[development] The static $perm variable in user_access

Darrel O'Pry darrel.opry at gmail.com
Fri Oct 31 14:56:54 UTC 2008 

or use a drupal_set_message inside user access, possibly a
dsm(debug_backtrace()) if you're patient..

On Fri, Oct 31, 2008 at 12:27 AM, David Metzler <metzlerd at metzlerd.com>wrote:

> It sounds like you're suggesting that $perm, a static variable within
> user_access() is being modified without user_access being called, but within
> a single page load.   That doesn't seem possible in PHP, unless there is a
> PHP bug.  Static variables are supposed to be local in scope to the
> functions that create them. To prove beyond a shadow of doubt, put a $debug
> statement in at the very beginning of the function user_access and another
> at the very end of the function.  (just before the return).  If what you're
> saying is true, there will be evidence in the "begin" value being different
> than the "end" value prior to it.
> What I suspect is that another module is calling user_access, (perhaps with
> a different user, or modified roles in between) in between.  If you
> serialize the $user and $perm variables within user_access, you ought to be
> able to tell.   Myself I'd be greping for calls in the modules you suspect.
>
> Dave
> On Oct 30, 2008, at 10:32 AM, Ron Parker wrote:
>
> The static $perm variable in user_access() contains the permissions that
> users have.  When user_access('ClearCache', NULL, TRUE) is executed, the
> static $perm value is emptied and re-filled with permissions from the
> current roles in the $user object.  Theorectically, when user_access() is
> next called, assuming the $user object contains the same roles, the$perm variable
> should contain the same permissions which were cached in the first call.
> This is what happened in Drupal 5.x and the earlier versions of 6.x.  This
> is NOT happening (at least consistently) in the most recent versions of the
>  user.module.
>
> I've written a bunch of debug code in the user, node and ogur modules and
> now have more details. I am printing the output of user_access() every
> time it is called.
>
> When I issue:
> user_access('ClearCache', NULL, TRUE)
>
> Static $perm variable is cleared and re-filled with permissions from
> current $user object. This is correct.
> When module_invoke() is immediately executed next:
> module_invoke('node_content', 'access', 'create', 'story', $user)
>
> It will now make another call to user_access():
> user_access('create story content', $user)
>
> The $user object still contains the same roles. The $perm variable now
> contains values. This is correct.  But the values in $perm are NOT the
> same as those inserted during theClearCache call above! They have changed,
> and NOT from the user_access() function (which I am monitoring)! So the
> question is: Why has this $perm value changed?
> So far, I've found this behaviour occurs with OGUR when one of the
> following modules is installed:
>
>    - taxonomy_access
>    - tac_lite
>    - menu_breadcrumb
>    - admin_menu
>
> I so far am unable to discover what it is about these modules which is
> causing this problem.  This did not occur in 5.x and earlier 6.x versions of
> Drupal.
>
> Please, please, please help!
>
> -ron
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20081031/175ebb01/attachment.htm

More information about the development mailing list