Global $user object should be a complete entity

If you're not storing the data in $user->data, you would need to implement hook_user('load') to load in your own custom data into a user object.

@xmarket: Are you saying you want this to be added to Drupal core? Because if you are you should set the version to 7.x (new features are always first implemented in HEAD and then backported) and you would also have to set the category to feature request
Finally you would have to write a patch http://drupal.org/patch/create that implements your suggestion

Is that where you were going with this issue?

- Arie

Looks like xmarket won't be posting any feedback so I'm setting this to fixed.

Feel free to reopen if you think that is wrong.

- Arie

I have run into this problem. I guess the question is - is this an oversight or by design? I can't find sess_read in D7 so assume things are done differently there. Basically, the problem:

1. I have custom user data that is added to global $user through hook_user(load)
2. in hook_init, I need to check this custom data and then redirect the user to a particular page depending on what's there.
3. at the point hook_init is invoked, the global $user has been pulled from the session (through sess_read) and not through user_load, meaning my custom data is not there.

It's not a big problem to load the user using $user->uid at this point, once you know what's happening, but it just feels *wrong* - it took me a while to track the problem properly, assuming that global $user would have been loaded through user_load from the start.

On looking quickly at other modules to see what they do, og,module invokes hook_user(load) at og_init, which is what I ended up doing too.

Is there a reason the fix suggested in #4 can not be implemented?

These two issues may possibly be related: http://drupal.org/node/489478, http://drupal.org/node/490108

Coming from moshe's suggestion in #638070: Router loaders causing a lot of database hits for access checks, I agree we should fully populate $user after full bootstrap.

There are two locations where this could happen:

1) At the end of http://api.drupal.org/api/function/_drupal_bootstrap_full/7 (before module_invoke_all())

2) At the beginning of http://api.drupal.org/api/function/user_init/7

I would prefer the latter, because that would mean that a module that wants to act before this happens can still use hook_init() by using a negative module weight, so it runs before user_init().

Can you give a use case for why a module needs to act before this and can't use hook_boot?

This patch adds the user_load() at end of FULL bootstrap. It depends on #490108: user_load() should add session properties when loading the currently logged-in user.

+++ includes/common.inc
@@ -4534,6 +4534,10 @@ function _drupal_bootstrap_full() {
+  
...
+  

Trailing white-space here.

+++ includes/common.inc
@@ -4534,6 +4534,10 @@ function _drupal_bootstrap_full() {
+  // Now that all modules are loaded, build full $user object.

"build [the] full"...?

Perhaps also mention that we are _entirely_ overriding/replacing the previously defined global $user. Whatever was contained, whatever was altered, will be gone.

This review is powered by Dreditor.

Made changes suggested by sun

Proper patch extracted from #490108: user_load() should add session properties when loading the currently logged-in user

thanks for keeping this moving.

I'm -1 on this patch:

In D6 this created all kinds of problems since user_load() wasn't statically cached. D7 caches it though, so multiple calls to user_load() in various hooks and callbacks add a very small performance hit to reference the static variable. I'm a proponent of lazy-loading and I see this as a good chance to use it, since we now have the static caching necessary.

Doing user_load() accounts for 5-8% of a page load, which is wasteful if we don't use the full $user. #638070: Router loaders causing a lot of database hits for access checks is intended on cutting that waste, and this patch would nullify that effort.

Same here, there's no critical bug caused by this, most people figure it out pretty quickly, and it's no longer the false optimization it was in D6. We just go to the point where you can do a full bootstrap without any database queries, and this would make that impossible, as well as the 4-6% hit on sites which turn out not to need it.

It is true that there is no critical core bug caused by this, and many people figure it out. Those are not reasons to block this. This fixes a Drupal WTF that traps many developers. Most eventually recover, but I think we should aim to not have the trap to begin with.

1. I think that on almost all substantial sites, the user object gets loaded for the current user. It is mostly in the vacuum of core where it appears that we can avoid this.
2. Sites watch performance close enough to care about are going to run with persistent entity caching and thus its a non-issue.

I think this is a case where we should choose correctness over performance.

Anyone up for a reroll? Its looking like we need some committer input soon.

I guess it doesn't really make sense for the anonymous user, because there's most likely not much to load. And I guess this is what makes others here a bit nervous about performance.

For authenticated users, it's very very likely that the full $user object of the current user will be loaded anyway.

So how about this compromise?

Works for me.

I prefer sun's patch, but I'm still kind of skeptical. I don't think core should get in the habit of doing non-trivial processing unless the data is actually required. Whether or not core is a 'vacuum' in this case is unfounded, let's see an actual list of contrib modules that require a user_load($user->uid) on every request.

@moshe FYI, entity caching on users may not be possible in D7, see:

http://drupal.org/node/638070#comment-2390978
#665618: Add entity caching for users

Yes, entity caching of users is a lot more tricky than other entities, and while I have working code for everything else either in patches or contrib, I've only had major test breakage for users so far. So relying on that isn't a safe bet as this point.

Doing this in any full bootstrap is also going to affect things like autocomplete etc, which are quite likely to run without a user_load() unless you have another module doing it in hook_boot() or hook_init(), so I really don't think it's a false optimization, and would also like to see a list of contrib modules which force it.

OK, I'm willing to let this one go. Lets revisit it when entity cache is available for users (D8, I hope). If someone else to move it back to 7, feel free to don your battle gear and do so.

If we can get user caching in core, that's likely to be the place where it's actually a decent gain even with database caching out of the box, so hopefully (early) D8 yeah.

Only feature requests and tasks can be assigned to D8 for now, because the Drupal 8 tree is not opened yet.

Fortunately, this is more a feature request.

We can at least easily fix this for the [current-user] token: #967330: The [current-user:?] token should provide the actual loaded user.

fwiw entitycache has had user support for a little while now, I haven't checked whether it can pass core tests yet but it's been running in production for months with no noticeable side effects. So I'd have much less of an issue with this for Drupal 8. Although entitycache is currently only used on 5 sites, so doing this without caching support in core still concerns me a bit.

subscribing

.

#12: full_user.diff queued for re-testing.

Subscribe.

Ran into this with a field attached to the user that effected node access. When attempting to check the field in hook_node_access() $account did not contain it, but user_load($account->uid) did.

I'm confused. How is this not a bug? If I call user_load(1234) and user 1234 is the currently logged in user, none of the fields are loaded. If user 1234 is NOT logged in, all fields ARE loaded.

Whoops, sorry, I'm wrong. My dpm was one page load behind. So user_load did contain the fields and data, but global $user did not.

Tagging Dependency Injection since we could dynamically lazy-instantiate the User object with it. Should this wait until we actually have a class for it? #1361228: Make the user entity a classed object

I think we should ditch this proposal entirely and do the opposite:
#1549526: Change global $user into $session

postponed http://drupal.org/node/1634280 on this

I guess it is safe to say by now that this won't happen.

As a stop-gap fix we may do #1549526: Change global $user into $session, but in reality, we want to replace the entire session handling (which would eliminate global $user entirely).

I just would like to re-roll patch from #27 to last drupal 7 version. Maybe will be useful for someone.