How can a user access only one specific node, and not all nodes of that type?
https://drupal.stackexchange.com/questions/905
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a user with view and edit rights to a specific content type. This give the privilege to all users to view and edit all the nodes of that type. But actually, I want to create for each user a unique node, so that only that user may view and edit it. How can I do this in Drupal 7 ?
Solution
Using an existing module, you can do that with Content Access, which (when used together ACL) allows to set the permissions to access a node for each user.
This means that you need to set the access permissions manually for each node.
If you manually create the nodes, and then you want to be sure that only the user who is set as owner of the node is able to view (and edit) it, then you can create a custom module (which means a module that is used for your site), and implement hook_node_access() as follows (the code has been written to make it easier to read):
function mymodule_node_access($node, $op, $account) {
// We are interested to existing objects. When the node is being created, Drupal passed the node type instead of the node object.
if (is_object($node)) {
$bool = (
($node->type == 'the node type you need to check') &&
(($op == 'view') || ($op == 'update'))
);
if ($bool) {
if ($account->uid == $node->uid) {
return NODE_ACCESS_ALLOW;
}
else {
return NODE_ACCESS_DENY;
}
}
}
return NODE_ACCESS_IGNORE;
}
Using this hook implementation, you don't need to manually edit the access permissions given for each node of that content type you create. Changing the owner of the node would also be easier, as you don't need to change the access permissions of that node; the code would automatically grant the update and view permissions to the user set as owner (or author) of the node.
OTHER TIPS
You don't need any special module or custom code to do this. Just create manualy those nodes, set appropriate users as owner (author) of the nodes and set permissions to this contentype to edit own content only (not edit any content of this type) and you are done.
What you're talking about is Drupal node access control, which is a huge subject.
The core's built-in support for node access control is rather course, and to control access to view a node by role, you must use some sort of node access control module. There is a page at Drupal.org listing all node access modules, with a capsule review of each. I suggest you take a look at that page to see if you can find a suitable module to control access.
The Flexi Access module seems to be the module that is the closest match to your requirements, as its primary function is to let you control access for individual users, rather than by role or by taxonomy term.
It is a small module that let you set up ACLs (access control lists) for individual users. It is basically a user interface for the ACL module, so you need to install that as well.
It lacks some of the features of the more advanced access control modules, such as Content Access, but it is actively maintained and there are currently no open bugs in its issue queue.
Disclosure: I am the maintainer of Flexi Access.
