Same name and namespace in other branches
- 4.6.x modules/user.module \user_access()
- 4.7.x modules/user.module \user_access()
- 5.x modules/user/user.module \user_access()
- 7.x modules/user/user.module \user_access()
Determine whether the user has a given privilege.
Parameters
$string: The permission, such as "administer nodes", being checked for.
$account: (optional) The account to check, if not given use currently logged in user.
$reset: (optional) Resets the user's permissions cache, which will result in a recalculation of the user's permissions. This is necessary to support dynamically added user roles.
Return value
Boolean TRUE if the current user has the requested permission.
All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.
35 calls to user_access()
- block_admin_configure in modules/
block/ block.admin.inc - Menu callback; displays the block configuration form.
- blog_page_user_access in modules/
blog/ blog.module - Access callback for user blog pages.
- book_form_alter in modules/
book/ book.module - Implementation of hook_form_alter(). Adds the book fieldset to the node form.
- comment_access in modules/
comment/ comment.module - This is *not* a hook_access() implementation. This function is called to determine whether the current user has access to a particular comment.
- comment_save in modules/
comment/ comment.module - Accepts a submission of new or changed comment content.
5 string references to 'user_access'
- aggregator_menu in modules/
aggregator/ aggregator.module - Implementation of hook_menu().
- menu_menu in modules/
menu/ menu.module - Implementation of hook_menu().
- statistics_menu in modules/
statistics/ statistics.module - Implementation of hook_menu().
- user_menu in modules/
user/ user.module - Implementation of hook_menu().
- _menu_router_build in includes/
menu.inc - Helper function to build the router table based on the data from hook_menu.
File
- modules/
user/ user.module, line 511 - Enables the user registration and login system.
Code
function user_access($string, $account = NULL, $reset = FALSE) {
global $user;
static $perm = array();
if ($reset) {
$perm = array();
}
if (!isset($account)) {
$account = $user;
}
// User #1 has all privileges:
if ($account->uid == 1) {
return TRUE;
}
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if (!isset($perm[$account->uid])) {
$result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($account->roles) . ")", array_keys($account->roles));
$perms = array();
while ($row = db_fetch_object($result)) {
$perms += array_flip(explode(', ', $row->perm));
}
$perm[$account->uid] = $perms;
}
return isset($perm[$account->uid][$string]);
}