How to restrict users to view their own custom content type?

Question

I am developing a custom module called 'serviceentry' which also exposes a custom content type called 'serviceentry'.

I also exposes the custom permissions as :

function serviceentry_permission() {

        return array(
           'view own serviceentry content' => array(
            'title' => t('view own serviceentry content'),
            'description' => t('view own serviceentry content')
        ),
        'view any serviceentry content' => array(
            'title' => t('view any serviceentry content'),
            'description' => t('view any serviceentry content')
        ),
        'create serviceentry content' => array(
            'title' => t('create serviceentry content'),
            'description' => t('create serviceentry content')
        ),
        'edit own serviceentry content' => array(
            'title' => t('edit own serviceentry content'),
            'description' => t('edit own serviceentry content')
        ),
        'edit any serviceentry content' => array(
            'title' => t('edit any serviceentry content'),
            'description' => t('edit any serviceentry content')
        ),
        'delete own serviceentry content' => array(
            'title' => t('delete own serviceentry content'),
            'description' => t('delete own serviceentry content')
        ),
        'delete any serviceentry content' => array(
            'title' => t('delete any serviceentry content'),
            'description' => t('delete any serviceentry content')
        ),
        'administer serviceentry' => array(
            'title' => t('administer serviceentry'),
            'description' => t('administer serviceentry')
        ),

        );
    }

Then, I check for permissions using following function.

function serviceentry_node_access($node, $op, $account) {
    $type = is_string($node) ? $node : $node->type;

    if (in_array($type, node_permissions_get_configured_types())) {
        if ($op == 'create' && user_access('create ' . $type . ' content', $account)) {
            return NODE_ACCESS_ALLOW;
        }

        if ($op == 'view') {
            if (user_access('view any ' . $type . ' content', $account) || (user_access('view own ' . $type . ' content', $account) && ($account->uid == $node->uid))) {
                return NODE_ACCESS_ALLOW;
            }
        }
        if ($op == 'update') {
            if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->uid == $node->uid))) {
                return NODE_ACCESS_ALLOW;
            }
        }

        if ($op == 'delete') {
            if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->uid == $node->uid))) {
                return NODE_ACCESS_ALLOW;
            }
        }
    }

    // Returning nothing from this function would have the same effect.
    return NODE_ACCESS_IGNORE;
}

Now, I want to restrict users to view nodes of serviceentry based whether they have 'view own serviceentry content' or 'view any serviceentry content' permissions. The above code is not working as Drupal is not passing $op='view' in order to restrict the user. If user has 'access content' permission, then all nodes are shown otherwise not. I want to have finer control over my own node type. How to do that?

Answer 1

When the implementation of hook_node_access() returns NODE_ACCESS_IGNORE, it is not denying the access to a node, but it is letting other modules decide if the user has access to the node. If none of the modules implementing hook_node_access() returns NODE_ACCESS_DENY, and none of the modules implementing hook_node_grants() returns 0 for the node, then the user has access to the node.

Answer 2

You can do the same through administrator menu (People -> Permissions). You can assign permissions by role. Perhaps I don't understand the doubt.