function user_access

7.x user.module user_access($string, $account = NULL)
5.x user.module user_access($string, $account = NULL)
6.x user.module user_access($string, $account = NULL, $reset = FALSE)

Determine whether the user has a given privilege.

Parameters

$string: The permission, such as "administer nodes", being checked for.

$account: (optional) The account to check, if not given use currently logged in user.

Return value

Boolean TRUE if the user has the requested permission.

All permission checks in Drupal should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.

155 calls to user_access()
aggregator_block_view in drupal/modules/aggregator/aggregator.module
Implements hook_block_view().
authorize_access_allowed in drupal/authorize.php
Determines if the current user is allowed to run authorize.php.
block_admin_configure in drupal/modules/block/block.admin.inc
Form constructor for the block configuration form.
blog_block_view in drupal/modules/blog/blog.module
Implements hook_block_view().
blog_menu_local_tasks_alter in drupal/modules/blog/blog.module
Implements hook_menu_local_tasks_alter().

... See full list

15 string references to 'user_access'
drupal-6.bare.database.php in drupal/modules/simpletest/tests/upgrade/drupal-6.bare.database.php
Bare installation of Drupal 6.17, for test purposes.
drupal-6.filled.database.php in drupal/modules/simpletest/tests/upgrade/drupal-6.filled.database.php
Filled installation of Drupal 6.17, for test purposes.
field_ui_menu in drupal/modules/field_ui/field_ui.module
Implements hook_menu().
menu_menu in drupal/modules/menu/menu.module
Implements hook_menu().
statistics_menu in drupal/modules/statistics/statistics.module
Implements hook_menu().

... See full list

File

drupal/modules/user/user.module, line 800
Enables the user registration and login system.

Code

function user_access($string, $account = NULL) {
  global $user;

  if (!isset($account)) {
    $account = $user;
  }

  // User #1 has all privileges:
  if ($account->uid == 1) {
    return TRUE;
  }

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  // Use the advanced drupal_static() pattern, since this is called very often.
  static $drupal_static_fast;
  if (!isset($drupal_static_fast)) {
    $drupal_static_fast['perm'] = &drupal_static(__FUNCTION__);
  }
  $perm = &$drupal_static_fast['perm'];
  if (!isset($perm[$account->uid])) {
    $role_permissions = user_role_permissions($account->roles);

    $perms = array();
    foreach ($role_permissions as $one_role) {
      $perms += $one_role;
    }
    $perm[$account->uid] = $perms;
  }

  return isset($perm[$account->uid][$string]);
}