node_access

drupal
1. drupal6
2. drupal7

Versionen
drupal6 – drupal7	`node_access($op, $node, $account = NULL)`

Determine whether the current user may perform the given operation on the specified node.

Übergabeparameter

$op The operation to be performed on the node. Possible values are:

"view"
"update"
"delete"
"create"

$node The node object (or node array) on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.

$account Optional, a user object representing the user for whom the operation is to be performed. Determines access for a user other than the current user.

Rückgabewert

TRUE if the operation may be performed.

▸ 15 functions call node_access()

▾ 15 functions call node_access()

blogapi_blogger_edit_post in modules/blogapi/blogapi.module: Blogging API callback. Modifies the specified blog node.
blogapi_blogger_new_post in modules/blogapi/blogapi.module: Blogging API callback. Inserts a new blog post as a node.
blogapi_mt_publish_post in modules/blogapi/blogapi.module: Blogging API callback. Publishes the given node.
book_node_view_link in modules/book/book.module: Inject links into $node as needed.
node_add in modules/node/node.pages.inc: Present a node submission form or a set of links to such forms.
node_form in modules/node/node.pages.inc: Generate the node add/edit form array.
node_preview in modules/node/node.pages.inc: Generate a node preview.
node_revision_overview in modules/node/node.pages.inc: Generate an overview table of older revisions of a node.
template_preprocess_forums in modules/forum/forum.module: Process variables for forums.tpl.php
translation_node_overview in modules/translation/translation.pages.inc: Overview page for a node's translations.
upload_file_download in modules/upload/upload.module: Implementation of hook_file_download().
_blogapi_get_node_types in modules/blogapi/blogapi.module
_book_outline_access in modules/book/book.module: Menu item access callback - determine if the outline tab is accessible.
_node_add_access in modules/node/node.module
_node_revision_access in modules/node/node.module

Code

modules/node/node.module, line 2390

<?php
function node_access($op, $node, $account = NULL) {
  global $user;

  if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
    // If there was no node to check against, or the $op was not one of the
    // supported ones, we return access denied.
    return FALSE;
  }
  // Convert the node to an object if necessary:
  if ($op != 'create') {
    $node = (object) $node;
  }
  // If no user object is supplied, the access check is for the current user.
  if (empty($account)) {
    $account = $user;
  }
  // If the node is in a restricted format, disallow editing.
  if ($op == 'update' && !filter_access($node->format)) {
    return FALSE;
  }

  if (user_access('bypass node access', $account)) {
    return TRUE;
  }

  if (!user_access('access content', $account)) {
    return FALSE;
  }

  // Can't use node_invoke('access', $node), because the access hook takes the
  // $op parameter before the $node parameter.
  $base = node_get_types('base', $node);
  $access = module_invoke($base, 'access', $op, $node, $account);
  if (!is_null($access)) {
    return $access;
  }

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($op != 'create' && $node->nid && $node->status) {
    $query = db_select('node_access');
    $query->addExpression('COUNT(*)');
    $query
      ->condition(db_or()
        ->condition('nid', 0)
        ->condition('nid', $node->nid)
      )
      ->condition('grant_' . $op, 1, '>=');

    $grants = db_or();
    foreach (node_access_grants($op, $account) as $realm => $gids) {
      foreach ($gids as $gid) {
        $grants->condition(db_and()
          ->condition('gid', $gid)
          ->condition('realm', $realm)
        );
      }
    }
    if (count($grants) > 0 ) {
      $query->condition($grants);
    }
    return $query
      ->execute()
      ->fetchField();
  }

  // Let authors view their own nodes.
  if ($op == 'view' && $account->uid == $node->uid && $account->uid != 0) {
    return TRUE;
  }

  return FALSE;
}
?>

DrupalAPI.de

API Seiten

drupal7 durchsuchen

Nützliche Verweise