[development] The static $perm variable in user_access (was: Has anything changed with module_invoke() recently?)

Ron Parker sysop at scbbs.com
Sat Oct 25 00:35:31 UTC 2008

I located the source of my problem. In the user_access() function, the static variable $perm is set to hold the permissions for a user. 

Issuing this command: user_access('', NULL, TRUE); ( http://api.drupal.org/api/function/user_access/6 ) will unset the $perm variable and allow it to reset with the permissions from the most current roles. My debug code indicates that it contains the correct permissions from the roles of the $user object. 

However, when I issue: 

module_invoke($module, 'access', 'create', $type, $user); 
which, in the case of $module = 'node_content' will itself call user_access($permission, $user) , 
the $perm value is now set (as it should be from my reset command), but no longer contains the all permissions from the roles in the $user object (what was originally set), but only the ones you would find for the user in the role table. Furthermore, I put debug code into user_access() to show me each time it is ran. I do not see it accessed between the time $perm is unset (by my reset command) and it is called by module_invoke(). 

The way this worked in 5.x: 

hook_init() would issue user_access('', NULL, TRUE) which would unset the $perm variable so that the next time user_access() ran, it would rebuild $perm. In 6.x appears this no longer works in the same way. 

So, it looks like either: 

a. Another module (other than the user.module) is manipulating the $perm variable, or; 
b. Drupal core is assuring, when module_invoke() is used, that the set $perm variable only contains roles that the user has in the roles table. 

My question is this: Can the $perm variable be manipulated outside of the user.module? If not, then how is b. above accomplished? 

Thanks for any assistance whatsoever! 


----- Original Message ----- 
From: "Ron Parker" <sysop at scbbs.com> 
To: development at drupal.org 
Sent: Friday, October 24, 2008 12:03:05 PM GMT -08:00 US/Canada Pacific 
Subject: Re: Has anything changed with module_invoke() recently? 

Ron Parker said: "This same exact code worked in 5.x, so I have to believe there is something that has changed in 6.x with module_invoke() / $user . Furthermore, this code worked in the initial Drupal 6.x versions, so this change, whatever it is, is rather recent. Theoretically, module_invoke below should not return false, but it is" 

Nancy Wichmann said: "I have recently run into problems with hook_access. It is widely misunderstood and many module return false when they really should be returning null. I even had to change many of my modules. I know there are many out there that are still wrong." 

Could someone please point me to how I begin to solve this problem? I am certain that the user object contains the correct roles that should allow permission. How do I track down what's going on with module_invoke? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20081024/01a589e1/attachment.htm 

More information about the development mailing list