You are here
Drupal 7 - A Simple Content Type: Permissions & Access
This post builds upon a previous post: Drupal 7 - A Simple Content Type
Drupal's role specific permissions and access rules are a fantastic way to limit who does and does not get to view content of a certain type or perform certain actions which may be associated with a particular module. Our content type is really very simple and so we will implement some simple permissions and access rules. Using the module we created in a previous post, we need to add a couple of hooks to our .module file. We'll start by creating some permissions with hook_permission():
function simple_content_type_permission() {
$permissions['create simple content type'] = array(
'title' => t('Create simple content type'),
'description' => t('Allow users to create simple content type nodes'),
);
$permissions['view simple content type'] = array(
'title' => t('View simple content type'),
'description' => t('Allow users to view simple content type nodes'),
);
$permissions['edit simple content type'] = array(
'title' => t('Edit simple content type'),
'description' => t('Allow users to edit simple content type nodes'),
);
$permissions['delete simple content type'] = array(
'title' => t('Delete simple content type'),
'description' => t('Allow users to delete simple content type nodes'),
);
return $permissions;
}
As you can see, the sky is really the limit when it comes to what permissions you can add. We have only defined four different permissions which can be assigned to each role but as long as $permissions is an array of arrays in the format above, with a title and description, then it does not matter what id you give a permission, what you use it for, or how many you define. Our next step is to implement hook_node_access() so that we can define how the permissions above could affect adding, editing, viewing, or deleting a Simple Content Type node:
function simple_content_type_node_access($node, $op, $account) {
// just in case the $node parameter is not really a node object or
// the $node->type is one other than our own
$type = is_string($node) ? $node : $node->type;
if (! is_object($node) || $type != 'simple_content_type') {
return NODE_ACCESS_IGNORE;
}
switch ($op) {
case 'create':
if (user_access('create simple content type', $account)) {
return NODE_ACCESS_ALLOW;
}
break;
case 'update':
if (user_access('edit simple content type', $account)) {
return NODE_ACCESS_ALLOW;
}
break;
case 'delete':
if (user_access('delete simple content type', $account)) {
return NODE_ACCESS_ALLOW;
}
break;
case 'view':
if (user_access('view simple content type', $account)) {
return NODE_ACCESS_ALLOW;
}
break;
}
// if none of the conditions above are met we will deny access
return NODE_ACCESS_DENY;
}
We start by creating an escape from the function for two reasons: 1) to prevent errors from occurring if the value in the $node parameter happens to be something other than a node object and 2) to prevent our hook from affecting access to other types of nodes. Next we check to see what operation is being performed and determine if the user should gain access. There are only four expected values for $op but just in case we include a default. We can use this opportunity to inject our own access rules into the access equation. For our Simple Content Type we are merely checking to see if the user has the appropriate permission but we could also check to see if the user had created the node they were operating on or any number of other things. Lastly, if we have not granted access to the node by this point then we are going to explicitly deny access.
You can use the above hooks in other types of modules to define permissions for other types of operations or alter the access rules for node types besides those in your module. But that is for a different post.
Download the source for this example.