[consulting] Restricting nodes to a certain role with nodeaccess

Brian Vuyk brian at brianvuyk.com
Thu Oct 8 15:43:11 UTC 2009 

Hi all.

For a client project, we are creating nodes programmatically as we 
import them from an external system. We are using nodeaccess 
(http://drupal.org/project/nodeaccess) to restrict access on a per-node 
basis to the author (who can view, edit, and delete) and anyone from a 
certain role (who may just view and edit, not delete).

On import, we are writing entries to both the nodeaccess and node_access 
tables:

  //Delete any existing grants, and add author and role grants 
(nodeaccess module).
  db_query("DELETE FROM {nodeaccess} WHERE nid = %d", $nid);
  db_query("INSERT INTO {nodeaccess} (nid, gid, realm, grant_view, 
grant_update, grant_delete)
                VALUES
                (%d, %d, 'nodeaccess_author', 1, 1, 1),
                (%d, 12, 'nodeaccess_rid', 1, 1, 0)", $nid, $uid, $nid);
               
  // Delete any existing grants, and add author and role grants (Core 
node_access system).
  db_query("DELETE FROM {node_access} WHERE nid = %d", $nid);
  db_query("INSERT INTO {node_access} (nid, gid, realm, grant_view, 
grant_update, grant_delete)
                VALUES
                (%d, $d, 'nodeaccess_author', 1, 1, 1),
                (%d, 12, 'nodeaccess_rid', 1, 1, 0)", $nid, $uid, $nid);

This results in the following grants:

mysql> select * from nodeaccess where nid = 1261;
+------+-----+-------------------+------------+--------------+--------------+
| nid  | gid | realm             | grant_view | grant_update | 
grant_delete |
+------+-----+-------------------+------------+--------------+--------------+
| 1261 |  12 | nodeaccess_rid    |          1 |            1 
|            0 |
| 1261 |  18 | nodeaccess_author |          1 |            1 
|            1 |
+------+-----+-------------------+------------+--------------+--------------+
2 rows in set (0.00 sec)

mysql> select * from node_access where nid = 1261;
+------+-----+-------------------+------------+--------------+--------------+
| nid  | gid | realm             | grant_view | grant_update | 
grant_delete |
+------+-----+-------------------+------------+--------------+--------------+
| 1261 |  12 | nodeaccess_rid    |          1 |            1 
|            0 |
| 1261 |  18 | nodeaccess_author |          1 |            1 
|            1 |
+------+-----+-------------------+------------+--------------+--------------+
2 rows in set (0.00 sec)

The author grants seem to work - the author can do what he needs to do 
(view, edit, and alter). However, users with rid 12 are supposed to be 
able to view and edit as well, and they get an access denied when they 
try to access the node.

What am I doing wrong here?

Thanks in advance for any help!

Brian

More information about the consulting mailing list