I'm writing a module that will control access to projects at a user level instead of a role level. I have an admin form written that will allow an administrator to select which users can access each project, and stores the data in a project_permissions table. My next task is to figure out how to use this data to control access to each project. From what I've been able to find, it looks like I need to use a combination of hook_node_grants() and hook_node_access_records().
I have my hook_node_access_records function written as follows:
/* * Implementation of hook_node_access_records() */ function project_permissions_node_access_records($node) { if ($node->type == 'project_project') { $sql = "SELECT * FROM project_permissions WHERE nid = %d"; $result = db_query($sql, $node->nid); while ($permission = db_fetch_object($result)) { $grants[] = array( 'realm' => 'project_permissions', 'gid' => $permission->uid, 'grant_view' => TRUE, 'grant_update' => TRUE, 'grant_delete' => TRUE, ); } return $grants; } }
and it correctly saves the data to the node_access table. I'm still trying to figure out how to implement hook_node_grants. If anyone can shed some light on that, I'd appreciate it.
But my bigger question is this: does using these two hooks override the access that is set in the Project module? For instance, if a users role has been granted view access, but in my module he hasn't been granted access, which will win?
Thanks.
Steve