function user_access

Determine whether the user has a given privilege.

Parameters

$string: The permission, such as "administer nodes", being checked for.

\Drupal\Core\Session\AccountInterface $account: (optional) The account to check, if not given use currently logged in user.

Return value

Boolean TRUE if the current user has the requested permission.

All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.

188 calls to user_access()
Access::query in drupal/core/modules/node/lib/Drupal/node/Plugin/views/filter/Access.php
See _node_access_where_sql() for a non-views query based implementation.
AccountFormController::form in drupal/core/modules/user/lib/Drupal/user/AccountFormController.php
Overrides Drupal\Core\Entity\EntityFormController::form().
AggregatorCategoryBlock::access in drupal/core/modules/aggregator/lib/Drupal/aggregator/Plugin/Block/AggregatorCategoryBlock.php
Overrides \Drupal\block\BlockBase::access().
AggregatorFeedBlock::access in drupal/core/modules/aggregator/lib/Drupal/aggregator/Plugin/Block/AggregatorFeedBlock.php
Overrides \Drupal\block\BlockBase::access().
authorize_access_allowed in drupal/core/authorize.php
Determines if the current user is allowed to run authorize.php.

... See full list

11 string references to 'user_access'
menu_menu in drupal/core/modules/menu/menu.module
Implements hook_menu().
PictureMappingListController::hookMenu in drupal/core/modules/picture/lib/Drupal/picture/PictureMappingListController.php
Overrides Drupal\config\EntityListControllerBase::hookMenu().
PluginUIManager::processDefinition in drupal/core/modules/system/lib/Drupal/system/Plugin/Type/PluginUIManager.php
Overrides \Drupal\Component\Plugin\PluginManagerBase::processDefinition().
RoleStorageController::resetCache in drupal/core/modules/user/lib/Drupal/user/RoleStorageController.php
Resets the internal, static entity cache.
UserPermissionsTest::testUserPermissionChanges in drupal/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
Change user permissions and check user_access().

... See full list

File

drupal/core/modules/user/user.module, line 468
Enables the user registration and login system.

Code

function user_access($string, AccountInterface $account = NULL) {
  global $user;
  if (!isset($account)) {
    $account = $user;
  }

  // Make sure we are working with the BC decorator.
  $account = $account instanceof User ? $account
    ->getBCEntity() : $account;

  // User #1 has all privileges:
  if ($account->uid == 1) {
    return TRUE;
  }

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  // Use the advanced drupal_static() pattern, since this is called very often.
  static $drupal_static_fast;
  if (!isset($drupal_static_fast)) {
    $drupal_static_fast['perm'] =& drupal_static(__FUNCTION__);
  }
  $perm =& $drupal_static_fast['perm'];
  if (!isset($perm[$account->uid])) {
    $role_permissions = user_role_permissions($account
      ->getRoles());
    $perms = array();
    foreach ($role_permissions as $one_role) {
      $perms += $one_role;
    }
    $perm[$account->uid] = $perms;
  }
  return isset($perm[$account->uid][$string]);
}