--- protected_node.module.orig	2009-04-02 09:12:52.000000000 +0200
+++ protected_node.module	2009-04-02 09:28:25.000000000 +0200
@@ -172,35 +172,10 @@
       }
       break;
     case 'view' :
-      if ($node->is_protected && !user_access('bypass password protection')) {
-        // If we have been accessed from cron.php (f.e. search indexing)
-        if (variable_get( 'cron_semaphore', FALSE )) {
-          $node->title = '';
-          $node->teaser = '';
-          $node->body = '';
-          $node->content = array();
-        }
-        else {
-          if (!$user->uid && variable_get( 'cache', 0 )) {
-            $GLOBALS['conf']['cache'] = FALSE;
-          }
-
-          if ($node->uid !== $user->uid) {
-            // If node is protected and not teaser nor page view and not owner of node
-            if (!isset( $_SESSION['_protected_node']['passwords'][$node->nid] )) {
-              if (!$arg) {
-                $_SESSION['_protected_node']['current'] = $node->nid;
-                $destination = drupal_get_destination();
-                drupal_goto( 'protected-node', $destination );
-              }
-              else {
-                $node->teaser = '';
-                $node->body = '';
-                $node->content = array();
-              }
-            }
-          }
-        }
+      if (!protected_node_grant_access($node)){
+        $_SESSION['_protected_node']['current'] = $node->nid;
+        $destination = drupal_get_destination();
+        drupal_goto( 'protected-node', $destination );
       }
       break;
   }
@@ -256,11 +231,62 @@
   }
 }
 
+/**
+ * Implementation of hook_webfm_file_access_alter(). Allows modules to deny access
+ *   to a node without using node_access.
+ * @param boolean $access The node access grant calculated by webfm.
+ * @param object $node The node the file is attached to.
+ * @param int $fid Webfms file id.
+ * @return boolean TRUE if page is accessible without entering a password, FALSE otherwise.
+ */
+function protected_node_webfm_file_access_alter(&$access, $node, $fid) {
+  $access = protected_node_grant_access($node); 
+}
+
 /*
  * Helper functions
  */
 
 /**
+ * Checks if a node can be access without entering a password. If the password
+ *   was entered before and is cached access is granted. 
+ * @param object $node The node to be accessed.
+ * @return boolean TRUE if node is accessible without entering password.
+ */
+function protected_node_grant_access($node) {
+  global $user;
+  if ($node->is_protected && !user_access('bypass password protection')) {
+    // If we have been accessed from cron.php (f.e. search indexing)
+    if (variable_get( 'cron_semaphore', FALSE )) {
+      $node->title = '';
+      $node->teaser = '';
+      $node->body = '';
+      $node->content = array();
+    }
+    else {
+      if (!$user->uid && variable_get( 'cache', 0 )) {
+        $GLOBALS['conf']['cache'] = FALSE;
+      }
+      
+      if ($node->uid !== $user->uid) {
+        // If node is protected and not teaser nor page view and not owner of node
+        if (!isset( $_SESSION['_protected_node']['passwords'][$node->nid] )) {
+          if (!$arg) {
+            return FALSE;
+          }
+          else {
+            $node->teaser = '';
+            $node->body = '';
+            $node->content = array();
+          }
+        }
+      }
+    }
+  }
+  return TRUE;
+}
+
+/**
  * Sets the given node to protected with the provided password.
  * The password cannot be empty.
  *