[development] The static $perm variable in user_access

David Metzler metzlerd at metzlerd.com
Fri Oct 31 04:27:44 UTC 2008 

It sounds like you're suggesting that $perm, a static variable within  
user_access() is being modified without user_access being called, but  
within a single page load.   That doesn't seem possible in PHP,  
unless there is a PHP bug.  Static variables are supposed to be local  
in scope to the functions that create them. To prove beyond a shadow  
of doubt, put a $debug statement in at the very beginning of the  
function user_access and another at the very end of the function.   
(just before the return).  If what you're saying is true, there will  
be evidence in the "begin" value being different than the "end" value  
prior to it.

What I suspect is that another module is calling user_access,  
(perhaps with a different user, or modified roles in between) in  
between.  If you serialize the $user and $perm variables within  
user_access, you ought to be able to tell.   Myself I'd be greping  
for calls in the modules you suspect.

Dave
On Oct 30, 2008, at 10:32 AM, Ron Parker wrote:

> The static $perm variable in user_access() contains the permissions  
> that users have.  When user_access('ClearCache', NULL, TRUE) is  
> executed, the static $perm value is emptied and re-filled with  
> permissions from the current roles in the $user object.   
> Theorectically, when user_access() is next called, assuming the  
> $user object contains the same roles, the$perm variable should  
> contain the same permissions which were cached in the first call.   
> This is what happened in Drupal 5.x and the earlier versions of  
> 6.x.  This is NOT happening (at least consistently) in the most  
> recent versions of the user.module.
>
> I've written a bunch of debug code in the user, node and ogur  
> modules and now have more details. I am printing the output of  
> user_access() every time it is called.
>
> When I issue:
> user_access('ClearCache', NULL, TRUE)
>
> Static $perm variable is cleared and re-filled with permissions  
> from current $user object. This is correct.
>
> When module_invoke() is immediately executed next:
> module_invoke('node_content', 'access', 'create', 'story', $user)
>
> It will now make another call to user_access():
> user_access('create story content', $user)
>
> The $user object still contains the same roles. The $perm variable  
> now contains values. This is correct.  But the values in $perm are  
> NOT the same as those inserted during theClearCache call above!  
> They have changed, and NOT from the user_access() function (which I  
> am monitoring)! So the question is: Why has this $perm value changed?
>
> So far, I've found this behaviour occurs with OGUR when one of the  
> following modules is installed:
> taxonomy_access
> tac_lite
> menu_breadcrumb
> admin_menu
> I so far am unable to discover what it is about these modules which  
> is causing this problem.  This did not occur in 5.x and earlier 6.x  
> versions of Drupal.
>
> Please, please, please help!
>
> -ron
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20081030/103e349e/attachment.htm

More information about the development mailing list