Re: [development] The static $perm variable in user_access
The static $perm variable in user_access() contains the permissions that users have. When user_access('ClearCache', NULL, TRUE) is executed, the static $perm value is emptied and re-filled with permissions from the current roles in the $user object . Theorectically, when user_access() is next called, assuming the $ user object contains the same roles, the $perm variable should contain the same permissions which were cached in the first call. This is what happened in Drupal 5.x and the earlier versions of 6.x. This is NOT happening (at least consistently) in the most recent versions of the user.module . I've written a bunch of debug code in the user, node and ogur modules and now have more details. I am printing the output of user_access () every time it is called. When I issue: user_access('ClearCache', NULL, TRUE) Static $perm variable is cleared and re-filled with permissions from current $user object. This is correct. When module_invoke () is immediately executed next: module_invoke('node_content', 'access', 'create', 'story', $user) It will now make another call to user_access() : user_access('create story content', $user) The $user object still contains the same roles. The $perm variable now contains values. This is correct. But the values in $perm are NOT the same as those inserted during the ClearCache call above! They have changed, and NOT from the user_access() function (which I am monitoring)! So the question is: Why has this $perm value changed? So far, I've found this behaviour occurs with OGUR when one of the following modules is installed: • taxonomy_access • tac_lite • menu_breadcrumb • admin_menu I so far am unable to discover what it is about these modules which is causing this problem. This did not occur in 5.x and earlier 6.x versions of Drupal. Please, please, please help! -ron
It sounds like you're suggesting that $perm, a static variable within user_access() is being modified without user_access being called, but within a single page load. That doesn't seem possible in PHP, unless there is a PHP bug. Static variables are supposed to be local in scope to the functions that create them. To prove beyond a shadow of doubt, put a $debug statement in at the very beginning of the function user_access and another at the very end of the function. (just before the return). If what you're saying is true, there will be evidence in the "begin" value being different than the "end" value prior to it. What I suspect is that another module is calling user_access, (perhaps with a different user, or modified roles in between) in between. If you serialize the $user and $perm variables within user_access, you ought to be able to tell. Myself I'd be greping for calls in the modules you suspect. Dave On Oct 30, 2008, at 10:32 AM, Ron Parker wrote:
The static $perm variable in user_access() contains the permissions that users have. When user_access('ClearCache', NULL, TRUE) is executed, the static $perm value is emptied and re-filled with permissions from the current roles in the $user object. Theorectically, when user_access() is next called, assuming the $user object contains the same roles, the$perm variable should contain the same permissions which were cached in the first call. This is what happened in Drupal 5.x and the earlier versions of 6.x. This is NOT happening (at least consistently) in the most recent versions of the user.module.
I've written a bunch of debug code in the user, node and ogur modules and now have more details. I am printing the output of user_access() every time it is called.
When I issue: user_access('ClearCache', NULL, TRUE)
Static $perm variable is cleared and re-filled with permissions from current $user object. This is correct.
When module_invoke() is immediately executed next: module_invoke('node_content', 'access', 'create', 'story', $user)
It will now make another call to user_access(): user_access('create story content', $user)
The $user object still contains the same roles. The $perm variable now contains values. This is correct. But the values in $perm are NOT the same as those inserted during theClearCache call above! They have changed, and NOT from the user_access() function (which I am monitoring)! So the question is: Why has this $perm value changed?
So far, I've found this behaviour occurs with OGUR when one of the following modules is installed: taxonomy_access tac_lite menu_breadcrumb admin_menu I so far am unable to discover what it is about these modules which is causing this problem. This did not occur in 5.x and earlier 6.x versions of Drupal.
Please, please, please help!
-ron
or use a drupal_set_message inside user access, possibly a dsm(debug_backtrace()) if you're patient.. On Fri, Oct 31, 2008 at 12:27 AM, David Metzler <metzlerd@metzlerd.com>wrote:
It sounds like you're suggesting that $perm, a static variable within user_access() is being modified without user_access being called, but within a single page load. That doesn't seem possible in PHP, unless there is a PHP bug. Static variables are supposed to be local in scope to the functions that create them. To prove beyond a shadow of doubt, put a $debug statement in at the very beginning of the function user_access and another at the very end of the function. (just before the return). If what you're saying is true, there will be evidence in the "begin" value being different than the "end" value prior to it. What I suspect is that another module is calling user_access, (perhaps with a different user, or modified roles in between) in between. If you serialize the $user and $perm variables within user_access, you ought to be able to tell. Myself I'd be greping for calls in the modules you suspect.
Dave On Oct 30, 2008, at 10:32 AM, Ron Parker wrote:
The static $perm variable in user_access() contains the permissions that users have. When user_access('ClearCache', NULL, TRUE) is executed, the static $perm value is emptied and re-filled with permissions from the current roles in the $user object. Theorectically, when user_access() is next called, assuming the $user object contains the same roles, the$perm variable should contain the same permissions which were cached in the first call. This is what happened in Drupal 5.x and the earlier versions of 6.x. This is NOT happening (at least consistently) in the most recent versions of the user.module.
I've written a bunch of debug code in the user, node and ogur modules and now have more details. I am printing the output of user_access() every time it is called.
When I issue: user_access('ClearCache', NULL, TRUE)
Static $perm variable is cleared and re-filled with permissions from current $user object. This is correct. When module_invoke() is immediately executed next: module_invoke('node_content', 'access', 'create', 'story', $user)
It will now make another call to user_access(): user_access('create story content', $user)
The $user object still contains the same roles. The $perm variable now contains values. This is correct. But the values in $perm are NOT the same as those inserted during theClearCache call above! They have changed, and NOT from the user_access() function (which I am monitoring)! So the question is: Why has this $perm value changed? So far, I've found this behaviour occurs with OGUR when one of the following modules is installed:
- taxonomy_access - tac_lite - menu_breadcrumb - admin_menu
I so far am unable to discover what it is about these modules which is causing this problem. This did not occur in 5.x and earlier 6.x versions of Drupal.
Please, please, please help!
-ron
participants (3)
-
Darrel O'Pry -
David Metzler -
Ron Parker