Filter Content to what the Current User can Edit

This is unfortunately kind of tough. Not impossible, I suppose, but the node_access query is kind of rough. Still, this is an interesting feature request.

Yeah, core db_rewrite_sql() and node_db_rewrite_sql() do not help much here at all. They assume 'view' operation.

While Views does not handle this natively, it should be possible to create a filter that links into node_access similar to what db_rewrite_sql does and checks 'update' rather than 'view'. This may be a useful feature in the future.

This can be very useful feature especially in fusion with CCK's nodereference feature - using view to generate list of nodes that can be referenced.

I hope someone can code this...

Subscribing... I really need this functionality.

+1 for this feature!
Anyone can point me to the Views2 API that could help developing this filter?

+1 / subscribing

Now that the node_access filter is in, a relatively small patch to add an option to views_handler_filter_node_access.inc should allow checking for view, update or delete access quite easily.

Should we expect such a patch soon, or do you just mean it's theoretically possible to make one? I'm not quite at that place with Drupal yet, but I could really use this feature on a current project. Either way, thanks so much for all your work!

This should be a relatively easy patch for someone to write.

subscribing

As most things, this is not as simple as it seems

1) user_access('edit any content')

2) The node_access filter doesn't work when a node access module is not in use since the sole content of the node_access table is...

+-----+-----+-------+------------+--------------+--------------+
| nid | gid | realm | grant_view | grant_update | grant_delete |
+-----+-----+-------+------------+--------------+--------------+
| 0 | 0 | all | 1 | 0 | 0 |
+-----+-----+-------+------------+--------------+--------------+

And it does a left join on nid = nid but there is no nid to join on in there.

This is what I have so far

(This is it's own seperate filter, not using the view access filter due. if I have the time I'll try and make a patch for views (it's in a separate module that contains various other filters and random code, I can link to it later). )

file views_handler_filter_node_edit_access.inc

// $Id: views_handler_filter_node_access.inc,v 1.1 2009/06/02 20:09:33 merlinofchaos Exp $
/**
 * Filter by node_access records.
 */
class views_handler_filter_node_edit_access extends views_handler_filter {
  function admin_summary() { }
  function operator_form() { }
  function can_expose() {
    return FALSE;
  }

  /**
   * See _node_access_where_sql() for a non-views query based implementation.
   */
  function query() {
    if (!user_access('administer nodes')) {
          $table = $this->ensure_my_table();
          $grants = array();
          /*$this->table_alias 
          not sure how else to get the base table 
          */
            if (!empty($this->relationship)) {
              $this->table_alias = $this->relationship;
            }
            else if (isset($this->query->table_queue[$this->query->base_table]['alias'])) {
              $this->table_alias = $this->query->table_queue[$this->query->base_table]['alias'];
            }
            else {
              return;
            }
          $or = array();
            foreach( node_get_types() as $type=>$values) {
                if (user_access('edit any '. $type .' content')) $or[] = "$this->table_alias.type = '$type'";
          } 
           
          /* test to see if there's node access*/  
          if (count(module_implements('node_grants'))) {
              foreach (node_access_grants($op, $account) as $realm => $gids) {
                foreach ($gids as $gid) {
                  $grants[] = "($table.gid = $gid AND $table.realm = '$realm')";
                }
              }
              $grants_sql = '';
              if (count($grants)) {
                $grants_sql = implode(' OR ', $grants);
              }
              $this->query->add_where('AND', $grants_sql);
              
              if ($or) $add = " OR  (".implode(" OR ", $or).")";
              $this->query->add_where('AND', "$table.grant_update >= 1 $add");
          } else {
            global $user;
             if ($user->uid) $or[] =  "$this->table_alias.uid = $user->uid";
             else $or[] = '0' ;
             $this->query->add_where('AND', implode(" OR ", $or));
          }
    }
  }
}

file module name.views.inc

function <module name>_views_data() {
    $data['node_access']['nid_edit'] = array(
    'title' => t('Edit access'),
    'real field' => 'nid',
    'help' => t('Filter by edit access.'),
    'filter' => array(
      'handler' => 'views_handler_filter_node_edit_access',
      'help' => t('Filter for nodes by edit access.'),
    ),
  );


        return $data;
}


function <module name>_views_handlers() {
  return array(
    'info' => array(
      'path' => drupal_get_path('module', '<module name>'),
    ),
    'handlers' => array(
    'views_handler_filter_node_edit_access' => array(
        'parent' => 'views_handler_filter',
      ),
    ),
  );
}

file module name.module

function <module name>_views_api() {
  return array(
    'api' => 2,
    'path' => drupal_get_path('module', '<module name>'),
  );
}

subscribing

I could really use this functionality on my current project. I've looked at a bunch of other modules (Workspace, Module Grants, UDashboard), but none of them offer the exposed filters provided by Views. If hefox (or someone else more skilled than I) could convert the code in #14 into a patch, I'd be happy to help test it.

There's one more aspect I forgot about the checking edit permission is for custom module nodes type that implement ... hook_node_access? The above code does not take that into consideration. Oh, and also need to add in a 'edit own $type content' check.

ATM a bit busy, and frankly a bit 'I'm not worthy' to submit a patch to views .. XD

oh, idealy it should be joined with the view access filter as mentioned above instead of being independent.

subscribing

I have been using a php snippet for a couple years now:

<p>&nbsp;</p>
<?php 
  $listlength="20";
  global $user;
  $result1 = pager_query(db_rewrite_sql("SELECT n.nid FROM {node} n INNER JOIN {node_access} t ON t.nid=n.nid WHERE n.status=1 AND t.gid=$user->uid AND t.grant_update=1 ORDER BY n.sticky DESC, n.created DESC"), $listlength);
  while ($node = db_fetch_object($result1)) {
    $thisNode = node_load(array('nid' => $node->nid));
    $output2 .= l($thisNode->title, drupal_get_path_alias("node/".$thisNode->nid)); ;
    $output2 .= "<br><br>";
  };
  if ($output2) {
    print $output2; 
    print theme('pager', NULL, 20);
  } else print "You do not have privileges to edit content";
?>

I just create a new page, put this in the body and set the input format as PHP, it should work on both 5.x and 6.x sites.

Marking dup of #620392: Allow edit and delete access check in "Node Access: Access" filter per merlin.