[development] Getting Around The Limitations of hook_db_rewrite_sql

Dave Cohen drupal at dave-cohen.com
Tue Apr 4 01:14:12 UTC 2006


I'm going to play devel's advocate (pun intended :) for hook_db_rewrite_sql.

It's a powerful tool, and a relatively new addition to drupal.  Because it's 
new we're only beginning to see modules use it, but they are growing in 
numbers.  (Before long, some will have better reputations that others, I 
predict.)  I think your problem is more that you haven't found one that does 
just what you want it to do.  That doesn't (necessarily) mean that 
db_rewrite_sql needs re-working.

Regarding nodes: It's tempting to expect hook_access to be called every time.  
But it's just not realistic.  It takes a lot of database calls to load a 
node.  How many depends on the modules you have installed, but either way 
think of it as a lot.  And the node must be loaded for hook_access to be 
called.  Think of all the pages that display, for instance, only a node 
title.  Like "recent posts" or "my issues" on drupal.org.  For these pages to 
load every node they display would just kill performance.

Regarding other data: part of the power (and complexity) of 
hook_db_rewrite_sql is that there is nothing node-specific about it.  It can 
hide or make visible other types of data as well.  Want to hide some users 
from some users?  You can do it there.  The TAC Lite module, for instance, 
hides some terms from users.  It uses node_access to hide nodes, and 
db_rewrite_sql to hide the taxonomy terms themselves.

I'll attest that hook_db_rewrite_sql is complex.  And its a challenge to hide 
just the right content from just the right users all the time.  But I'm a 
believer.  I expect that with a little work you'll find a way to do just what 
you want.  Also, I invite you to explain your application to me in more 
detail (off this list).  I may be able to help, or I may learn just how bad 
db_rewrite_sql is. 



On Monday 03 April 2006 04:46 pm, Rob Thorne wrote:

> It's important to remember that hook_db_rewrite_sql is a mechanism for
> munging queries.  A quick examination of contributions/modules will show
> that relatively few us has made much use of it, at least successfully.
> That it has become a central piece of our security architecture should
> raise flags with at least a few of us.
> A better question might be how we can make it easier to get hook_access
> to run efficiently.  Hook_access is, afterall, designed for access
> control :-)
> Thanks,
> Rob

More information about the development mailing list