Question: if I use the node_load api to read nodes on which there is an organics group, does Drupal check if I am a member of the authorized group?
Thanks
Asked
Active
Viewed 10 times
1 Answers
0
Short answer is no. Following the rabbit hole you can check the source code of node_load here, which basically is just a call to node_load_multiple, which in turn is a call to entity_load - which actually loads the node.
Security should be implemented prior to this call, when defining which nodes to load, not when loading the nodes.
Hope this helps!
Alberto
- 880
- 5
- 15