On Apr 8, 2008, at 2:31 PM, Steve Edwards wrote:
So there's no way to override that setting using node_access? According to the handy dandy diagram on page 104 of 'Pro Drupal Development' it looks like node_access is the last thing checked when granting access to a node. Is that incorrect, or am I misunderstanding how that process works?
I suggest you read through the source for function node_access() from modules/node/node.module in core. Here are the relevant parts: if (user_access('administer nodes')) { return TRUE; } if (!user_access('access content')) { return FALSE; } // Can't use node_invoke(), because the access hook takes the $op parameter // before the $node parameter. $module = node_get_types('module', $node); if ($module == 'node') { $module = 'node_content'; // Avoid function name collisions. } $access = module_invoke($module, 'access', $op, $node); if (!is_null($access)) { return $access; } // If the module did not override the access rights, use those set in the // node_access table. ... Since project's hook_access() is returning FALSE when the user doesn't have 'access projects' permission, that aborts node_access() early in a way that denies access to your users. What you need to do is grant everyone who needs to see a project "access projects" permission, then use the node access grant system to hide projects from users/roles that shouldn't see them. Cheers, -Derek (dww)