I created a very simple content node module called "Committee" for a very simple "Committee" node. I have created a "view committees" permission and I have a user access role that provides certain members the ability to view these so-called "Committee" nodes. It works great! If you are not logged in (or dont have permission), you do not see "Committee" nodes and if you attempt to access a "Committee" node via some URL you get the "Access Denied" message. Once a privileged uses logs in, he/she can of course view these nodes. Perfect for what I had in mind.
Then, I enabled the tracker module, a great module for listing recently updated nodes. So here's my problem: If a user is not logged in, he/she can see the "Committee" nodes listed same as the other nodes in the "Recent Posts" list. Though, if the user attempts to view any of the nodes in question, the "Access Denied" message is displayed. Have a look see at http://www.planofchicago2009.org/site/ (note we are in very early stages of development).
I have looked at the code in the tracker module and sure enough, there is no sort of user access check on the the nodes listed. I checked drupaldocs.org and there was this post http://drupaldocs.org/api/4.6/group/node_access - Node Access Rights that confirmed that with node lists, hook_access() is not called for each node for performance reasons (fair enough).
Does anyone have any thoughts on how I could acheive tracker_module-like node lists while listing only nodes that the user has access to.
Also, while I was searching drupal for possible solutions, one of my seaches was the phrase "node access" (without the quotes) and I was taken to the CVS Application From at http://drupal.org/cvs-account. Does that happen for other folks (maybe its a drupal easter egg) or maybe I am just imagining things?
