function node_access
7.x node.module | node_access($op, $node, $account = NULL) |
6.x node.module | node_access($op, $node, $account = NULL) |
Determine whether the current user may perform the given operation on the specified node.
Parameters
$op: The operation to be performed on the node. Possible values are:
- "view"
- "update"
- "delete"
- "create"
$node: The node object (or node array) on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.
$account: Optional, a user object representing the user for whom the operation is to be performed. Determines access for a user other than the current user.
Return value
TRUE if the operation may be performed, or FALSE otherwise.
Related topics
19 calls to node_access()
- blogapi_blogger_edit_post in drupal-6.x/
modules/ blogapi/ blogapi.module - Blogging API callback. Modifies the specified blog node.
- blogapi_blogger_new_post in drupal-6.x/
modules/ blogapi/ blogapi.module - Blogging API callback. Inserts a new blog post as a node.
- blogapi_mt_publish_post in drupal-6.x/
modules/ blogapi/ blogapi.module - Blogging API callback. Publishes the given node
- book_export in drupal-6.x/
modules/ book/ book.pages.inc - Menu callback; Generates various representation of a book page and its children.
- book_link in drupal-6.x/
modules/ book/ book.module - Implementation of hook_link().
3 string references to 'node_access'
- comment_menu in drupal-6.x/
modules/ comment/ comment.module - Implementation of hook_menu().
- node_menu in drupal-6.x/
modules/ node/ node.module - Implementation of hook_menu().
- node_schema in drupal-6.x/
modules/ node/ node.install - Implementation of hook_schema().
File
- drupal-6.x/
modules/ node/ node.module, line 2018 - The core that allows content to be submitted to the site. Modules and scripts may programmatically submit nodes using the usual form API pattern.
Code
function node_access($op, $node, $account = NULL) {
global $user;
if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// Convert the node to an object if necessary:
if ($op != 'create') {
$node = (object) $node;
}
// If no user object is supplied, the access check is for the current user.
if (empty($account)) {
$account = $user;
}
// If the node is in a restricted format, disallow editing.
if ($op == 'update' && !filter_access($node->format)) {
return FALSE;
}
if (user_access('administer nodes', $account)) {
return TRUE;
}
if (!user_access('access content', $account)) {
return FALSE;
}
// Can't use node_invoke(), because the access hook takes the $op parameter
// before the $node parameter.
$module = node_get_types('module', $node);
if ($module == 'node') {
$module = 'node_content'; // Avoid function name collisions.
}
$access = module_invoke($module, 'access', $op, $node, $account);
if (!is_null($access)) {
return $access;
}
// If the module did not override the access rights, use those set in the
// node_access table.
if ($op != 'create' && $node->nid && $node->status) {
$grants = array();
foreach (node_access_grants($op, $account) as $realm => $gids) {
foreach ($gids as $gid) {
$grants[] = "(gid = $gid AND realm = '$realm')";
}
}
$grants_sql = '';
if (count($grants)) {
$grants_sql = 'AND (' . implode(' OR ', $grants) . ')';
}
$sql = "SELECT 1 FROM {node_access} WHERE (nid = 0 OR nid = %d) $grants_sql AND grant_$op >= 1";
$result = db_query_range($sql, $node->nid, 0, 1);
return (bool) db_result($result);
}
// Let authors view their own nodes.
if ($op == 'view' && $account->uid == $node->uid && $account->uid != 0) {
return TRUE;
}
return FALSE;
}