Currently using hook_node_access() basing on references in only partialy possible.
Everything works well on "update', 'view', 'delete' where the node is already referenced, but not on create.

This is due to the fact that hook_node_access() doesn't know the node which is to be referenced. So if I want to restrict referecing based on some more logic, I have to

  • allow create node_type for all users
  • use hook_node_view to hide reference links on nodes where they do not have access
  • check on submit if the user had right to reference the particular node
  • use hook_node_access() on all other operations

Maybe it would be better to write a wrapper function around hook_node_access() in your module and provide an api via which modules could do more indepth access operations taking into account both nodes as arguments. This would open this module to new opporunities and would allow other modules to write custom implementations for specific scenarios.

I would be happy to help with developement of this functionality if you would be willing to incorporate it in the module.

Comments

Jaapx’s picture

Experiencing the same compatibility problem I discoverded that the patch on http://drupal.org/node/397606 was not completly applied in the module. After adding the second condition in the if statement (isset($form['form_build_id']) ) the module worked as expected. A little testing with the url showed that the module protected against wrong url's.
I tested this only with:

- Fallback behavior: Display page not found error
- Use fallback scenario when editing content