Demystifying Access Control

This session will explain what goes on behind the scenes regarding access control, and walk through the decision tree Drupal takes to choose what content is available to a user. By the end of the session an attendee will have the required tools and knowledge to implement their own access control module, or feel confident enough to write the logic needed to make two or more of the contrib modules work together.

We will start with a brief overview of popular access control modules, such as "Organic Groups", "TAC", "Workbench", etc. Then we will take a step beyond "hook_node_access()" - and why you should avoid it -, and learn to use the Grant API to implement your own access control modules. We will also cover how the Entity API plays in to control access to non-node entities.

Code samples will showcase Drupal 8.x, but most of the logic applies to Drupal 7 as well. Experience with site building and module develoment is assummed.