[development] User not allowed to access node using node_access

Derek Wright drupal at dwwright.net
Tue Apr 8 21:44:26 UTC 2008

On Apr 8, 2008, at 2:31 PM, Steve Edwards wrote:
> So there's no way to override that setting using node_access?   
> According to the handy dandy diagram on page 104 of 'Pro Drupal  
> Development' it looks like node_access is the last thing checked  
> when granting access to a node.  Is that incorrect, or am I  
> misunderstanding how that process works?

I suggest you read through the source for function node_access() from  
modules/node/node.module in core.

Here are the relevant parts:

   if (user_access('administer nodes')) {
     return TRUE;
   if (!user_access('access content')) {
     return FALSE;

   // Can't use node_invoke(), because the access hook takes the $op  
   // before the $node parameter.
   $module = node_get_types('module', $node);
   if ($module == 'node') {
     $module = 'node_content'; // Avoid function name collisions.
   $access = module_invoke($module, 'access', $op, $node);
   if (!is_null($access)) {
     return $access;

   // If the module did not override the access rights, use those set  
in the
   // node_access table.

Since project's hook_access() is returning FALSE when the user  
doesn't have 'access projects' permission, that aborts node_access()  
early in a way that denies access to your users.

What you need to do is grant everyone who needs to see a project  
"access projects" permission, then use the node access grant system  
to hide projects from users/roles that shouldn't see them.

-Derek (dww)

More information about the development mailing list