function nodeaccess_edit_access in Nodeaccess 6

Prevent anonymous users from edit/delete access via node->uid = 0 flaw.

1 string reference to 'nodeaccess_edit_access'

nodeaccess_menu_alter in ./nodeaccess.module

Implementation of hook_menu_alter().

File

./nodeaccess.module, line 57

Code

function nodeaccess_edit_access($op, $node) {
  global $user;

  // If the node belongs to a deleted user.
  if ($user->uid == 0 && $node->uid == 0) {

    // We check if the role has specified update/delete access to this node.
    $grants = _nodeaccess_get_grants($node);
    if ($grants['rid'][1]['grant_update'] && $op == 'update' || $grants['rid'][1]['grant_delete'] && $op == 'delete') {
      return TRUE;
    }

    // Otherwise, ignore the fact that anonymous is now faux-"author".
    return FALSE;
  }

  // If check has passed, call the standard node_access for update/delete $op.
  return node_access($op, $node);
}