Posted by onyx on Tue, Sep 19, 2023 - 2:12pm

I just wanted to share a quick solution to a probably common problem;

Problem description:

I wanted to be able to provide full EDIT access to a particular node, based upon the user having "ownership" of that node, whilst not authoring it, yet restricting them from editing other nodes of the same type, but which were not assigned to them.

Problem example:

Each Organisation has one or more Organisation Contacts. These contacts are Users in the system. The Organisation is a content type in the system. Each user has an optional field that correlates to the Organisation that they are an Org Contact for. The user also has a role set ("Organisation") when they become an Org Contact.

Solution:

In a custom module, use a call to the hook_node_access like so:

 

function mymodule_node_access($node,$op,$account){

//implement hook_node_access

// https://docs.backdropcms.org/api/backdrop/core%21modules%21node%21node.api.php/function/hook_node_access/1

// this does a check against the Organisation field of a Org Contact, and gives them access to UPDATE the org

foreach ($account->roles as $k=>$role) { //skip over the User account Roles


if($role=="organisation"){

$u=user_load($account->uid); //load the full user now, so we have access to their custom fields

if(isset($u->field_organisation['und'][0])){ // field_organisation is the field set to show which Org they are a Contact of

$oid=$u->field_organisation['und'][0]['target_id']; // the orgID

if($oid==$node->nid && $op=="update"){ // do the work of allowing them access to the UPDATE mode

return NODE_ACCESS_ALLOW;

}

}

}

}

}