[development] access control for periodicals - does my plan make sense?

Dave Cohen drupal at dave-cohen.com
Sat Sep 23 18:43:46 UTC 2006

Looking for some advice and ideas....

A client is publishing a periodical online.  Only paid subscribers will have 
access to the nodes that are part of the periodical.  Subscriptions are not 
necessarily continuous.  So for example a user might subscribe in 2006; not 
subscribe in 2007; then subscribe again in 2008.  In 2008, such a user should 
be able to view content from 2006 and 2008, but not 2007.

I have a flexible system in mind; in which each subscription has a start, end 
and expiration.  Whether a node is visible will depend on whether its 
creation date falls between the start and end of a subscription.  My question 
is not about this part, but about how best to hide the nodes that the user 
has not paid for.

I do not plan to use "standard" access control; that is, the node_access table 
and grants, because I don't see how to cleanly map a subscription start and 
end date to a grant id.  But that's OK because I don't need to entirely hide 
the existence of these nodes.  I just need to hide the full contents of the 

So my plan is to put some logic in hook_nodeapi.  If $op == 'view', and the 
user has not subscribed to the node in question, I can do something like:

    $node->body = t('Sorry, you have to subscribe to view this.');

I'm writing to this group because I think is a reasonable approach, but I'm 
not sure.  Any thoughts or suggestions?



More information about the development mailing list