You are here

Home » API reference » Module Grants 7 » module_grants.node.inc

function _module_grants_node_access in Module Grants 7

Copied from node_access(), with everything before module_invoke_all('node_access') removed (since our override occurs during module_invoke_all('node_access')). Other changes include: 1. Commented out the $rights caching code, we shouldn't need cache here since node_access() is already doing the caching 2. Replace OR query of module grants with a call to module_grants_get_node_access_result()

1 call to _module_grants_node_access()
module_grants_node_access in ./module_grants.module
Implement hook_node_access() to override default node_access() logic, we have ensured this hook will be the last one to be called, it will not return NODE_ACCESS_IGNORE, thus effectively skipped all the logic in node_access() after line 3032

File

./module_grants.node.inc, line 17
This file contains methods copied from node.module and modified to allow ANDing of grants, which is handled a function call to module_grants_apply_node_access_grants_condition

Code

function _module_grants_node_access($op, $node, $account = NULL) {

  // We grant access to the node if both of the following conditions are met:
  // - No modules say to deny access.
  // - At least one module says to grant access.
  // If no module specified either allow or deny, we fall back to the
  // node_access table.

  //$access = module_invoke_all('node_access', $node, $op, $account);
  $access = module_grants_invoke_node_access($node, $op, $account);
  if (in_array(NODE_ACCESS_DENY, $access, TRUE)) {

    //$rights[$account->uid][$cid][$op] = FALSE;
    return FALSE;
  }
  elseif (in_array(NODE_ACCESS_ALLOW, $access, TRUE)) {

    //$rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }

  // Check if authors can view their own unpublished nodes.
  if ($op == 'view' && !$node->status && user_access('view own unpublished content', $account) && $account->uid == $node->uid && $account->uid != 0) {

    //$rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($op != 'create' && $node->nid) {
    if (module_implements('node_grants')) {
      if (module_grants_is_disabled()) {

        // if disabled, use the old logic from node.module
        $query = db_select('node_access');
        $query
          ->addExpression('1');
        $query
          ->condition('grant_' . $op, 1, '>=');
        $nids = db_or()
          ->condition('nid', $node->nid);
        if ($node->status) {
          $nids
            ->condition('nid', 0);
        }
        $query
          ->condition($nids);
        $query
          ->range(0, 1);
        $grants = db_or();
        foreach (node_access_grants($op, $account) as $realm => $gids) {
          foreach ($gids as $gid) {
            $grants
              ->condition(db_and()
              ->condition('gid', $gid)
              ->condition('realm', $realm));
          }
        }
        if (count($grants) > 0) {
          $query
            ->condition($grants);
        }
        $result = (bool) $query
          ->execute()
          ->fetchField();

        //$rights[$account->uid][$cid][$op] = $result;
      }
      else {
        $result = module_grants_get_node_access_result($node, $op, $account);
      }
      return $result;
    }
    elseif (is_object($node) && $op == 'view' && $node->status) {

      // If no modules implement hook_node_grants(), the default behavior is to
      // allow all users to view published nodes, so reflect that here.

      //$rights[$account->uid][$cid][$op] = TRUE;
      return TRUE;
    }
  }
  return FALSE;
}