node_access for not the global user?
I'm looking for a way to determine if an arbitrary user (i.e, not the global or current user) has access to a node. The node_access() function in the node.module looks like what I want, except that it only applies to the current user. I only actually care if the user can view the node. Any ideas? I'd thought of redefining the $_GLOBAL['user'] temporarily and then running node_access, but I think that might be dangerous (side effects?). I could also just copy that node_access function and change the references to the global user, but I'm hoping someone's already thought through a more elegant solution. -- Alan Dixon, Web Developer http://alan.g.dixon.googlepages.com/
Alan Dixon wrote:
I'm looking for a way to determine if an arbitrary user (i.e, not the global or current user) has access to a node. The node_access() function in the node.module looks like what I want, except that it only applies to the current user. I only actually care if the user can view the node.
Any ideas?
I'd thought of redefining the $_GLOBAL['user'] temporarily and then running node_access, but I think that might be dangerous (side effects?). I could also just copy that node_access function and change the references to the global user, but I'm hoping someone's already thought through a more elegant solution.
this was a feature of node_access() but it never worked right so it was removed in 5. there is an issue on it somewhere. i would love to see an impersonation API becase we need it for programmatically submitting forms, nodes, etc
Hi. This is Moshe. I'd like to see an impersonation API as well. ;-) Moshe Weitzman wrote:
Alan Dixon wrote:
I'm looking for a way to determine if an arbitrary user (i.e, not the global or current user) has access to a node. The node_access() function in the node.module looks like what I want, except that it only applies to the current user. I only actually care if the user can view the node.
Any ideas?
I'd thought of redefining the $_GLOBAL['user'] temporarily and then running node_access, but I think that might be dangerous (side effects?). I could also just copy that node_access function and change the references to the global user, but I'm hoping someone's already thought through a more elegant solution.
this was a feature of node_access() but it never worked right so it was removed in 5. there is an issue on it somewhere.
i would love to see an impersonation API becase we need it for programmatically submitting forms, nodes, etc
-- * * * * * Lullabot's First Ever Advanced Workshops Are Here! Drupal API & Module Building - Advanced Drupal Themeing April 9th-13th - Providence, RI Early Bird Discounts Available Now http://www.lullabot.com/training * * * * *
Thanks and yes, i recall running across some code that redefines the GLOBALS['user'] in order to accomplish the impersonation. Anyone tried it (successsfully?) in 5? - Alan On 3/5/07, Moshe Weitzman <weitzman@tejasa.com> wrote:
this was a feature of node_access() but it never worked right so it was removed in 5. there is an issue on it somewhere.
i would love to see an impersonation API becase we need it for programmatically submitting forms, nodes, etc
-- Alan Dixon, Web Developer http://alan.g.dixon.googlepages.com/
You can see how I tackled this by downloading the devel module (and more importantly, the devel_node_access module which comes with it). Then apply this patch: http://drupal.org/node/91846 The approach I took is expensive. I load each user and then test node access. So it's intended strictly for development and testing. Not a feature you'd enable on a live site, if you want it to perform. -Dave On Monday 05 March 2007 07:54, Alan Dixon wrote:
I'm looking for a way to determine if an arbitrary user (i.e, not the global or current user) has access to a node.
Hi, There is 1 method of doing this (I believe) and from what I have seen in some packages, is that you switch users to the user you want to check and then switch back. global $user; $save = $user; $user = user_load(array('uid' => 1234)); ... check access to node ... $user = $save; It is a pain that you can't just specify a uid to check access. Gordon. Alan Dixon wrote:
I'm looking for a way to determine if an arbitrary user (i.e, not the global or current user) has access to a node. The node_access() function in the node.module looks like what I want, except that it only applies to the current user. I only actually care if the user can view the node.
Any ideas?
I'd thought of redefining the $_GLOBAL['user'] temporarily and then running node_access, but I think that might be dangerous (side effects?). I could also just copy that node_access function and change the references to the global user, but I'm hoping someone's already thought through a more elegant solution.
On Mar 5, 2007, at 3:23 PM, Gordon Heydon wrote:
It is a pain that you can't just specify a uid to check access.
see also: http://drupal.org/node/47735 -derek
Yes, but I think this is going to break in php5 where objects need to be cloned intead of assigned, no? - Alan On 3/5/07, Gordon Heydon <gordon@heydon.com.au> wrote:
Hi,
There is 1 method of doing this (I believe) and from what I have seen in some packages, is that you switch users to the user you want to check and then switch back.
global $user; $save = $user; $user = user_load(array('uid' => 1234));
... check access to node ...
$user = $save;
It is a pain that you can't just specify a uid to check access.
Gordon.
Alan Dixon wrote:
I'm looking for a way to determine if an arbitrary user (i.e, not the global or current user) has access to a node. The node_access() function in the node.module looks like what I want, except that it only applies to the current user. I only actually care if the user can view the node.
Any ideas?
I'd thought of redefining the $_GLOBAL['user'] temporarily and then running node_access, but I think that might be dangerous (side effects?). I could also just copy that node_access function and change the references to the global user, but I'm hoping someone's already thought through a more elegant solution.
-- Alan Dixon, Web Developer http://alan.g.dixon.googlepages.com/
participants (6)
-
Alan Dixon -
Dave Cohen -
Derek Wright -
Gordon Heydon -
Moshe Weitzman -
Robert Douglass