[development] The static $perm variable in user_access reset erroneously

Ron Parker sysop at scbbs.com
Fri Oct 31 18:38:42 UTC 2008 

On Fri , Oct 31, 2008 at 12:27 AM, David Metzler < metzlerd at metzlerd.com >wrote: 

> It sounds like you're suggesting that $perm, a static variable within 
> user_access() is being modified without user_access being called, but within 
> a single page load. That doesn't seem possible in PHP, unless there is a 
> PHP bug. Static variables are supposed to be local in scope to the 
> functions that create them. To prove beyond a shadow of doubt, put a $debug 
> statement in at the very beginning of the function user_access and another 
> at the very end of the function. (just before the return). If what you're 

This is exactly what I'm suggesting. I put debug statements in user_access, node_content_access, and my OGUR function so that I would see every time they were accessed, and what was in them. 

To briefly summarize, I have a role "GroupAdmin" which is dynamically added to the $user object. It contains the "create story content" permission. 

I issue the command to clear the $perm cache: user_access('ClearCache', NULL, TRUE) 

This is followed by a module_invoke command (which, in turn will again call user_access): 
module_invoke('node_content', 'access', 'create', 'story', $user) 





The problem is that the $perm variable in the second user_access call should contain the values from the first user_access call, and it doesn't. It is still set, as it should be, but the variables are different. Here are the results of my debugging: 





I noticed that even when my hook_init() clears the $perm variable: 

    • user_access('', NULL, TRUE) 
    • ogur roles loaded into user object (hook_init) 
    • user_access | string = 
    • user_access | static $perm is NOT already set 
    • user_access | $perm set for uid 3 (test01) 
    • user_access | string = | $perm values = 0,1,2,0,1,2,4,5,7,8,9,10,4,5,6,7,8,9,10,0,0,1,2,3,4 
    • user_access | roles returned: (authenticated user,Devel,Group Member,Group Contributor,Group Admin) 
    • user_access | permissions returned: (access comments,access content,view uploaded files,view advanced help index,view advanced help popup,view advanced help topic,post comments,post comments without approval,search content,use advanced search,subscribe to newsletters,view links in block,create page content,create story content,delete own page content,delete own story content,edit own page content,edit own story content,upload files,configure member roles,access devel information,display source code,execute php code,switch users,view devel_node_access information) 


The very next call to user_access does NOT contain the correct permissions: 

    • user_access('access content') 
    • user_access | string = access content | $perm values = 0,1,2,3,4,5,6,7,8,9,10,0,1,2,3,4 ( note that all the permmissions from above are NOT here - the only ones missing are those granted by the dynamically assigned roles ) 
    • user_access | static $perm is already set 
    • user_access | roles returned: (authenticated user,Devel,Group Member,Group Contributor,Group Admin) 
    • user_access | permissions returned: (view advanced help index,view advanced help popup,view advanced help topic,access comments,post comments,post comments without approval,access content,search content,use advanced search,subscribe to newsletters,view links in block,access devel information,display source code,execute php code,switch users,view devel_node_access information) 


Another test: 




This is the page loaded: 




http://mysite.com/node/ognodeadd?type=story&gids[]=24 




User should be able to create story. This is what debug returns: 

    • ogur roles loaded into user object (ognodeadd) 
    • ogur | ognodeadd roles returned: (authenticated user,Devel,Group Member,Group Contributor, Group Admin ) These are the correct roles for this user in this group. 
    • ogur | module to call = node_content | type = story 
    • ogur | Preparing to call module_invoke 
    • ogur | Calling user_access('ClearCache', NULL, TRUE) 
    • user_access | string = ClearCache 
    • user_access | static $perm is NOT already set 
    • user_access | $perm set for uid 3 (test01) 
    • user_access | string = ClearCache | $perm values = 0,1,2,0,1,2,4,5,7,8,9,10,4,5,6,7,8,9,10,0,0,1,2,3,4 
    • user_access | roles returned: (authenticated user,Devel,Group Member,Group Contributor,Group Admin) This is correct. 
    • user_access | permissions returned: (access comments,access content,view uploaded files,view advanced help index,view advanced help popup,view advanced help topic,post comments,post comments without approval,search content,use advanced search,subscribe to newsletters,view links in block, create page content,create story content,delete own page content,delete own story content,edit own page content,edit own story content,upload files ,configure member roles,access devel information,display source code,execute php code,switch users,view devel_node_access information) The above are the permissions that $perm should have the next time user_access is ran. It will run again when module_invoke() is called. Below is what comes back the very next time user_access is called. 


    • ogur | Calling module_invoke('node_content', 'access', 'create', 'story', $user) 
    • node_content_access | type = story | op = create 
    • node_content_access | roles returned: (authenticated user,Devel,Group Member,Group Contributor,Group Admin) 
    • user_access | string = create story content | $perm values = 0,1,2,3,4,5,6,7,8,9,10,0,1,2,3,4 
    • user_access | static $perm is already set 
    • user_access | roles returned: (authenticated user,Devel,Group Member,Group Contributor, Group Admin ) This is correct. 
    • user_access | permissions returned: (view advanced help index,view advanced help popup,view advanced help topic,access comments,post comments,post comments without approval,access content,search content,use advanced search,subscribe to newsletters,view links in block,access devel information,display source code,execute php code,switch users,view devel_node_access information) 

Note that the "Group Admin" role permissions are not included here. They should be the same as from from the ClearCache user_access command above. It appears that the above permissions have been cached somewhere else. 
    • ogur | module_invoke called 
    • ogur | ognodeadd roles returned: (authenticated user,Devel,Group Member,Group Contributor,Group Admin) 
    • ogur | module_invoke access returns false Access should be true here. 


Installed devel module. There are four user_access SQL queries that appear on this page: 

	1.16 	1 	user_access 	SELECT p.perm FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN (2,8) 
	0.77 	3 	user_access 	SELECT p.perm FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN (2,8,3,4,7) 
	0.76 	3 	user_access 	SELECT p.perm FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN (2,8,3,4,7) 
	0.72 	3 	user_access 	SELECT p.perm FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN (2,8,3,4,7) 







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20081031/3fb7c48a/attachment-0001.htm

More information about the development mailing list