ACL API Utilization For Creating Access Control Lists


There are certain instances in the web development process when you are being encouraged to implement access control practices that fulfill none of the criteria. That happens if, say, you are going to attach permissions to certain nodes of the same material type, or in case certain users (who have similar roles) should be granted permissions to review a particular material. To have this type of functionality implemented, one needs to make use of ACL API.

Thus we are going to install the following modules

ACL is the module which is expected to supply us with API so that the lists of permissions could be created. The module lacks user interface and is only utilized to cater to other modules’ needs.
Content Access allows for managing the permissions that are attached to certain material types.

Now we will skip through some major functions employed for ACL operation. So that a new permissions list might be created, the following function is implemented (see below):

acl_create_acl($module, $name = NULL, $number = NULL)

We observe that the above function’s taking three arguments, i.e. the module name, the newly created ACL name and number. Returned by this function is the newly created ACL’s identifier. Adding the material to the list is performed with use of the function below:

acl_node_add_acl($nid, $acl_id, $view, $update, $delete, $priority = 0)

This function operates the following way: the dedicated material is assigned with or revoked the selected permissions (view, edit, delete), while use of the previously created ACL being made. Adding a new user to the newly created list is performed with the following:

acl_add_user($acl_id, $uid)

where $uid is the user identifier.

Thus far, we have examined some major functions that are implemented to create a new ACL, and at this point a number of practical tasks might be performed to help develop the relevant skills. The first one suggests granting to some user ($uid), who has a “Customer” role, a review permission that’s attached to some sort of material ($nid). We start with revoking the role’s display right permission per selected type material (Content Access module being used for that). To ensure the permission per the material will be granted to a certain user with a “Customer” role we, next, write the following:

// Create a new ACL.
$acl_id = acl_create_acl('your_module_name', 'your_access_name');
// Provide access control to a node based upon an ACL id.
acl_node_add_acl($nid, $acl_id, 1, 0, 0, 0);
// Add the specified UID to an ACL.
acl_add_user($acl_id, $uid);
// Node access grants for rebuilding.

In the above example we were using node_access_needs_rebuild function so as to rearrange the permissions. To get the whole thing going, we make sure the Drupal’s permission system has duly been taken into account. Hence, we are adding the following: 

 * Implementation of ACL hook hook_enabled()
function id_acl_enabled() {
  return !id_acl_disabling();
 * Implements hook_disable().
function id_acl_disable() {
 * Remembers if we have disabled access.
function id_acl_disabling($set = NULL) {
  static $disabling = FALSE;
  if ($set) {
    $disabling = $set;
  return $disabling;

Not all users with “Customer” role have got the privilege to view the materials, whereas they are only getting displayed to that user who has received a proper access permission from us.

There exist, at the same time, functions that are used for removing users and materials from an ACL and they are also capable of deleting the list itself. Let us skip through them:

acl_delete_acl($acl_id) removes ACL due to it’s identifier.
acl_node_clear_acls($nid, $module) removes all ACL from the material.
acl_node_remove_acl($nid, $acl_id) removes the selected material out of the ACL.
acl_remove_user($acl_id, $uid)  removes user out of the ACL.

The complete list of functions is accessible here.

As we have seen, the skill  of utilizing  ACL is quite handy, particularly, in the instances when you are into creating custom access permission lists.

7 votes, Rating: 5

Read also


Module rules allows us to implement the events (actions) after performing certain actions (events).It has a...


Let us give a brief outline of the library to be going withpChart ...


There are situations when you need to transfer data from one database to another. This article is meant to cater...


Nowadays iPhone and iPad (further iGadgets) are not something unfamiliar for us. Very often developers come across with the tasks connected with the realization of functional for these...


There may be instances when a web developer needs to transfer some database changes from one site to another. Moving the...

Need a quote? Let's discuss the project

Are you looking for someone to help you with your Drupal Web Development needs? Let’s get in touch and discuss the requirements of your project. We would love to hear from you.

Join the people who have already subscribed!

Want to be aware of important and interesting things happening? We will inform you about new blog posts on Drupal development, design, QA testing and more, as well news about Drupal events.

No charge. Unsubscribe anytime