developer/examples/node_access_example.module

<?php
// $Id: node_access_example.module,v 1.17 2009/10/13 21:19:18 salvis Exp $

/**
 * @file
 * This is an example illustrating how to restrict access to nodes based on
 * some criterion associated with the user.
 *
 * This example module will simply set a single flag on a node: 'private'. If
 * the flag is set, only users with the 'view private content' flag can see
 * the node, and all users with 'edit private content' can edit (but not
 * delete) the node.
 *
 * Additionally we will ensure that the node author can always view, edit,
 * and delete the node by providing an additional access realm that grants
 * privileges to the node's author.
 *
 */

/**
 * Implementation of hook_permission().
 *
 * In this example, we will use a simple permission to determine whether a user
 * has access to "private" content. This permission is defined here.
 */
function node_access_example_permission() {
  return array(
    'access private content' => array(
      'title' => t('Access private content'),
      'description' => t('May view posts that are marked private.'),
    ),
    'edit private content' => array(
      'title' => t('Edit private content'),
      'description' => t('May edit posts that are marked private.'),
    ),
  );
}

/**
 * Implementation of hook_node_grants().
 *
 * Tell the node access system what GIDs the user belongs to for each realm.
 * In this example, we are providing two realms: the example realm, which
 * has just one group id (1) and the user is either a member or not depending
 * upon the operation and the access permission set.
 *
 * We are also setting up a realm for the node author, though, to give it
 * special privileges. That has 1 GID for every UID, and each user is
 * automatically a member of the group where GID == UID.
 *
 */
function node_access_example_node_grants($account, $op) {
  if ($op == 'view' && user_access('access private content', $account)) {
    $grants['example'] = array(1);
  }

  if (($op == 'update' || $op == 'delete') && user_access('edit private content', $account)) {
    $grants['example'] = array(1);
  }

  $grants['example_author'] = array($account->uid);
  return $grants;
}

/**
 * Implementation of hook_node_access_records().
 *
 * All node access modules must implement this hook. If the module is
 * interested in the privacy of the node passed in, return a list of
 * node access values for each realm and grant ID we offer.
 */
function node_access_example_node_access_records($node) {
  // We only care about the node if it's been marked private. If not, it is
  // treated just like any other node and we completely ignore it.
  if (!empty($node->private)) {
    $grants = array();
    $grants[] = array(
      'realm' => 'example',
      'gid' => 1,
      'grant_view' => 1,
      'grant_update' => 1,
      'grant_delete' => 0,
      'priority' => 0,
    );

    // For the example_author array, the GID is equivalent to a UID, which
    // means there are many many groups of just 1 user.
    $grants[] = array(
      'realm' => 'example_author',
      'gid' => $node->uid,
      'grant_view' => 1,
      'grant_update' => 1,
      'grant_delete' => 1,
      'priority' => 0,
    );
    return $grants;
  }
}

/**
 * Implementation of hook_form_alter()
 *
 * This module adds a simple checkbox to the node form labeled private. If the
 * checkbox is checked, only the node author and users with 'access private content'
 * privileges may see it.
 */
function node_access_example_form_alter(&$form, &$form_state, $form_id) {
  if ($form['#id'] == 'node-form') {
    $form['private'] = array(
      '#type' => 'checkbox',
      '#title' => t('Private'),
      '#description' => t('Check here if this content should be set private and only shown to privileged users.'),
      '#default_value' => isset($form['#node']->private) ? $form['#node']->private : FALSE,
    );
  }
}

/**
 * Implementation of hook_node_load().
 */

function node_access_example_node_load($nodes, $types) {
  $result = db_query('SELECT nid, private FROM {node_access_example} WHERE nid IN (:nids)', array(':nids' => array_keys($nodes)));
  foreach ($result as $record) {
    $nodes[$record->nid]->private = $record->private;
  }
}

/**
 * Implementation of hook_node_delete().
 *
 * The module must track the access status of the node.
 */

function node_access_example_node_delete($node) {
  db_delete('node_access_example')->condition('nid', $node->nid)->execute();
}

/**
 * Implementation of hook_node_insert().
 *
 * The module must track the access status of the node.
 */
function node_access_example_node_insert($node) {
  if (isset($node->private)) {
    db_insert('node_access_example')->fields(array('nid' => $node->nid, 'private' => (int)$node->private))->execute();
  }
}

/**
 * Implementation of hook_node_update().
 *
 * The module must track the access status of the node.
 */
function node_access_example_node_update($node) {
  db_query('UPDATE {node_access_example} SET private = %d WHERE nid = %d', $node->private, $node->nid);
}

/**
 * Implementation of hook_node_access_explain().
 * 
 * hook_node_access_explain() is defined in devel_node_access.module, which
 * will help you and your users to figure out how node access works.
 * 
 * The explanations are purposely not translatable to allow getting support on
 * drupal.org.
 */
function node_access_example_node_access_explain($row) {
  switch ($row->realm) {
    case 'example':
      return array('Users with <i>access private content</i> (<i>' . (user_access('access private content')? 'yes' : 'no') . '</i>) may view and users with <i>edit private content</i> (<i>' . (user_access('edit private content')? 'yes' : 'no') . '</i>) may edit this node.');
      break;
    case 'example_author':
      return array("Full access for the author, user <i>$row->gid</i>.");
      break;
  }
}
1	<?php
2	// $Id: node_access_example.module,v 1.17 2009/10/13 21:19:18 salvis Exp $
3
4	/**
5	* @file
6	* This is an example illustrating how to restrict access to nodes based on
7	* some criterion associated with the user.
8	*
9	* This example module will simply set a single flag on a node: 'private'. If
10	* the flag is set, only users with the 'view private content' flag can see
11	* the node, and all users with 'edit private content' can edit (but not
12	* delete) the node.
13	*
14	* Additionally we will ensure that the node author can always view, edit,
15	* and delete the node by providing an additional access realm that grants
16	* privileges to the node's author.
17	*
18	*/
19
20	/**
21	* Implementation of hook_permission().
22	*
23	* In this example, we will use a simple permission to determine whether a user
24	* has access to "private" content. This permission is defined here.
25	*/
26	function node_access_example_permission() {
27	return array(
28	'access private content' => array(
29	'title' => t('Access private content'),
30	'description' => t('May view posts that are marked private.'),
31	),
32	'edit private content' => array(
33	'title' => t('Edit private content'),
34	'description' => t('May edit posts that are marked private.'),
35	),
36	);
37	}
38
39	/**
40	* Implementation of hook_node_grants().
41	*
42	* Tell the node access system what GIDs the user belongs to for each realm.
43	* In this example, we are providing two realms: the example realm, which
44	* has just one group id (1) and the user is either a member or not depending
45	* upon the operation and the access permission set.
46	*
47	* We are also setting up a realm for the node author, though, to give it
48	* special privileges. That has 1 GID for every UID, and each user is
49	* automatically a member of the group where GID == UID.
50	*
51	*/
52	function node_access_example_node_grants($account, $op) {
53	if ($op == 'view' && user_access('access private content', $account)) {
54	$grants['example'] = array(1);
55	}
56
57	if (($op == 'update' \|\| $op == 'delete') && user_access('edit private content', $account)) {
58	$grants['example'] = array(1);
59	}
60
61	$grants['example_author'] = array($account->uid);
62	return $grants;
63	}
64
65	/**
66	* Implementation of hook_node_access_records().
67	*
68	* All node access modules must implement this hook. If the module is
69	* interested in the privacy of the node passed in, return a list of
70	* node access values for each realm and grant ID we offer.
71	*/
72	function node_access_example_node_access_records($node) {
73	// We only care about the node if it's been marked private. If not, it is
74	// treated just like any other node and we completely ignore it.
75	if (!empty($node->private)) {
76	$grants = array();
77	$grants[] = array(
78	'realm' => 'example',
79	'gid' => 1,
80	'grant_view' => 1,
81	'grant_update' => 1,
82	'grant_delete' => 0,
83	'priority' => 0,
84	);
85
86	// For the example_author array, the GID is equivalent to a UID, which
87	// means there are many many groups of just 1 user.
88	$grants[] = array(
89	'realm' => 'example_author',
90	'gid' => $node->uid,
91	'grant_view' => 1,
92	'grant_update' => 1,
93	'grant_delete' => 1,
94	'priority' => 0,
95	);
96	return $grants;
97	}
98	}
99
100	/**
101	* Implementation of hook_form_alter()
102	*
103	* This module adds a simple checkbox to the node form labeled private. If the
104	* checkbox is checked, only the node author and users with 'access private content'
105	* privileges may see it.
106	*/
107	function node_access_example_form_alter(&$form, &$form_state, $form_id) {
108	if ($form['#id'] == 'node-form') {
109	$form['private'] = array(
110	'#type' => 'checkbox',
111	'#title' => t('Private'),
112	'#description' => t('Check here if this content should be set private and only shown to privileged users.'),
113	'#default_value' => isset($form['#node']->private) ? $form['#node']->private : FALSE,
114	);
115	}
116	}
117
118	/**
119	* Implementation of hook_node_load().
120	*/
121
122	function node_access_example_node_load($nodes, $types) {
123	$result = db_query('SELECT nid, private FROM {node_access_example} WHERE nid IN (:nids)', array(':nids' => array_keys($nodes)));
124	foreach ($result as $record) {
125	$nodes[$record->nid]->private = $record->private;
126	}
127	}
128
129	/**
130	* Implementation of hook_node_delete().
131	*
132	* The module must track the access status of the node.
133	*/
134
135	function node_access_example_node_delete($node) {
136	db_delete('node_access_example')->condition('nid', $node->nid)->execute();
137	}
138
139	/**
140	* Implementation of hook_node_insert().
141	*
142	* The module must track the access status of the node.
143	*/
144	function node_access_example_node_insert($node) {
145	if (isset($node->private)) {
146	db_insert('node_access_example')->fields(array('nid' => $node->nid, 'private' => (int)$node->private))->execute();
147	}
148	}
149
150	/**
151	* Implementation of hook_node_update().
152	*
153	* The module must track the access status of the node.
154	*/
155	function node_access_example_node_update($node) {
156	db_query('UPDATE {node_access_example} SET private = %d WHERE nid = %d', $node->private, $node->nid);
157	}
158
159	/**
160	* Implementation of hook_node_access_explain().
161	*
162	* hook_node_access_explain() is defined in devel_node_access.module, which
163	* will help you and your users to figure out how node access works.
164	*
165	* The explanations are purposely not translatable to allow getting support on
166	* drupal.org.
167	*/
168	function node_access_example_node_access_explain($row) {
169	switch ($row->realm) {
170	case 'example':
171	return array('Users with <i>access private content</i> (<i>' . (user_access('access private content')? 'yes' : 'no') . '</i>) may view and users with <i>edit private content</i> (<i>' . (user_access('edit private content')? 'yes' : 'no') . '</i>) may edit this node.');
172	break;
173	case 'example_author':
174	return array("Full access for the author, user <i>$row->gid</i>.");
175	break;
176	}
177	}