Contrib.social

Add an event or hook that's fired when node access rebuild is completed, or update docs to reflect it's not possible

Open on Drupal.org β†’
Created on 31 October 2018, almost 7 years ago
Updated 19 March 2025, 5 months ago

I need to add a special "view all" record (nid 0) into the node_access table. The only appropriate place to insert this special record is when the records are rebuilt.

The documentation on hook_node_grants says this:

Node access records are stored in the {node_access} table and define which grants are required to access a node. There is a special case for the view operation -- a record with node ID 0 corresponds to a "view all" grant for the realm and grant ID of that record. If there are no node access modules enabled, the core node module adds a node ID 0 record for realm 'all'. Node access modules can also grant "view all" permission on their custom realms; for example, a module could create a record in {node_access} with:

...

If you decide to do this, be aware that the node_access_rebuild() function will erase any node ID 0 entry when it is called, so you will need to make sure to restore your {node_access} record after node_access_rebuild() is called.

However, there's currently no way for a contrib module to reliably run code after that rebuild has been completed. I found this old Stack Overflow post about someone asking how to do this, and the only answer indicates you should use an additional form submit handler for the form that most people would use to manually rebuild node access records. However there are other areas that this rebuild would occur where that approach would not work.

This could be solved by firing an event or invoking a hook at the end of the function. Or, if we won't do it, we should update the documentation to say that it's not possible.

✨ Feature request
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component

node system

Created by

πŸ‡ΊπŸ‡ΈUnited States bkosborne New Jersey, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 5 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia acbramley

    From NodeAccessControlHandlerInterface::acquireGrants documentation we have hook_node_access_records and hook_node_access_records_alter is this sufficient?

  • Comment 5 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bkosborne New Jersey, USA

    Unfortunately, no. This issue is about node grants, not node access records. Grants are what define the access rules for a node, and access records are what assign individual users the keys to unlock those grants. What we need here is the ability to hook into the process when node access grants are rebuilt, which doesn't exist.

    I created this issue 7 years ago, and I clearly found some kind of workaround, I just don't know what it is!

  • Comment 5 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bkosborne New Jersey, USA
  • Status changed to Active about 1 month ago
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    The issue closed as a duplicate proposed adding a new hook, with the following patch (this won't apply; it was from 2017):

    diff --git a/core/modules/node/node.api.php b/core/modules/node/node.api.php
index 604187406b..3f0fcd1756 100644
--- a/core/modules/node/node.api.php
+++ b/core/modules/node/node.api.php
@@ -236,6 +236,26 @@ function hook_node_access_records_alter(&$grants, Drupal\node\NodeInterface $nod
 }
 
 /**
+ * Acts when saving node access records.
+ *
+ * This hook runs after node access records were saved.
+ *
+ * @param array $grants
+ *   The saved grants.
+ * @param \Drupal\node\NodeInterface $node
+ *   The node for which the grants were saved.
+ *
+ * @see hook_node_access_records()
+ * @see hook_node_access_records_alter()
+ * @see hook_node_grants()
+ * @see hook_node_grants_alter()
+ * @ingroup node_access
+ */
+function hook_node_access_records_save($grants, Drupal\node\NodeInterface $node) {
+  mymodule_node_access_records_saving_reaction($node, $grants);
+}
+
+/**
  * Alter user access rules when trying to view, edit or delete a node.
  *
  * Node access modules establish rules for user access to content.
diff --git a/core/modules/node/src/NodeGrantDatabaseStorage.php b/core/modules/node/src/NodeGrantDatabaseStorage.php
index 993d0950d1..73dbca7259 100644
--- a/core/modules/node/src/NodeGrantDatabaseStorage.php
+++ b/core/modules/node/src/NodeGrantDatabaseStorage.php
@@ -238,6 +238,9 @@ public function write(NodeInterface $node, array $grants, $realm = NULL, $delete
         }
       }
       $query->execute();
+
+      // Let modules react for grants saving.
+      $this->moduleHandler->invokeAll('node_access_records_save', [$grants, $node]);
     }
   }

    That's a legacy pattern, but this does seem like a reasonable feature request in concept.

  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • Comment about 1 month ago β†’
    πŸ‡·πŸ‡ΊRussia kalistos
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • First commit to issue fork.
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024