[development] node_access arbitrator in Drupal 5
merlin at logrus.com
Tue Oct 31 06:12:44 UTC 2006
This actually happened a couple of months ago, but I delayed announcing
it because it needed a bug fix before it could be used, and that took
awhile to get through the patching system. The upshot is that since it's
been in awhile, those in the know (uh, I guess that's me and Moshe) have
managed to create/update some modules to take advantage of this system.
First, the updating modules link: http://drupal.org/node/64279#node_access
Second, what you need to know:
If your module doesn't touch the node_access table, good for you. You
probably don't need to do anything.
If your module does touch the node_access module, at least to write to
it, you're going to be hideously broken. You need to very carefully read
through the new system.
Basically, the new system calls a function called
node_access_acquire_grants() whenever a node is saved; your module can
also call this function (For example, when you change a setting that
causes access changes for many nodes). This function does calls
hook_node_access_records with the node, and modules that have an
interest return a list of access rules, including a 'priority'. Only
rules with the highest priority are considered, the rest are thrown
away. If no records are returned for the node at all, a simple 'all'
grant is written for the node.
For a couple of other examples, see the Forum Access and ACL modules.
Forum Access does roughly what it sounds like it'll do; ACL provides an
API to attach access control lists to nodes and maintain them. Forum
Access uses ACL to provide a 'forum moderators' list that the current
taxonomy access system can't do.
The biggest benefit to these is that access control modules can
co-exist, though they still need to be a little bit careful.
More information about the development