Hi,

Just a quick question- how do I grant (using PHP) xyz permissions to a node if I have just the $nid and the $uid to which I want to grant those permissions?

Many thanks,
Chris.

Comments

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented
Status: Active » Fixed 
$acl_id = acl_create_new_acl('my_module', 'name/id of this grant');
acl_add_user($acl_id, $uid);
acl_node_add_acl($nid, $acl_id, $view, $update, $delete, $priority = 0);

Look at the code (and comments) in acl.module — it's quite straight-forward...

chrism2671’s picture

chrism2671 CreditAttribution: chrism2671 commented

Thanks that's a real help. With respect to 'my_module', which module is that? For a content type, would that be 'node'?

chrism2671’s picture

chrism2671 CreditAttribution: chrism2671 commented

OK I've actually got my head around this now and it works. The only problem I'm still having is with respect to permissions - when the PHP is run by an admin it works fine, but when it is run by a normal authenticated user, it has no effect.

What do you think I've missed?

Thanks,
Chris.

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

'my_module' should be the module that contains the code that calls the ACL functions. If you install devel_node_access, you should be able to tell, who is responsible for any given ACL grant.

You may have to [Rebuild permissions]. ACL being a helper module, it defers this to the caller. I very much recommend installing devel_node_access and enabling its debug mode.

chrism2671’s picture

chrism2671 CreditAttribution: chrism2671 commented

OK, what I've done is a bit of hack. I've stuck this code into part of a CCK computed field's PHP, which means that it executes 'on submit' of a content type.

$acl_id=acl_get_id_by_name('content_access',"view_$nid");
acl_add_user($acl_id, $job_poster);

I've been using the content access module elsewhere on the site, which is how I learnt about ACL. I adopted a similar syntax to the code I found in the content access module, which lead me to the code above. It performs the exact task I'm looking for when logged in as admin, but sadly won't work if I'm logged in as a normal user.

What do you suppose might be the problem? I'm guessing it's with the use of the 'content_access' module, or does this field not really matter...?

Thanks for all your help!

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

You should not be using a realm that's used by an existing module. This will probably confuse that other module, and it will most certainly confuse you when you look at the grants in devel_node_access. Use something like 'chrism' instead!

Or are you trying to cooperate with CA?

Again, enable DNA's debug mode and look at your nodes, then you'll see everything.

chrism2671’s picture

chrism2671 CreditAttribution: chrism2671 commented

OK. I've enabled DNA and it's very useful. I've adjusted the module to be something else, not 'content_access'.

Though I can clearly see what grants have taken place (and confirm this looking at the ACL tables in the database), it still refuses to actually perform the grants unless admin is logged - suggesting there maybe be a permissions issue. Clearly there is no 'access control' section for ACL, and the devel tools don't reveal what happens 'on submit' (including the query logger). Any other ideas what might be bottlenecking the grant?

Thanks again!
Chris.

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

it still refuses to actually perform the grants unless admin is logged

I don't understand what you mean with this. Please post the output from DNA's debug mode of one node, once for the admin and once for a user that doesn't work.

chrism2671’s picture

chrism2671 CreditAttribution: chrism2671 commented

Sorry I meant 'logged in'.

Despite running the code specified, the DNA output is as follows:

node_access entries for nodes shown on this pagenode realm gid view update delete explained
Job Application content_access_author 10 1 0 0 Content access: author of the content can access

In other words, the code I pasted previously works correctly, but it only works if logged in as admin. It doesn't work for normal users.

chrism2671’s picture

chrism2671 CreditAttribution: chrism2671 commented

I've modified the code now to be the following, based on a re-read of the ACL module code:

if($job_poster!=0){
$acl_id=acl_get_id_by_name('content_access',"view_$nid");
if(!$acl_id)
$acl_id=acl_create_new_acl('content_access',"view_$nid");
acl_add_user($acl_id, $job_poster);
acl_node_add_acl($nid,$acl_id,1,0,0,0);

This appears to do the trick. I have reverted back the module to 'content_access'. I noted your warning with respect to this causing problems, however it did not work when using any other name.

Thanks for all your help!

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

I still don't really understand what you're doing and you haven't shown convincing DNA output, but if you're sure that it does what you want, then I won't argue.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.