  if ($op == 'update' && !filter_access($node->format)) {
    return FALSE;
  }
  if (user_access('administer nodes')) {
    return TRUE;
  }
  if (!user_access('access content')) {
    return FALSE;
  }

  // Can't use node_invoke(), because the access hook takes the $op parameter
  // before the $node parameter.
  $access = module_invoke(node_get_base($node), 'access', $op, $node);
  if (!is_null($access)) {
    return $access;
  }

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($op != 'create' && $node->nid && $node->status) {
    $grants = array();
    foreach (node_access_grants($op, $uid) as $realm => $gids) {
      foreach ($gids as $gid) {
        $grants[] = "(gid = {$gid} AND realm = '{$realm}')";
      }
    }
    $grants_sql = '';
    if (count($grants)) {
      $grants_sql = 'AND (' . implode(' OR ', $grants) . ')';
    }
    $sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) {$grants_sql} AND grant_{$op} >= 1";
    $result = db_query($sql, $node->nid);
    return db_result($result);
  }
  return FALSE;
}