user_access
Definition
user_access($string, $account = NULL, $reset = FALSE)
modules/user/user.module, line 481
Description
Determine whether the user has a given privilege.
All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.
Parameters
$string The permission, such as "administer nodes", being checked for.
$account (optional) The account to check, if not given use currently logged in user.
$reset (optional) Resets the user's permissions cache, which will result in a recalculation of the user's permissions. This is necessary to support dynamically added user roles.
Return value
Boolean TRUE if the current user has the requested permission.
Code
<?php
function user_access($string, $account = NULL, $reset = FALSE) {
global $user;
static $perm = array();
if ($reset) {
$perm = array();
}
if (is_null($account)) {
$account = $user;
}
// User #1 has all privileges:
if ($account->uid == 1) {
return TRUE;
}
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if (!isset($perm[$account->uid])) {
$result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->roles));
$perms = array();
while ($row = db_fetch_object($result)) {
$perms += array_flip(explode(', ', $row->perm));
}
$perm[$account->uid] = $perms;
}
return isset($perm[$account->uid][$string]);
}
?>