1 node_access_example.module node_access_example_node_grants($account, $op)

Implements hook_node_grants().

Tell the node access system what grant IDs the user belongs to for each realm, based on the operation being performed.

When the user tries to perform an operation on the node, Backdrop calls hook_node_grants() to determine grant ID and realm for the user. Backdrop looks up the grant ID and realm for the node, and compares them to the grant ID and realm provided here. If grant ID and realm match for both user and node, then the operation is allowed.

Grant ID and realm are both determined per node, by your module in hook_node_access_records().

In our example, we've created three access realms: One for authorship, and two that track with the permission system.

We always add node_access_example_author to the list of grants, with a grant ID equal to their user ID. We do this because in our model, authorship always gives you permission to edit or delete your nodes, even if they're marked private.

Then we compare the user's permissions to the operation to determine whether the user falls into the other two realms: node_access_example_view, and/or node_access_example_edit. If the user has the 'access any private content' permission we defined in hook_permission(), they're declared as belonging to the node_access_example_realm. Similarly, if they have the 'edit any private content' permission, we add the node_access_example_edit realm to the list of grants they have.

See also



Related topics


modules/examples/node_access_example/node_access_example.module, line 268
Module file illustrating API-based node access.


function node_access_example_node_grants($account, $op) {
  $grants = array();
  // First grant a grant to the author for own content.
  // Do not grant to anonymous user else all anonymous users would be author.
  if ($account->uid) {
    $grants['node_access_example_author'] = array($account->uid);

  // Then, if "access any private content" is allowed to the account,
  // grant view, update, or delete as necessary.
  if ($op == 'view' && user_access('access any private content', $account)) {
    $grants['node_access_example_view'] = array(NODE_ACCESS_EXAMPLE_GRANT_ALL);

  if (($op == 'update' || $op == 'delete') && user_access('edit any private content', $account)) {
    $grants['node_access_example_edit'] = array(NODE_ACCESS_EXAMPLE_GRANT_ALL);

  return $grants;