[development] Getting Around The Limitations of hook_db_rewrite_sql

[Dave Cohen]

Rob, 

You haven't given all the details your user-to-node relationships and how you 
will store them, but it sounds to me like hook_db_rewrite_sql is exactly what 
you need.  It lets you define join(s) and where clause(s) to hide content.  
Those clauses can be based on the current user and/or whatever else you come 
up with.

hook_db_rewrite_sql makes the node_access table possible.  Node_access is the 
way the node.module uses the hook, but is not the only way.  However, I 
recommend you use the node_access table if you can make it apply to your 
situation.

If you're planning to make a giant mapping between each user and each node.  
Then it sounds like a lot of data and an administrative nightmare.  But also 
something that the node_access table is able to represent.

I wrote a couple access control modules which might be good examples.  One 
based on users, roles and taxonomy <http://drupal.org/project/issues/53738> 
and a similar one for the category module 
<http://cvs.drupal.org/viewcvs/drupal/contributions/modules/category/contrib/cac_lite/>.  
They both rely on the node_access table mostly, but for special cases use 
hook_db_rewrite_sql.

-Dave



On Monday 03 April 2006 12:13 am, Rob Thorne wrote:
> I'm writing a module for 4.7 that needs to control access to nodes that
> are only viewable by users who are approved via an external module.  To
> determine if a node is viewable,  I need to check the user *and* the
> node id.  This would work, except for a design decision that was made
> "for performance".