Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June. I wote a module 'findmember' and assigned the following 2 access arguments:
>>> 'access arguments' => array('access user profile', 'access findmember'),
>>>
function findmember_menu() {
....
$items['findmember'] = array(
'title' => 'Find members',
'description' => 'Find user search form',
'page callback' => 'findmember_show',
'access arguments' => array('access user profile, access findmember'),
'type' => MENU_CALLBACK,
);
<<<
I hope, it's right to assign more than 1 access rights to a menu, otherwise ignore this issue...
OTHERWISE:
in include/menu.inc line(449) menu_check_access(): 'user_access' is called with 2 args, because
my menu 'access arguments' array contains 2 values...
>>>
436 function _menu_check_access(&$item, $map) {
.....
443 }
444 else {
445 $arguments = menu_unserialize($item['access_arguments'], $map);
446 // As call_user_func_array is quite slow and user_access is a very common
447 // callback, it is worth making a special case for it.
448 if ($callback == 'user_access') {
449 $item['access'] = (count($arguments) == 1) ? user_access($arguments[0]) : user_access($arguments[0], $arguments[1]);
450 }
451 else {
452 $item['access'] = call_user_func_array($callback, $arguments);
453 }
454 }
455 }
in modules/user/user.modules line(482) user_access():
My debugging shows:
The call gives 2 args to user_access
>>> user_access($string='access user profile', $account = 'access findmember', $reset = FALSE)
1. The value of '$string' is ok, but what is with my second access right?
2. Argument $account contains neither a valid account object nor 'NULL, but my 2. access string
So in line(490) the account object won't reassigned, because
$account contains my string 'access findmember' but not the expected
account object or NULL.
The following code at line 501,502 fails an throws error messages!!!!
482 function user_access($string, $account = NULL, $reset = FALSE) {
483 global $user;
484 static $perm = array();
485
486 if ($reset) {
487 $perm = array();
488 }
489
490 if (!isset($account)) {
491 $account = $user;
492 }
493
494 // User #1 has all privileges:
495 if ($account->uid == 1) {
496 return TRUE;
497 }
498
499 // To reduce the number of SQL queries, we cache the user's permissions
500 // in a static variable.
501 if (!isset($perm[$account->uid])) {
502 $result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->
503
504 $perms = array();
505 while ($row = db_fetch_object($result)) {
506 $perms += array_flip(explode(', ', $row->perm));
507 }
508 $perm[$account->uid] = $perms;
509 }
510
511 return isset($perm[$account->uid][$string]);
512 }
Hope it was helpful
cheers Jens from Berlin/Germany
Comments
Comment #1
damien tournoud commentedThe default 'access callback' is 'user_access'. The 'access arguments', are just the arguments passed to that function.
If you write:
You want Drupal to call user_access('access user profile, access findmember'), which obviously will not work.
So no, you cannot do that. I suggest you write your own access callback.