4.6.x user.module user_access($string, $account = NULL)
4.7.x user.module user_access($string, $account = NULL)
5.x user.module user_access($string, $account = NULL)
6.x user.module user_access($string, $account = NULL, $reset = FALSE)
7.x user.module user_access($string, $account = NULL)

Determine whether the user has a given privilege.


$string: The permission, such as "administer nodes", being checked for.

$account: (optional) The account to check, if not given use currently logged in user.

Return value

TRUE iff the current user has the requested permission.

All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.

41 calls to user_access()
aggregator_menu in modules/aggregator.module
Implementation of hook_menu().
archive_menu in modules/archive.module
Implementation of hook_menu().
block_menu in modules/block.module
Implementation of hook_menu().
blogapi_menu in modules/blogapi.module
blog_access in modules/blog.module
Implementation of hook_access().

... See full list


modules/user.module, line 325
Enables the user registration and login system.


function user_access($string, $account = NULL) {
  global $user;
  static $perm = array();
  if (is_null($account)) {
    $account = $user;

  // User #1 has all privileges:
  if ($account->uid == 1) {
    return 1;

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  if (!isset($perm[$account->uid])) {
    $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid);
    while ($row = db_fetch_object($result)) {
      $perm[$account->uid] .= "{$row-&gt;<span class="php-function-or-constant property member-of-variable">perm</span>}, ";
  return strpos($perm[$account->uid], "{$string}, ") !== FALSE;