7 user.module | user_access($string, $account = NULL) |
4.6 user.module | user_access($string, $account = NULL) |
4.7 user.module | user_access($string, $account = NULL) |
5 user.module | user_access($string, $account = NULL) |
6 user.module | user_access($string, $account = NULL, $reset = FALSE) |
Determine whether the user has a given privilege.
Parameters
$string: The permission, such as "administer nodes", being checked for.
$account: (optional) The account to check, if not given use currently logged in user.
$reset: (optional) Resets the user's permissions cache, which will result in a recalculation of the user's permissions. This is necessary to support dynamically added user roles.
Return value
Boolean TRUE if the current user has the requested permission.
All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.
120 calls to user_access()
6 string references to 'user_access'
File
- modules/
user/ user.module, line 511 - Enables the user registration and login system.
Code
function user_access($string, $account = NULL, $reset = FALSE) {
global $user;
static $perm = array();
if ($reset) {
$perm = array();
}
if (!isset($account)) {
$account = $user;
}
// User #1 has all privileges:
if ($account->uid == 1) {
return TRUE;
}
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if (!isset($perm [$account->uid])) {
$result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($account->roles) . ")", array_keys($account->roles));
$perms = array();
while ($row = db_fetch_object($result)) {
$perms += array_flip(explode(', ', $row->perm));
}
$perm [$account->uid] = $perms;
}
return isset($perm [$account->uid][$string]);
}
Comments
Usage Example
1) Define a permission in hook_perm() in your module, here called "coolstuff.module".
2) Grant it to your users at admin/user/permissions.
3) Check it in a function.
I personally have never used the $account parameter, but presume it could be used as follows:
Easy usage example
Use this to forward administrators or editor to the administration page upon login:
Easy usage example more simple
Your example can be written even shorter since user_access() does the check for userid 1 for you.
<?php
if (user_access('access administration pages')) {
// Redirect admin to the administration page
return 'admin';
} else {
return 'node';
}
?>
Shorter, you say?