Subject says it all.
So I'm writing a module. And it EXTENDS the information retrieved by another, rather than restricts it.
Done in one command, the SQL would look like:
$sql = "SELECT x.* FROM x INNER JOIN y ON x.id=y.x_id".
" WHERE (x.private IS NULL OR y.private IS NULL)".
" AND y.group_id IN (".implode(",", $user->groups).");"
See, all items in table x can be public/private, but there is a further table y that can make certain certain items public for people who belong to a group. [As this list is displayed verbatim, I don't believe it is fit for node_access; afaik Drupal has no built-in system to not show things that are either not user_access or node_access allowed in SQL, which means I'd have to reinvent the wheel.]
The problem I see is that db_rewrite_sql merges the WHERE clauses together using AND's, but as you can see, the clause requires it to be merged as an OR.
I've got a big thing about leaving modules I didn't write untouched (and thus easily upgradable) but I'm becoming afraid I might have to modify a module.
Or could this problem be solved as a restriction? [I don't think so, the only restriction I see is to show ALL items, but have module Y determine what to hide, which isn't good coding, as now X depends on Y and Y on X.]