[development] Getting Around The Limitations of hook_db_rewrite_sql
drupal at dave-cohen.com
Tue Apr 4 01:14:12 UTC 2006
I'm going to play devel's advocate (pun intended :) for hook_db_rewrite_sql.
It's a powerful tool, and a relatively new addition to drupal. Because it's
new we're only beginning to see modules use it, but they are growing in
numbers. (Before long, some will have better reputations that others, I
predict.) I think your problem is more that you haven't found one that does
just what you want it to do. That doesn't (necessarily) mean that
db_rewrite_sql needs re-working.
Regarding nodes: It's tempting to expect hook_access to be called every time.
But it's just not realistic. It takes a lot of database calls to load a
node. How many depends on the modules you have installed, but either way
think of it as a lot. And the node must be loaded for hook_access to be
called. Think of all the pages that display, for instance, only a node
title. Like "recent posts" or "my issues" on drupal.org. For these pages to
load every node they display would just kill performance.
Regarding other data: part of the power (and complexity) of
hook_db_rewrite_sql is that there is nothing node-specific about it. It can
hide or make visible other types of data as well. Want to hide some users
from some users? You can do it there. The TAC Lite module, for instance,
hides some terms from users. It uses node_access to hide nodes, and
db_rewrite_sql to hide the taxonomy terms themselves.
I'll attest that hook_db_rewrite_sql is complex. And its a challenge to hide
just the right content from just the right users all the time. But I'm a
believer. I expect that with a little work you'll find a way to do just what
you want. Also, I invite you to explain your application to me in more
detail (off this list). I may be able to help, or I may learn just how bad
On Monday 03 April 2006 04:46 pm, Rob Thorne wrote:
> It's important to remember that hook_db_rewrite_sql is a mechanism for
> munging queries. A quick examination of contributions/modules will show
> that relatively few us has made much use of it, at least successfully.
> That it has become a central piece of our security architecture should
> raise flags with at least a few of us.
> A better question might be how we can make it easier to get hook_access
> to run efficiently. Hook_access is, afterall, designed for access
> control :-)
More information about the development