1. Home
  2. API reference
  3. CIS 7
  4. node.module
  5. function node_access

function node_access

×

Error message

User warning: The following module is missing from the file system: theme/theme. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1156 of /var/www/html/elmsln_community/api.elmsln.org/includes/bootstrap.inc).
cis7 node.module node_access($op, $node, $account = NULL)
cle7 node.module node_access($op, $node, $account = NULL)
elmsmedia7 node.module node_access($op, $node, $account = NULL)
icor7 node.module node_access($op, $node, $account = NULL)
meedjum_blog7 node.module node_access($op, $node, $account = NULL)
mooc7 node.module node_access($op, $node, $account = NULL)

Determines whether the current user may perform the operation on the node.

Parameters

$op: The operation to be performed on the node. Possible values are:

  • "view"
  • "update"
  • "delete"
  • "create"

$node: The node object on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.

$account: Optional, a user object representing the user for whom the operation is to be performed. Determines access for a user other than the current user.

Return value

TRUE if the operation may be performed, FALSE otherwise.

Related topics

Node access rights
The node access system determines who can do what to which nodes.
62 calls to node_access()
addanother_access in sites/all/modules/ulmus/addanother/addanother.module
Check if we should display the Add another verbage on a node.
book_block_view in modules/book/book.module
Implements hook_block_view().
book_copy_book_process_book_copy in sites/all/modules/elmsln_contrib/book_copy/book_copy.module
Callback for book_copy ajax call from outline designer.
book_export in modules/book/book.pages.inc
Menu callback; Generates representations of a book page and its children.
book_node_view_link in modules/book/book.module
Adds relevant book links to the node's links.

... See full list

65 string references to 'node_access'
blog_block_view in modules/blog/blog.module
Implements hook_block_view().
blog_feed_last in modules/blog/blog.pages.inc
Menu callback; displays an RSS feed containing recent blog entries of all users.
blog_feed_user in modules/blog/blog.pages.inc
Menu callback; displays an RSS feed containing recent blog entries of a given user.
blog_page_last in modules/blog/blog.pages.inc
Menu callback; displays a Drupal page containing recent blog entries of all users.
blog_page_user in modules/blog/blog.pages.inc
Menu callback; displays a Drupal page containing recent blog entries of a given user.

... See full list

File

modules/node/node.module, line 2981
The core that allows content to be submitted to the site. Modules and scripts may programmatically submit nodes using the usual form API pattern.

Code

function node_access($op, $node, $account = NULL) {
  $rights = &drupal_static(__FUNCTION__, array());

  if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
    // If there was no node to check against, or the $op was not one of the
    // supported ones, we return access denied.
    return FALSE;
  }
  // If no user object is supplied, the access check is for the current user.
  if (empty($account)) {
    $account = $GLOBALS['user'];
  }

  // $node may be either an object or a node type. Since node types cannot be
  // an integer, use either nid or type as the static cache id.

  $cid = is_object($node) ? $node->nid : $node;

  // If we've already checked access for this node, user and op, return from
  // cache.
  if (isset($rights[$account->uid][$cid][$op])) {
    return $rights[$account->uid][$cid][$op];
  }

  if (user_access('bypass node access', $account)) {
    $rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }
  if (!user_access('access content', $account)) {
    $rights[$account->uid][$cid][$op] = FALSE;
    return FALSE;
  }

  // We grant access to the node if both of the following conditions are met:
  // - No modules say to deny access.
  // - At least one module says to grant access.
  // If no module specified either allow or deny, we fall back to the
  // node_access table.
  $access = module_invoke_all('node_access', $node, $op, $account);
  if (in_array(NODE_ACCESS_DENY, $access, TRUE)) {
    $rights[$account->uid][$cid][$op] = FALSE;
    return FALSE;
  }
  elseif (in_array(NODE_ACCESS_ALLOW, $access, TRUE)) {
    $rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }

  // Check if authors can view their own unpublished nodes.
  if ($op == 'view' && !$node->status && user_access('view own unpublished content', $account) && $account->uid == $node->uid && $account->uid != 0) {
    $rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($op != 'create' && $node->nid) {
    if (module_implements('node_grants')) {
      $query = db_select('node_access');
      $query->addExpression('1');
      $query->condition('grant_' . $op, 1, '>=');
      $nids = db_or()->condition('nid', $node->nid);
      if ($node->status) {
        $nids->condition('nid', 0);
      }
      $query->condition($nids);
      $query->range(0, 1);

      $grants = db_or();
      foreach (node_access_grants($op, $account) as $realm => $gids) {
        foreach ($gids as $gid) {
          $grants->condition(db_and()->condition('gid', $gid)->condition('realm', $realm));
        }
      }
      if (count($grants) > 0) {
        $query->condition($grants);
      }
      $result = (bool) $query->execute()->fetchField();
      $rights[$account->uid][$cid][$op] = $result;
      return $result;
    }
    elseif (is_object($node) && $op == 'view' && $node->status) {
      // If no modules implement hook_node_grants(), the default behavior is to
      // allow all users to view published nodes, so reflect that here.
      $rights[$account->uid][$cid][$op] = TRUE;
      return TRUE;
    }
  }

  return FALSE;
}