04 MAR

Lesson 08: Lesson #08 - Node Access & db_rewrite_sql

Update: Now with VictorKane's awesome Class Notes!

This lesson provides an introduction to Drupal's node access system. Initially, we'll create a basic module that uses hook_db_rewrite_sql() to implement a node access restriction system.

Once the concepts are grasped we'll lift the hood on some other Drupal access control modules and see how these work using Drupal's built-in node_grant abilities.

There were 75 participants in IRC and 50 people in the skypecast today.

Basic Node Access Control

Create a basic module that restricts access to anonymous users but allows access for authenticated users on certain nodes.
Our personal access table and pre-populating it (for demonstration purposes).
hook_form_alter() to add a checkbox to the node edit form.
hook_nodeapi() to create a flag on the node and apply viewing access control.
hook_db_rewrite_sql() to implement the list view access control.

[ Read more ]

Class Notes

Feedback: Tell us how we did, and how we can make it better!
[ Leave Feedback ]View Lesson Feedback (1)

23 APR

Hook_perm walkthrough

Dmitri gives us an insight into how hook_perm works - it's easier than you think, and a vital part of permissions control.

Thanks again to Dipen for the lesson notes!

HowTo: Safely setup a multisite installation

Url:

http://www.contractwebdevelopment.com/drupal-multisite-configurations-and-hosts

Description:

"It's possible for malicious users of one site to access protected files of multisite installations if they are given the ability to run PHP code. For example, the normally protected settings.php file (which hides confidential database access information) of one multisite could be accessible by another by running the following PHP snippet:"