Chapter 7. The Drupal Access System
Using the Drupal access system to limit which users can see which content
Drupal core provides many features that are used only by additional contributed modules. One such example is the node access API, which allows additional modules to provide finer-grained control for access to site content. Drupal core provides permissions to access content, which apply equally to all node types, and then for each node type, the create, delete own, delete any, edit own, and edit any permissions. With contributed modules it's possible to create a new level of control, like "edit any content created within the last two weeks" or "view content with a particular taxonomy term."
This chapter explores the access system in two ways:
It explores the code that all module developers should implement to make sure that their modules respect the access rules created by other developers.
It explores the Private module, which is a very simple node access module.
NOTE
The access system primarily applies to nodes, and that is the focus of this chapter. Similar capabilities apply to taxonomy terms and comments, though they are not as commonly implemented.
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
