[development] Making #access required on forms

Moshe Weitzman weitzman at tejasa.com
Fri Oct 24 17:43:48 UTC 2008

> as more an more people use Drupal to provide non-traditional Webpages
> (e.g. providing services using Ajax, Flex, ...) our traditional access
> permission checks in hook_menu are less than ideal.

I don't see a problem here. It is up to the service that exposes the
functionality to control access. It feels like this is a solution in
search of a problem. Can we identify some more concrete use cases or
an SA that would have been avoided had we implemented this?

> For example, you can use drupal_execute to conveniently create content
> or anything else. However, no check for access permissions is done since
> this only happens in the menu hook for node/add/whatever.

thats a feature. use reponsibly, just like the rest of our php code.

@Crell - OG has problems dealing #access or other modules don't
understand its use of #access?

Yes, #access is incompletely implemented in core for users who have no
access. see the hoops that KarenS jumped through at
http://drupal.org/node/298440. So I agree that FAPI needs improving
regardless of this proposal. Perhaps people would use #access more if
it worked as expected. Same for #disabled (see

More information about the development mailing list