Customizing node access in drupal 7
Blog

Customizing node access in drupal 7

Drupal 7 provides accessing of nodes by roles & its permissions, The permissions can be set to different roles & based on permission nodes can be accessible for different operations like view, delete, create & update.

Let’s say we have content type ‘article’ & we have roles  HOD, CR, Student. And we have permissions set to Student role as can ‘view the published article’. CR role has permission that ‘can view published article & can edit own article’.

But in case of we need custom permission scenarios, lets discuss some examples -

  • If student is author then student can edit own article when it is in unpublished state
  • CR role wants to edit own article & Students articles (For unpublished state)

These are some scenarios where permissions will not give options to do these.

We came across some hooks in drupal 7 & found hook_node_access($node, $op, $account). Let’s discuss how we can achieve above scenarios. Create a module called custom_node_access.

Scenario 1 : If student is author then student can edit article when it is in unpublished state

/**
 * Implementation of hook_node_access().
 * 
 * Scenario 1 : If student is author then student can edit article when it is in unpublished state
 */
function custom_title_node_access($node, $op, $account) {
  // get type of node.
  $type = is_string($node) ? $node : $node->type;
  // Check content type is article
  if ($type == 'article') {
    // Check node object is loaded
    // Check node status is unpublished
    if (isset($node->nid) && $node->status  ==  0) {
      // Check operation is update
      if ($op == 'update') {
        // Check user is student
        // Here 2 is student role id
        if (array_key_exists(2, $account->roles)) {
          // Check node author & logged in user are same
          if($node->uid == $account->uid){
            // Access student to update these node
            return NODE_ACCESS_ALLOW;
          }
        }
      }
    }
  }
}

Scenario 2 : CR role wants to edit own article & Students articles (For unpublished state)

/**
 * Implementation of hook_node_access().
 * 
 * Scenario 1 : CR role wants to edit own article & Students articles (For unpublished state) 
*/
function custom_title_node_access($node, $op, $account) {
  // get type of node.
  $type = is_string($node) ? $node : $node->type;
  // Check content type is article
  if ($type == 'article') {
    // Check node object is loaded
    // Check node status is unpublished
    if (isset($node->nid) && $node->status == 0) {
      // Check operation is update
      if ($op == 'update') {
        // Check user is CR
        // Here 3 is CR role id
        if (array_key_exists(3, $account->roles)) {
          // load node author's user object
          $node_author = user_load($node->uid);

          // Check node author & logged in user are same
          // or node author is student (Here 2 is student role id)
          if($node->uid == $account->uid || array_key_exists(2, $node_author->roles)){
            // Access student to update these node
            return NODE_ACCESS_ALLOW;
          }
        }
      }
    }
  }
}