Documentation & API reference
function user_access
Determine whether the user has a given privilege.
Parameters
$string: The permission, such as "administer nodes", being checked for.
$account: (optional) The account to check, if not given use currently logged in user.
Return value
Boolean TRUE if the current user has the requested permission.
All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.
168 calls to user_access()
- Access::query in drupal/
core/ modules/ node/ lib/ Drupal/ node/ Plugin/ views/ filter/ Access.php - See _node_access_where_sql() for a non-views query based implementation.
- AccountFormController::form in drupal/
core/ modules/ user/ lib/ Drupal/ user/ AccountFormController.php - Overrides Drupal\Core\Entity\EntityFormController::form().
- aggregator_block_view in drupal/
core/ modules/ aggregator/ aggregator.module - Implements hook_block_view().
- authorize_access_allowed in drupal/
core/ authorize.php - Determines if the current user is allowed to run authorize.php.
- block_admin_configure in drupal/
core/ modules/ block/ block.admin.inc - Form constructor for the block configuration form.
18 string references to 'user_access'
- field_ui_menu in drupal/
core/ modules/ field_ui/ field_ui.module - Implements hook_menu().
- layout_menu in drupal/
core/ modules/ layout/ layout.module - Implements hook_menu().
- menu_menu in drupal/
core/ modules/ menu/ menu.module - Implements hook_menu().
- PictureMappingListController::hookMenu in drupal/
core/ modules/ picture/ lib/ Drupal/ picture/ PictureMappingListController.php - Overrides Drupal\config\EntityListControllerBase::hookMenu().
- picture_menu in drupal/
core/ modules/ picture/ picture.module - Implements hook_menu().
File
- drupal/
core/ modules/ user/ user.module, line 453 - Enables the user registration and login system.
Code
function user_access($string, $account = NULL) {
global $user;
if (!isset($account)) {
$account = $user;
}
// User #1 has all privileges:
if ($account->uid == 1) {
return TRUE;
}
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
// Use the advanced drupal_static() pattern, since this is called very often.
static $drupal_static_fast;
if (!isset($drupal_static_fast)) {
$drupal_static_fast['perm'] =& drupal_static(__FUNCTION__);
}
$perm =& $drupal_static_fast['perm'];
if (!isset($perm[$account->uid])) {
$role_permissions = user_role_permissions($account->roles);
$perms = array();
foreach ($role_permissions as $one_role) {
$perms += $one_role;
}
$perm[$account->uid] = $perms;
}
return isset($perm[$account->uid][$string]);
}