Drupal node access system & AUL 7.x.-2.x. Topic was presented at Drupal-Austria Vienna Meetup May 2014. http://www.meetup.com/Drupal-Austria/events/181216712/

1. Drupal Node Access
System
AUL 7.x.-2.x
Alex Milkovskyi

2. About me: Oleksandr(Alex) Milkovskyi
Drupal Developer
& Student at FH Technikum Wien
● Met Drupal in January 2010
● 2010-2012: Drupal Frontend Developer,
Themer, Sitebuilder
● 2012-2014: Drupal Backend Developer
● https://drupal.org/user/1761220 a.
milkovsky

3. Drupal Node Access System
● hook_node_access
● hook_node_access_records
● hook_node_grants
● hook_query_TAG_alter
Only node entities will be covered in this
presentation

4. Why not hook_node_access
function mymodule_node_access($node, $op, $account) {
return NODE_ACCESS_DENY;
}
Possible options:
● NODE_ACCESS_ALLOW
● NODE_ACCESS_DENY
● NODE_ACCESS_IGNORE
Disadvantages: ignored by Views, Menus, and other content queries

5. Better use Locks & Keys
● hook_node_access_records Locks
● hook_node_grants Keys
“
● Each lock Realm (color) must be opened
to access the node.
● Only one ID (serial number) within the Realm needs
to be unlocked to open that entire Realm.
”

6. hook_node_access_records($node)
if ($node->private) {
$grants[] = array(
'realm' => 'example',
'gid' => 1,
'grant_view' => 1,
'grant_update' => 0,
'grant_delete' => 0,
'priority' => 0,
'#module' => 'example',
);
}
return $grants;
*usage:
● called only for the node being saved
● manual call with
node_access_acquire_grants($node)

7. hook_node_grants($account, $op)
if (user_access('access private content', $account)) {
$grants['example'] = array(1);
}
return $grants;
*usage:
● called dynamically at each page load to
determine what keys the current user has.

8. node_access

9. Custom Drupal database API queries
$query = db_select('node', 'n');
->fields('n', array('nid', 'title'))
->addTag('node_access');
$result = $query->execute();
You can also use EntityFieldQuery.
Example of hook_query_TAG_alter:
node_view_permissions_query_node_access_alter()

10. ACL vs. AUL
● AUL creates grands per user and adds
nodes to it.
● ACL creates grands per node and adds
users to it.

11. ACL vs. AUL example
ACL
● view_nid_1
○ uid1
○ uid2
● view_nid_2
○ uid1
○ uid2
AUL
● view_uid_1
○ nid1
○ nid2
● view_uid_2
○ nid1
○ nid2

12. hook_node_grants($account, $op)
ACL
● view_nid_1 gid 1
○ uid1
○ uid2
● view_nid_2 gid 2
○ uid1
○ uid2
returns: 1,2
AUL
● view_uid_1 gid 1
○ nid1
○ nid2
● view_uid_2 gid 2
○ nid1
○ nid2
returns: 1

13. AUL 7.x-2.x
● aul
● aul_ui
● aul_vbo
● aul_views
● aul_roles
● aul_relations

14. ‘aul’ table

15. ‘aul_relations’ table

16. aul_vbo

17. aul_vbo

18. Demo time ;)

19. @todo in AUL 7.x-2.x
● access to node revisions
● grants priority
● add realm help explanations
● implement invert entity reference relations.
● implement comments to node relations.
● implement bulk grants update.
● control access on child node add/remove

20. Vielen Dank!
QUESTIONS?
Links:
● https://drupal.org/project/aul
● http://www.phase2technology.com/blog/drupal-7-node-access-grants-locks-and-keys/
● http://www.brightsolutions.de/blog/drupal-node-access-performance
● Topic was presented at http://www.meetup.com/Drupal-Austria/events/181216712/
Drupal Node Access System AUL 2.x.-1.x.
by Alex Milkovskyi