I am trying to block the current user from performing any action (view, update, delete) on a node. The user should only be able to view, update, delete the node being displayed if he is the owner of the node, or the owner of the node is a subuser of his (I am using the Subuser module).

The function below returns the correct value for the various tests I performed, but when the function returns NODE_ACCESS_DENY, the access isn’t denied. The user can still see the node.

Is there something I am missing?

function mymodule_node_access($node, $op, $account) {   $type = is_string($node) ? $node : $node->type;   if (is_object($node)) {     if ($node->type == 'my_content_type') {       // Determine the current uid and, if the user doesn't have the right role, deny the access       if (is_array($account->roles) && in_array('vip', $account->roles)) {         $current_uid  = $account->uid;       } elseif ( is_array($account->roles) &&                  !in_array('administrator', $account->roles)) {         return NODE_ACCESS_DENY;       } else {         return NODE_ACCESS_ALLOW;       }        // Determine the node owner.       $node_owner = $node->uid;        // If the node owner is the same as the current user, allow to view the node       if ($current_uid == $node_owner) {         return NODE_ACCESS_ALLOW;       }        // If not, check if the node owner is a subuser of the current vip user       $node_owner_profile = user_load($node_owner);       if (isset($node_owner_profile->field_parent[LANGUAGE_NONE][0]['value'])) {         if ($node_owner_profile->field_parent[LANGUAGE_NONE][0]['value'] == $current_uid) {           return NODE_ACCESS_ALLOW;         } else {           return NODE_ACCESS_DENY;         }       } else {         return NODE_ACCESS_DENY;       }     }   }    return NODE_ACCESS_IGNORE; }