function nodeaccess_edit_access in Nodeaccess 6
Prevent anonymous users from edit/delete access via node->uid = 0 flaw.
1 string reference to 'nodeaccess_edit_access'
- nodeaccess_menu_alter in ./
nodeaccess.module - Implementation of hook_menu_alter().
File
- ./
nodeaccess.module, line 57
Code
function nodeaccess_edit_access($op, $node) {
global $user;
// If the node belongs to a deleted user.
if ($user->uid == 0 && $node->uid == 0) {
// We check if the role has specified update/delete access to this node.
$grants = _nodeaccess_get_grants($node);
if ($grants['rid'][1]['grant_update'] && $op == 'update' || $grants['rid'][1]['grant_delete'] && $op == 'delete') {
return TRUE;
}
// Otherwise, ignore the fact that anonymous is now faux-"author".
return FALSE;
}
// If check has passed, call the standard node_access for update/delete $op.
return node_access($op, $node);
}