diff options
| author | David Rothstein <drothstein@gmail.com> | 2016-02-01 19:06:41 -0500 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2016-02-01 19:06:41 -0500 |
| commit | 11e18568f951cb431b0e0e6514767f2516e0d75b (patch) | |
| tree | db8a11b614589adf03473c37776b7c70ad400aa6 | |
| parent | aa755ed3763f5aa442c3a399981b7c5d6590f515 (diff) | |
| download | brdo-11e18568f951cb431b0e0e6514767f2516e0d75b.tar.gz brdo-11e18568f951cb431b0e0e6514767f2516e0d75b.tar.bz2 | |
Issue #1559506 by finnydobson, JuliaKM, snehi, anil280988, priya.chat, laranajim, jhodgdon, alexpott: Query alter docs need some clarification
| -rw-r--r-- | modules/node/node.module | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/node/node.module b/modules/node/node.module index af0e3860d..1d88834cd 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -2953,7 +2953,10 @@ function node_search_validate($form, &$form_state) { * system. When adding a node listing to your module, be sure to use a dynamic * query created by db_select() and add a tag of "node_access". This will allow * modules dealing with node access to ensure only nodes to which the user has - * access are retrieved, through the use of hook_query_TAG_alter(). + * access are retrieved, through the use of hook_query_TAG_alter(). Tagging a + * query with "node_access" does not check the published/unpublished status of + * nodes, so the base query is responsible for ensuring that unpublished nodes + * are not displayed to inappropriate users. * * Note: Even a single module returning NODE_ACCESS_DENY from hook_node_access() * will block access to the node. Therefore, implementers should take care to |