Same name and namespace in other branches
  1. 4.6.x modules/user.module \user_access()
  2. 4.7.x modules/user.module \user_access()
  3. 5.x modules/user/user.module \user_access()
  4. 6.x modules/user/user.module \user_access()

Determine whether the user has a given privilege.

Parameters

$string: The permission, such as "administer nodes", being checked for.

$account: (optional) The account to check, if not given use currently logged in user.

Return value

Boolean TRUE if the user has the requested permission.

All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.

118 calls to user_access()
authorize_access_allowed in ./authorize.php
Determines if the current user is allowed to run authorize.php.
block_admin_configure in modules/block/block.admin.inc
Form constructor for the block configuration form.
blog_page_user_access in modules/blog/blog.module
Access callback for user blog pages.
book_form_node_form_alter in modules/book/book.module
Implements hook_form_BASE_FORM_ID_alter() for node_form().
book_node_prepare in modules/book/book.module
Implements hook_node_prepare().

... See full list

13 string references to 'user_access'
field_ui_menu in modules/field_ui/field_ui.module
Implements hook_menu().
menu_menu in modules/menu/menu.module
Implements hook_menu().
statistics_menu in modules/statistics/statistics.module
Implements hook_menu().
UserPermissionsTestCase::testUserPermissionChanges in modules/user/user.test
Change user permissions and check user_access().
user_menu in modules/user/user.module
Implements hook_menu().

... See full list

File

modules/user/user.module, line 807
Enables the user registration and login system.

Code

function user_access($string, $account = NULL) {
  global $user;
  if (!isset($account)) {
    $account = $user;
  }

  // User #1 has all privileges:
  if ($account->uid == 1) {
    return TRUE;
  }

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  // Use the advanced drupal_static() pattern, since this is called very often.
  static $drupal_static_fast;
  if (!isset($drupal_static_fast)) {
    $drupal_static_fast['perm'] =& drupal_static(__FUNCTION__);
  }
  $perm =& $drupal_static_fast['perm'];
  if (!isset($perm[$account->uid])) {
    $role_permissions = user_role_permissions($account->roles);
    $perms = array();
    foreach ($role_permissions as $one_role) {
      $perms += $one_role;
    }
    $perm[$account->uid] = $perms;
  }
  return isset($perm[$account->uid][$string]);
}