Expose operations as API

I couldn't agree more, this is definitely on my TODO list.

Yes, BUMP. Something that would make this all a bit less dangerous and complex. Building a $form is a waste just to take it apart.

+1

I've been experimenting with this by just inserting the right line into the database table, nodeaccess. Is this dangerous? Are there some caching issues?

Yes, I guess that works for individual-node permissions? (Does it?) I've been playing with similar things for the default content type and role-permissions by setting the nodeaccess_TYPENAME variable. So to e.g. give authenticated users read access to 'page' type nodes, the following:

$grants = array(array(
  'gid' => 2, // 2 is 'authenticated user'
  'realm' => 'nodeaccess_rid',
  'grant_view' => 1,
  'grant_update' => 0,
  'grant_delete' => 0,
));
variable_set('nodeaccess_page', $grants);

But really it all feels too hacky... :)

Added two new hooks: hook_nodeaccess_grants_alter and hook_nodeaccess_grant_alter

These will allow modification to all grants and individual grants, respectively.

Thanks very much. I haven't tried it yet, but I'm grateful you put in the time.