function user_access

You are here

7 user.module user_access($string, $account = NULL)
4.6 user.module user_access($string, $account = NULL)
4.7 user.module user_access($string, $account = NULL)
5 user.module user_access($string, $account = NULL)
6 user.module user_access($string, $account = NULL, $reset = FALSE)
8 user.module user_access($string, AccountInterface $account = NULL)

Determine whether the user has a given privilege.

Parameters

$string: The permission, such as "administer nodes", being checked for.

$account: (optional) The account to check, if not given use currently logged in user.

$reset: (optional) Resets the user's permissions cache, which will result in a recalculation of the user's permissions. This is necessary to support dynamically added user roles.

Return value

Boolean TRUE if the current user has the requested permission.

All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.

120 calls to user_access()
aggregator_block in modules/aggregator/aggregator.module
Implementation of hook_block().
aggregator_categorize_items_validate in modules/aggregator/aggregator.pages.inc
Validate aggregator_categorize_items form submissions.
block_admin_configure in modules/block/block.admin.inc
Menu callback; displays the block configuration form.
blogapi_blogger_edit_post in modules/blogapi/blogapi.module
Blogging API callback. Modifies the specified blog node.
blogapi_blogger_new_post in modules/blogapi/blogapi.module
Blogging API callback. Inserts a new blog post as a node.

... See full list

6 string references to 'user_access'
aggregator_menu in modules/aggregator/aggregator.module
Implementation of hook_menu().
menu_menu in modules/menu/menu.module
Implementation of hook_menu().
statistics_menu in modules/statistics/statistics.module
Implementation of hook_menu().
user_menu in modules/user/user.module
Implementation of hook_menu().
_menu_check_access in includes/menu.inc
Check access to a menu item using the access callback

... See full list

File

modules/user/user.module, line 511
Enables the user registration and login system.

Code

function user_access($string, $account = NULL, $reset = FALSE) {
  global $user;
  static $perm = array();

  if ($reset) {
    $perm = array();
  }

  if (!isset($account)) {
    $account = $user;
  }

  // User #1 has all privileges:
  if ($account->uid == 1) {
    return TRUE;
  }

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  if (!isset($perm[$account->uid])) {
    $result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($account->roles) . ")", array_keys($account->roles));

    $perms = array();
    while ($row = db_fetch_object($result)) {
      $perms += array_flip(explode(', ', $row->perm));
    }
    $perm[$account->uid] = $perms;
  }

  return isset($perm[$account->uid][$string]);
}

Comments

1) Define a permission in hook_perm() in your module, here called "coolstuff.module".

<?php
function coolstuff_perm() {
  return array(
'do cool stuff', 'do uncool stuff');
}
?>

2) Grant it to your users at admin/user/permissions.

3) Check it in a function.

<?php
function coolstuff_init() {
  if (
user_access('do cool stuff')) {
  
drupal_set_message(t('You can do cool stuff!'));
  }
  elseif (
user_access('do uncool stuff')) {
   
drupal_set_message(t('You can do uncool stuff.'));
  }
  elseif (!
user_access('do cool stuff') && !user_access('do uncool stuff')) {
  
drupal_set_message(t("You can't do stuff at all."));
  }
}
?>

I personally have never used the $account parameter, but presume it could be used as follows:

<?php
function check_coolstuff($uid) {
 
$account = user_load($uid);
  if (
user_access('do cool stuff', $account)) {
   
drupal_set_message(t("The user @username with uid @uid has the permission to do cool stuff.", array('@username' => $account->name, '@uid' => $account->uid));
  }
}
?>

Use this to forward administrators or editor to the administration page upon login:

<?php
 
global $user;
  if (
$user->uid == 1 || user_access('access administration pages')) {
   
// Redirect admin to the administration page
   
return 'admin';
  } else {
    return
'node';
  }
?>

Your example can be written even shorter since user_access() does the check for userid 1 for you.

<?php
 
if (user_access('access administration pages')) {
   
// Redirect admin to the administration page
   
return 'admin';
  } else {
    return
'node';
  }
?>

<?php
return user_access('access administration pages') ? 'admin' : 'node';
?>

If you want to comply with the coding standards:

Always use curly braces even in situations where they are technically optional. Having them increases readability and decreases the likelihood of logic errors being introduced when new lines are added.