Private Node Types

This is an example module for basic node access control without implementing any cache-blocking hooks.

Popular modules for access control often implement hook_node_grants which disables Drupal core block caching. It also makes the content administration pages unnecessarily complex if you are looking to simply hide a few of your node types from the public audience and yet make them accessible to administrators.

This module has only one simple task, and it can do it in the lightest way possible: Make certain node types are only accessible if the user has one or more of the selected roles.

Technical background

Module is a dead simply yet active and effective access restriction module. It actively refuses to create, view, edit and delete nodes of the "private" types. This is done by implementing hook_node_access which is used to determine content access on node creation forms, node edit and view pages, node delete pages, and anywhere a full node object is used and node_access() function is called. This covers up much of the pages, including node/%node, node/add, node/%node/edit, node/%node/delete pages.

Even if we implement hook_node_access, your content will be shown in search pages, recent content block, Views, taxonomy term pages, and everywhere a database query is used to list nodes and a full node object is not used.
To protect the precious nodes, we implement hook_query_TAG_alter on hook_query_node_access_alter. All modules that list nodes must use the node_access tag in their queries, which is what we are altering.
In this hook, we explicitly exclude those private node types from the query if the current user does not have those admin roles.

Advantages

• Very very light-weight
• Works with Views, full node pages, and pretty much everywhere nodes are listed/shown
• No per-node privacy control = Easy to configure
• No custom tables or additional database queries

Note that this module is not suitable for fine access control. This module is all about simplicity and performance (while not forgetting anything about security of course), but if you are looking for per-node access controls, per-operation access controls, and anything beyond that, I'm afraid this module is not for you.

How to download the module

I'm already a vetted Drupal developer but before making this a full project, I think I need to do more research first. I checked several modules and majority of them either installed a custom table or disabled to the block cache. It's generally not good to release a "simpler version" of other modules and this module is clearly different. I will publish the project after making a comprehensive comparison between other modules.

If you want to give this a try, go to Version control tab and follow the instructions to clone the 7.x-1.x branch.