Home » Developing for Drupal » Module developer's guide » Creating Drupal 6.x modules » Drupal menu system (Drupal 6.x) » Access control

Access Arguments

·
Last modified: September 10, 2009 - 15:22

Understanding access arguments can be a little confusing, but they are really quite simple. Let's take this example and work through the arguments.

<?php
  $items['foo/bar/user'] = array(
    'title' => 'Foobar',
    'description' => 'List, add, and edit Foobars.',
    'page callback' => 'foo_bar_function',
    'access callback' => 'user_access',
    'access arguments' => array('administer users'),
  );
?>

Permissions Arguments, array('this_permission')

Here access arguments is the key for an array that contains one item administer users. This means that the current user must have permission to administer users in order to access the page. Which page? Notice the first line gives the path to $item. The path is 'foo/bar/user'.

In this example, 'administer users' is the string that drupal uses to reference permissions. If you go to the permissions page (Administer >> User Management >> Permissions), you can see a list of strings you might use for access arguments. Each permission can be used by your module.

So you could use any of the following from a default drupal installation blog module permissions:

  • create blog entries
  • delete any blog entry
  • delete own blog entries
  • edit any blog entry
  • edit own blog entries

All of these would be valid references within the hook_menu function.

Note:This is not a recommended method to use in a custom module. It is simply an illustration of how access arguments work.

The argument below is recommended for all users to have access to a page.

'access arguments' => array('access content')

Integer Arguments, array(1)

Sometimes you might want to reference the URL path components as an access argument. Returning to our example above with the path 'foo/bar/user', we could reference each component of the path in the following manner:

'access arguments' => array(0)

This says, if the user has permission to access oursite.org/foo then grant them access to this page. The array follows the pattern array(0) == foo, array(1) == bar, and so on.

This can be useful if your module directs users to specific nodes.

For example, if our path was 'node/%bar_menu/submission/%bar_menu_submission', where %bar_menu was the node number and %bar_menu_submission was the submission number, then you could make the following argument:

'access arguments' => array(1)

This argument says, if the user has access to 'node/nid-passed-from-%bar_menu', then grant them access to 'node/%bar_menu/submission/%bar_menu_submission'.
see here

» Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.