You are here

function user_access in Drupal 4

Same name and namespace in other branches
  1. 5 modules/user/user.module \user_access()
  2. 6 modules/user/user.module \user_access()
  3. 7 modules/user/user.module \user_access()

Determine whether the user has a given privilege.

Parameters

$string: The permission, such as "administer nodes", being checked for.

$account: (optional) The account to check, if not given use currently logged in user.

Return value

boolean TRUE if the current user has the requested permission.

All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.

117 calls to user_access()
aggregator_block in modules/aggregator.module
Implementation of hook_block().
aggregator_menu in modules/aggregator.module
Implementation of hook_menu().
aggregator_page_list_validate in modules/aggregator.module
archive_block in modules/archive.module
Implementation of hook_block().
archive_menu in modules/archive.module
Implementation of hook_menu().

... See full list

File

modules/user.module, line 335
Enables the user registration and login system.

Code

function user_access($string, $account = NULL) {
  global $user;
  static $perm = array();
  if (is_null($account)) {
    $account = $user;
  }

  // User #1 has all privileges:
  if ($account->uid == 1) {
    return TRUE;
  }

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  if (!isset($perm[$account->uid])) {
    $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles)));
    $perm[$account->uid] = '';
    while ($row = db_fetch_object($result)) {
      $perm[$account->uid] .= "{$row->perm}, ";
    }
  }
  if (isset($perm[$account->uid])) {
    return strpos($perm[$account->uid], "{$string}, ") !== FALSE;
  }
  return FALSE;
}