Drupal node access system & AUL 7.x.-2.x.
Topic was presented at Drupal-Austria Vienna Meetup May 2014.
http://www.meetup.com/Drupal-Austria/events/181216712/
2. About me: Oleksandr(Alex) Milkovskyi
Drupal Developer
& Student at FH Technikum Wien
● Met Drupal in January 2010
● 2010-2012: Drupal Frontend Developer,
Themer, Sitebuilder
● 2012-2014: Drupal Backend Developer
● https://drupal.org/user/1761220 a.
milkovsky
3. Drupal Node Access System
● hook_node_access
● hook_node_access_records
● hook_node_grants
● hook_query_TAG_alter
Only node entities will be covered in this
presentation
4. Why not hook_node_access
function mymodule_node_access($node, $op, $account) {
return NODE_ACCESS_DENY;
}
Possible options:
● NODE_ACCESS_ALLOW
● NODE_ACCESS_DENY
● NODE_ACCESS_IGNORE
Disadvantages: ignored by Views, Menus, and other content queries
5. Better use Locks & Keys
● hook_node_access_records Locks
● hook_node_grants Keys
“
● Each lock Realm (color) must be opened
to access the node.
● Only one ID (serial number) within the Realm needs
to be unlocked to open that entire Realm.
”
6. hook_node_access_records($node)
if ($node->private) {
$grants[] = array(
'realm' => 'example',
'gid' => 1,
'grant_view' => 1,
'grant_update' => 0,
'grant_delete' => 0,
'priority' => 0,
'#module' => 'example',
);
}
return $grants;
*usage:
● called only for the node being saved
● manual call with
node_access_acquire_grants($node)
7. hook_node_grants($account, $op)
if (user_access('access private content', $account)) {
$grants['example'] = array(1);
}
return $grants;
*usage:
● called dynamically at each page load to
determine what keys the current user has.
9. Custom Drupal database API queries
$query = db_select('node', 'n');
->fields('n', array('nid', 'title'))
->addTag('node_access');
$result = $query->execute();
You can also use EntityFieldQuery.
Example of hook_query_TAG_alter:
node_view_permissions_query_node_access_alter()
10. ACL vs. AUL
● AUL creates grands per user and adds
nodes to it.
● ACL creates grands per node and adds
users to it.
19. @todo in AUL 7.x-2.x
● access to node revisions
● grants priority
● add realm help explanations
● implement invert entity reference relations.
● implement comments to node relations.
● implement bulk grants update.
● control access on child node add/remove
20. Vielen Dank!
QUESTIONS?
Links:
● https://drupal.org/project/aul
● http://www.phase2technology.com/blog/drupal-7-node-access-grants-locks-and-keys/
● http://www.brightsolutions.de/blog/drupal-node-access-performance
● Topic was presented at http://www.meetup.com/Drupal-Austria/events/181216712/
Drupal Node Access System AUL 2.x.-1.x.
by Alex Milkovskyi