1 node.api.php hook_node_grants_alter(&$grants, $account, $op)

Alter user access rules when trying to view, edit or delete a node.

Node access modules establish rules for user access to content. hook_node_grants() defines permissions for a user to view, edit or delete nodes by building a $grants array that indicates the permissions assigned to the user by each node access module. This hook is called to allow modules to modify the $grants array by reference, so the interaction of multiple node access modules can be altered or advanced business logic can be applied.

The resulting grants are then checked against the records stored in the {node_access} table to determine if the operation may be completed.

A module may deny all access to a user by setting $grants to an empty array.

Developers may use this hook to either add additional grants to a user or to remove existing grants. These rules are typically based on either the permissions assigned to a user role, or specific attributes of a user account.


$grants: The $grants array returned by hook_node_grants().

$account: The user account requesting access to content.

$op: The operation being performed, 'view', 'update' or 'delete'.

See also




Related topics


core/modules/node/node.api.php, line 375
Hooks provided by the Node module.


function hook_node_grants_alter(&$grants, $account, $op) {
  // Our sample module never allows certain roles to edit or delete
  // content. Since some other node access modules might allow this
  // permission, we expressly remove it by returning an empty $grants
  // array for roles specified in our variable setting.

  // Get our list of banned roles.
  $restricted = config_get('my_module.settings', 'example_restricted_roles', array());

  if ($op != 'view' && !empty($restricted)) {
    // Now check the roles for this account against the restrictions.
    foreach ($restricted as $role_id) {
      if (isset($account->roles[$role_id])) {
        $grants = array();