Drupal Node Access System

AUL 7.x.-2.xAlex Milkovskyi

About me: Oleksandr(Alex) Milkovskyi

Drupal Developer & Student at FH Technikum Wien

● Met Drupal in January 2010● 2010-2012: Drupal Frontend Developer,

Themer, Sitebuilder● 2012-2014: Drupal Backend Developer● https://drupal.org/user/1761220 a.

milkovsky

Drupal Node Access System

● hook_node_access● hook_node_access_records● hook_node_grants ● hook_query_TAG_alter

Only node entities will be covered in this presentation

Why not hook_node_accessfunction mymodule_node_access($node, $op, $account) {

return NODE_ACCESS_DENY;

}

Possible options:

● NODE_ACCESS_ALLOW● NODE_ACCESS_DENY● NODE_ACCESS_IGNORE

Disadvantages: ignored by Views, Menus, and other content queries

Better use Locks & Keys

● hook_node_access_records Locks● hook_node_grants Keys“

● Each lock Realm (color) must be opened

to access the node.

● Only one ID (serial number) within the Realm needs

to be unlocked to open that entire Realm.

”

hook_node_access_records($node)if ($node->private) {

$grants[] = array(

'realm' => 'example',

'gid' => 1,

'grant_view' => 1,

'grant_update' => 0,

'grant_delete' => 0,

'priority' => 0,

'#module' => 'example',

);

}

return $grants;

*usage:● called only for the node being saved● manual call with

node_access_acquire_grants($node)

hook_node_grants($account, $op)if (user_access('access private content', $account)) {

$grants['example'] = array(1);

}

return $grants;

*usage:● called dynamically at each page load to

determine what keys the current user has.

node_access

Custom Drupal database API queries$query = db_select('node', 'n');

->fields('n', array('nid', 'title'))

->addTag('node_access');$result = $query->execute();

You can also use EntityFieldQuery.

Example of hook_query_TAG_alter: node_view_permissions_query_node_access_alter()

ACL vs. AUL

● AUL creates grands per user and adds nodes to it.

● ACL creates grands per node and adds users to it.

ACL vs. AUL example

ACL● view_nid_1

○ uid1○ uid2

● view_nid_2○ uid1○ uid2

AUL● view_uid_1

○ nid1○ nid2

● view_uid_2○ nid1○ nid2

hook_node_grants($account, $op)

ACL● view_nid_1 gid 1

○ uid1○ uid2

● view_nid_2 gid 2○ uid1○ uid2

returns: 1,2

AUL● view_uid_1 gid 1

○ nid1○ nid2

● view_uid_2 gid 2○ nid1○ nid2

returns: 1

AUL 7.x-2.x

● aul● aul_ui● aul_vbo● aul_views● aul_roles● aul_relations

‘aul’ table

‘aul_relations’ table

aul_vbo

aul_vbo

Demo time ;)

@todo in AUL 7.x-2.x● access to node revisions● grants priority● add realm help explanations● implement invert entity reference relations.● implement comments to node relations.● implement bulk grants update.● control access on child node add/remove

Vielen Dank!

QUESTIONS?Links:

● https://drupal.org/project/aul● http://www.phase2technology.com/blog/drupal-7-node-access-grants-locks-and-keys/● http://www.brightsolutions.de/blog/drupal-node-access-performance● Topic was presented at http://www.meetup.com/Drupal-Austria/events/181216712/

Drupal Node Access System AUL 2.x.-1.x. by Alex Milkovskyi