W3cubDocs

/Drupal 8

function hook_node_grants_alter

hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface $account, $op)

Alter user access rules when trying to view, edit or delete a node.

Node access modules establish rules for user access to content. hook_node_grants() defines permissions for a user to view, edit or delete nodes by building a $grants array that indicates the permissions assigned to the user by each node access module. This hook is called to allow modules to modify the $grants array by reference, so the interaction of multiple node access modules can be altered or advanced business logic can be applied.

The resulting grants are then checked against the records stored in the {node_access} table to determine if the operation may be completed.

A module may deny all access to a user by setting $grants to an empty array.

Developers may use this hook to either add additional grants to a user or to remove existing grants. These rules are typically based on either the permissions assigned to a user role, or specific attributes of a user account.

Parameters

array $grants: The $grants array returned by hook_node_grants().

\Drupal\Core\Session\AccountInterface $account: The account requesting access to content.

string $op: The operation being performed, 'view', 'update' or 'delete'.

See also

hook_node_grants()

hook_node_access_records()

hook_node_access_records_alter()

Related topics

Hooks
Define functions that alter the behavior of Drupal core.
Node access rights
The node access system determines who can do what to which nodes.

File

core/modules/node/node.api.php, line 270
Hooks specific to the Node module.

Code

function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface $account, $op) {
  // Our sample module never allows certain roles to edit or delete
  // content. Since some other node access modules might allow this
  // permission, we expressly remove it by returning an empty $grants
  // array for roles specified in our variable setting.

  // Get our list of banned roles.
  $restricted = \Drupal::config('example.settings')->get('restricted_roles');

  if ($op != 'view' && !empty($restricted)) {
    // Now check the roles for this account against the restrictions.
    foreach ($account->getRoles() as $rid) {
      if (in_array($rid, $restricted)) {
        $grants = array();
      }
    }
  }
}

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!modules!node!node.api.php/function/hook_node_grants_alter/8.1.x