background image

Content tagged with: authenticated

Creating your own node access control layer using hook_menu_alter

Eric's picture
Submitted by Eric on Tue, 02/17/2009 - 16:39

I've been working on an intranet site that needed to have typical intranet permissions: unauthenticated users can see a handful of pages and the rest of the nodes are only visible to authenticated users. Instead of having the user specify permissions for every page, I figured it would be more usable to have them specify a list of pages available to unauth users.

I created an admin settings page callback to generate the form with a single textarea input. Users will enter a list of URLs in the textarea, one per line:

<?php
function MYMODULE_menu() {
  $items = array();

  $items['admin/settings/MYMODULE'] = array(
    'title' => 'MYMODULE Settings',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('_MYMODULE_callback_admin_settings'),
    'type' => MENU_NORMAL_ITEM,
    'access arguments' => array('administer site configuration'),
  );

  return $items;
}

function _MYMODULE_callback_admin_settings() {
  $form = array();

  $form['MYMODULE_unauth_pages'] = array(
    '#type' => 'textarea',
    '#title' => 'Unauth Pages',
    '#default_value' => variable_get('MYMODULE_unauth_pages',''),
  );
   
  return system_settings_form($form);
}
?>

For this example, I entered the following URLs in the textarea:

<front>
about-us
contact-us

I then added a menu_alter hook function to override the access control for viewing nodes:

<?php
function MYMODULE_menu_alter(&$items) {
  // per unauth pages, replace the callback function
  if (function_exists('_MYMODULE_node_access')) {
    // note: access callback function was previously: node_access
    $items['node/%node']['access callback'] = '_MYMODULE_node_access';
  }
}
?>

And, then added a new access control function:

<?php
function _MYMODULE_node_access($op, $node) {

  // check if user is unauth
  if (in_array('anonymous user', array_values($GLOBALS['user']->roles))) {

    // get a list of unauth pages
    $unauth = variable_get('MYMODULE_unauth_pages','');
    $unauth = explode("\r\n", trim($unauth));
       
    // replace <front> with empty string
    if (in_array('<front>', $unauth)) {
      $unauth[array_search('<front>',$unauth)] = '';
    }
       
    // check for unauth entries
    if (is_array($unauth) && count($unauth)) {
      // check if current url is allowed
      if (!in_array($_REQUEST['q'], $unauth)) {
        return false;
      }           
    }
  }
   
  // default to node_access function result
  return node_access($op, $node);
   
}
?>

Now, unauth users have access ONLY to the pages you define and the rest of the node viewing permissions default to the node_access function.