I've contributed some code to the OG User Roles module. This module allows for roles to be assigned on a per-group basis. It works fairly simply: we pull in the roles that have been assigned to the current user in the current group in hook_init(). The problem is that the group context is available in hook_init(), so we have to try a load of heuristics to try to grab the gid from the URL. This is flaky and involves lots of hacks to support various modules. The reason we can't do this later is that user_access() statically caches the permissions a user has, and there's no $flush or $reset parameter to ask the function to get rid of its cache and recalculate permissions from $user->roles. Therefore as soon as user_access() is called adding roles to $user->roles becomes pointless.
I attach a patch against 6.0-beta which adds this parameter to user_access(), which would simplify and make more robust the OG User Roles plugin, as well as making user_access() more consistent with other caching functions like node_load().
Comment | File | Size | Author |
---|---|---|---|
#8 | user_access_8.patch | 1.34 KB | Wim Leers |
#6 | user_97.patch | 1.35 KB | Wim Leers |
#4 | user.module_20071026_0.patch | 896 bytes | Wim Leers |
#3 | user.module_20071026.patch | 896 bytes | StevenPatz |
user-access-reset.diff | 1.27 KB | dmhouse | |
Comments
Comment #1
Zothos CreditAttribution: Zothos commentedHm, wrong patch format i think
Comment #2
catchYep, marking to needs work for unified diff.
Comment #3
StevenPatzHere's an updated patch.
Comment #4
Wim LeersReplaced question mark with a period. Looks good otherwise.
Comment #5
Wim LeersActually, that patch was crap. It wasn't conform the coding standards, and the $reset parameter wasn't even added to the function's parameter list...
I also tried to improve the explanation of the $reset parameter.
Needs review.
Comment #6
Wim LeersBah, forgot the patch.
Comment #7
Wim LeersBetter title.
Comment #8
Wim LeersOops, the parameter name in the parameter list was incorrect in this patch. Fixed.
Comment #9
moshe weitzman CreditAttribution: moshe weitzman commenteda useful feature, and code is clean.
Comment #10
Gábor HojtsyThanks, committed.
Comment #11
(not verified) CreditAttribution: commentedAutomatically closed -- issue fixed for two weeks with no activity.
Comment #12
SomebodySysop CreditAttribution: SomebodySysop commentedI've found a problem here: http://drupal.org/node/325889
Do you think this mean the patch itself needs to be re-visited?
Comment #13
SomebodySysop CreditAttribution: SomebodySysop commentedThe patch does function as it was designed. However, something else is causing the $perm variable to be altered *outside* of the user_access function. Still trying to find out how this is possible.
http://drupal.org/node/325889#comment-1084975
Comment #14
SomebodySysop CreditAttribution: SomebodySysop commentedBug in user_access function: http://drupal.org/node/329646
This bug prevents the reset mechanism from working properly. Resolved in 6.x with this patch: http://drupal.org/files/issues/329646-user-module-reset-d6.patch