Contributions API

HomeAPI reference › node_access

node_access

Definition

node_access($op, $node, $account = NULL)
6/modules/node/node.module, line 1978

Description

Determine whether the current user may perform the given operation on the specified node.

Parameters

$op The operation to be performed on the node. Possible values are:

$node The node object (or node array) on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.

$account Optional, a user object representing the user for whom the operation is to be performed. Determines access for a user other than the current user.

Return value

TRUE if the operation may be performed.

Related topics

Namesort iconDescription
Node access rightsThe node access system determines who can do what to which nodes.

Code

<?php
function node_access($op, $node, $account = NULL) {
  global $user;

  if (!$node) {
    return FALSE;
  }
  // Convert the node to an object if necessary:
  if ($op != 'create') {
    $node = (object)$node;
  }
  // If no user object is supplied, the access check is for the current user.
  if (empty($account)) {
    $account = $user;
  }
  // If the node is in a restricted format, disallow editing.
  if ($op == 'update' && !filter_access($node->format)) {
    return FALSE;
  }

  if (user_access('administer nodes', $account)) {
    return TRUE;
  }

  if (!user_access('access content', $account)) {
    return FALSE;
  }

  // Can't use node_invoke(), because the access hook takes the $op parameter
  // before the $node parameter.
  $module = node_get_types('module', $node);
  if ($module == 'node') {
    $module = 'node_content'; // Avoid function name collisions.
  }
  $access = module_invoke($module, 'access', $op, $node, $account);
  if (!is_null($access)) {
    return $access;
  }

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($op != 'create' && $node->nid && $node->status) {
    $grants = array();
    foreach (node_access_grants($op, $account) as $realm => $gids) {
      foreach ($gids as $gid) {
        $grants[] = "(gid = $gid AND realm = '$realm')";
      }
    }

    $grants_sql = '';
    if (count($grants)) {
      $grants_sql = 'AND ('. implode(' OR ', $grants) .')';
    }

    $sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) $grants_sql AND grant_$op >= 1";
    $result = db_query($sql, $node->nid);
    return (db_result($result));
  }

  // Let authors view their own nodes.
  if ($op == 'view' && $account->uid == $node->uid && $account->uid != 0) {
    return TRUE;
  }

  return FALSE;
}
?>