Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.978
diff -u -p -r1.978 node.module
--- modules/node/node.module	27 Sep 2008 19:47:43 -0000	1.978
+++ modules/node/node.module	6 Oct 2008 04:03:24 -0000
@@ -2242,35 +2242,31 @@ function node_db_rewrite_sql($query, $pr
   }
 }
 
-
 /**
  * Implementation of hook_query_alter().
- * @todo This doesn't quite work yet.
  */
-function DISABLED_node_query_alter(Query $query) {
-  if ($query->hasTag('node_access')) {
-    if (! user_access('administer nodes')) {
-      $query->distinct();
+function node_query_alter(QueryAlterableInterface $query) {
+  if ($query->hasTag('node_access') && !node_access_view_all_nodes()) {
+    $query->distinct();
+    if (!user_access('adminsiter nodes')) {
       $access_alias = $query->join('node_access', 'na', 'na.nid = n.nid');
-      dsm('hello');
-      _node_query_alter_where($query, 'view', $access_alias);
-    }
-  }
-}
+      $or = db_or();
+      foreach (node_access_grants($op, $account) as $realm => $gids) {
+        foreach ($gids as $gid) {
+          $or->condition("{$access_alias}.gid = :gid AND {$access_alias}.realm = :realm", array(
+            ':gid' => $gid,
+            ':realm' => $realm,
+          ));
+        }
+      }
 
-function _node_query_alter_where($query, $op = 'view', $node_access_alias = 'na', $account = NULL) {
-  $or = db_or();
-  foreach (node_access_grants($op, $account) as $realm => $gids) {
-    foreach ($gids as $gid) {
-      $or->condition("{$node_access_alias}.gid = :gid AND {$node_access_alias}.realm = :realm", array(':gid' => $gid, ':realm' => $realm));
-    }
-  }
+      if (count($or->conditions())) {
+        $query->condition($or);
+      }
 
-  if (count($or->conditions())) {
-    $query->condition($or);
+      $query->condition("$node_access_alias.grant_$op", '>=', 1);
+    }
   }
-
-  $query->condition("$node_access_alias.grant_$op", '>=', 1);
 }
 
 /**
Index: modules/node/node.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.test,v
retrieving revision 1.6
diff -u -p -r1.6 node.test
--- modules/node/node.test	17 Sep 2008 05:26:51 -0000	1.6
+++ modules/node/node.test	6 Oct 2008 04:03:24 -0000
@@ -460,3 +460,109 @@ class NodeTitleXSSTestCase extends Drupa
     $this->assertNoRaw($xss, t('Harmful tags are escaped when editing a node.'));
   }
 }
+
+
+class NodeAccessTestCase extends DrupalWebTestCase {
+  protected $nodes;
+  protected $logs;
+  protected $user;
+
+  /**
+   * Implementation of getInfo().
+   */
+  function getInfo() {
+    return array(
+      'name' => t('Node access'),
+      'description' => t('Test that the node access system works.'),
+      'group' => t('Node'),
+    );
+  }
+
+  /**
+   * Implementation of setUp().
+   */
+  function setUp() {
+    parent::setUp();
+
+    $this->setUpCreateUser();
+    $this->setUpCreateNodes();
+    $this->setUpResetNodeAccess();
+  }
+
+  /**
+   * Create our test user who has only limited access.
+   */
+  function setUpCreateUser() {
+    // Create and login user.
+    $web_user = $this->drupalCreateUser(array('access content'));
+    $this->user = $web_user;
+    $this->drupalLogin($web_user);
+  }
+
+  /**
+   * Create our test node and some revisions.
+   */
+  function setUpCreateNodes() {
+    // Create initial node.
+    $node = $this->drupalCreateNode();
+    $settings = get_object_vars($node);
+    $settings['revision'] = 1;
+
+    $nodes = array();
+    $logs = array();
+
+    // Get original node.
+    $nodes[] = $node;
+
+    // Create three revisions.
+    $revision_count = 3;
+    for ($i = 0; $i < $revision_count; $i++) {
+      $logs[] = $settings['log'] = $this->randomName(32);
+
+      // Create revision with random title and body and update variables.
+      $this->drupalCreateNode($settings);
+      $node = node_load($node->nid); // Make sure we get revision information.
+      $settings = get_object_vars($node);
+
+      $nodes[] = $node;
+    }
+
+    $this->nodes = $nodes;
+    $this->logs = $logs;
+  }
+
+  /**
+   * Reset node access to its default "do nothing" state.
+   */
+  function setUpResetNodeAccess() {
+    db_delete('node_access')->execute();
+    db_insert('node_access')
+      ->fields(array(
+        'nid' => 0,
+        'gid' => 0,
+        'realm' => 'all',
+        'grant_view' => 0,
+        'grant_update' => 0,
+        'grant_delete' => 0,
+      ))
+      ->execute();
+  }
+
+  /**
+   * Confirm that we can access our node when not using any node access rules.
+   */
+  function testNormalAccess() {
+
+    $node = $this->nodes[0];
+
+    $select = db_select('node');
+    $select->addField('node', 'nid', 'nid');
+    $select->addField('node', 'title', 'title');
+    $select->condition('type', $node->type);
+    $select->condition('status', 1);
+    $select->addTag('node_access');
+    $records = $select->execute()->fetchAll();
+
+    $this->assertEqual(count($records), 1, t('Found one node.'));
+  }
+}
\ No newline at end of file