user_access | user.module | Drupal 7

7 user.module	`user_access($string, $account = NULL)`
4.6 user.module	`user_access($string, $account = NULL)`
4.7 user.module	`user_access($string, $account = NULL)`
5 user.module	`user_access($string, $account = NULL)`
6 user.module	`user_access($string, $account = NULL, $reset = FALSE)`
8 user.module	`user_access($string, $account = NULL)`

Determine whether the user has a given privilege.

Parameters

$string: The permission, such as "administer nodes", being checked for.

$account: (optional) The account to check, if not given use currently logged in user.

Return value

Boolean TRUE if the current user has the requested permission.

All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.

152 calls to user_access()

aggregator_block_view in modules/aggregator/aggregator.module: Implements hook_block_view().
authorize_access_allowed in ./authorize.php: Determines if the current user is allowed to run authorize.php.
block_admin_configure in modules/block/block.admin.inc: Form constructor for the block configuration form.
blog_block_view in modules/blog/blog.module: Implements hook_block_view().
blog_menu_local_tasks_alter in modules/blog/blog.module: Implements hook_menu_local_tasks_alter().

... See full list

15 string references to 'user_access'

drupal-6.bare.database.php in modules/simpletest/tests/upgrade/drupal-6.bare.database.php: Bare installation of Drupal 6.17, for test purposes.
drupal-6.filled.database.php in modules/simpletest/tests/upgrade/drupal-6.filled.database.php: Filled installation of Drupal 6.17, for test purposes.
field_ui_menu in modules/field_ui/field_ui.module: Implements hook_menu().
menu_menu in modules/menu/menu.module: Implements hook_menu().
statistics_menu in modules/statistics/statistics.module: Implements hook_menu().

... See full list

File

modules/user/user.module, line 790: Enables the user registration and login system.

Code

function user_access($string, $account = NULL) {
  global $user;

  if (!isset($account)) {
    $account = $user;
  }

  // User #1 has all privileges:
  if ($account->uid == 1) {
    return TRUE;
  }

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  // Use the advanced drupal_static() pattern, since this is called very often.
  static $drupal_static_fast;
  if (!isset($drupal_static_fast)) {
    $drupal_static_fast['perm'] = &drupal_static(__FUNCTION__);
  }
  $perm = &$drupal_static_fast['perm'];
  if (!isset($perm[$account->uid])) {
    $role_permissions = user_role_permissions($account->roles);

    $perms = array();
    foreach ($role_permissions as $one_role) {
      $perms += $one_role;
    }
    $perm[$account->uid] = $perms;
  }

  return isset($perm[$account->uid][$string]);
}

Comments

Lowercase

Posted by traviss359 on March 14, 2011 at 6:22am

It should be noted that any permission string entered into this function should be all lowercase. If one were to copy and paste a permission from the admin/people/permissions page that included an uppercase first letter, then the function will return false.

Lowercase, A good practice but there are exceptions to the rule.

Posted by thomas_rendleman on July 18, 2011 at 5:49am

I just used user access for the first time.
I installed devel.
admin/config/development/devel turn on Display $page array
admin/people/permissions click on the array box (screen top)
This array box area expands to give you the correct name for the user access permissions. Notice that the names don't always match the rule of lowercase. See block IP addresses.

array >> content > system main > permission

Permission names are different from admin/people/permissions

Posted by Purplemonkey on November 29, 2011 at 3:44pm

If you want to find a permission you can look in admin/people/permissions but they will not relate directly, for example I wanted the permission "Basic page: Edit own content" but to use as an argument for user_access I'd use "edit own page content". I discovered this by dumping the users roles to my webpage by doing

$roles = array(2=>'2'); // 2 = the role ID, which is passed as the Key.
$check = user_role_permissions($roles)
print('');
var_dump($check);
print ('');

A useful query

Posted by aaronaverill on December 5, 2011 at 10:29pm

SELECT r.name,p.module,p.permission FROM role_permission p left join role r on p.rid=r.rid order by name,module, permission

3rd column is what you are looking for.

Nice

Posted by cdmo on March 18, 2013 at 1:52pm

Thanks for the select statement.

$account parameter in user_access

Posted by a_thakur on February 17, 2012 at 1:42pm

How to use $account parameter while implementing hook_menu.

For example
/** Implement hook_menu **/
function abc_menu() {
$items['user/%user_uid_optional/content'] = array(
'title' => 'abc',
'access callback' => 'user_access',
'access arguments' => array('administer content', 1),
'type' => MENU_LOCAL_TASK,
);

}

Am i on the right track as i want to load the user in case the load is not logged in. So I am not really sure about the second argument. According to online resources "1" in access arguments would be the wildcard in the menu.

Thanks.

You only need to pass in a

Posted by technicalknockout on March 9, 2012 at 8:50pm

You only need to pass in a user argument if you intend to not use the current user. The parameters description above maybe is a little unclear since the phrase 'currently logged in user' does not explain what happens when a user is not logged in. In this case, the line <?php global $user; ?> loads a user account with id 0. Sounds like you'd be fine with:

<?php
'access arguments' => array('administer content'), 
?>

Dynamically added role

Posted by SkidNCrashwell on June 27, 2012 at 2:29pm

I needed to add a role to the Anonymous user to allow them to access certain content under certain conditions. In order to get this working, I needed to run

drupal_static_reset('user_access');

after adding the role. Very useful function.

No alter hook?

Posted by wjaspers on July 24, 2012 at 9:23pm

I'm curious, why doesn't this function have an alter hook available for it?
Then module could override/extend functionality.

<?php
function user_access($string, $account = NULL) {
  ...
  $has_perm = isset($perm[$account->uid][$string]);
  drupal_alter('user_access', $string, $account, $has_perm);
  return $has_perm;
}
?>

This would definitely help

Posted by ppatriotis on September 25, 2012 at 11:10pm

I have a use case where this would help a lot.

I want the user to be able to "lock" the account, and only give rights to certain menu routings and disable all of the rest that are defined with the role. Once they unlock (using their password) they can get rights to everything again. This would be all within one user account, so the standard roles don't help.

I have submitted a patch for

Posted by westwesterson on October 29, 2012 at 9:00pm

I have submitted a patch for drupal 8.
if you want hook_user_access_alter() in drupal 8, review the patch here!!
http://drupal.org/node/1536612

function user_access