[development] Getting Around The Limitations of
hook_db_rewrite_sql
Jonathan Chaffer
jchaffer at structureinteractive.com
Mon Apr 3 14:52:26 UTC 2006
On Apr 3, 2006, at 3:13 AM, Rob Thorne wrote:
> In other words, even if you set up your hook_access to prohibit
> viewing of your content, Drupal 4.7 *will display your private
> content to an anonymous user*. Once your private node gets added
> to the list, there are no further checks to your hook access to
> determine if your node is safe to display.
> IMNHO, this is complete insane.
I'm not sure what the best solution to your problem is, but I think I
can help you to understand the reasons behind this decision. Consider
a paged listing of nodes. If we are to display the first 10 nodes of
1000 on a site, we call db_query_range() to fetch just those entries.
This is fast. Now suppose we use hook_access() to check for access to
each of those 10. What if none of those pass the access check? Then
you have a page with no nodes printed, even if the next 10 would have
passed the check!
So what are the possible solutions? One could fetch all of the
results rather than a range, and use PHP to iterate through the
results and call the function on each until 10 are found. I think
that *now* we are in insane territory. Other than that, the only
option is to perform the access check within the database call
itself. This was the decision that was made.
More information about the development
mailing list