I wanted to get some feedback as to why there isn't a call to drupal_alter() call on the permissions that are cached in user_access()? This would be super useful and I don't think it would really add much overhead at all since those are only loaded once per page and then statically cached.

This would be useful if I need to assign a specific permission to a single user. We have this case all of the time - we are a school and we want to give John Admin permission to see transcripts of students. Right now the only way to do this is to create a new role, assign it to John, and give the permission to that role. You can imagine that we have a million useless/pointless roles.

If drupal_alter() were called in user_access() someone could write the user_permissions module which, you guessed it, would allow you to assign permissions to a specific user (I'd even write this module).

I'd love to hear arguments against this idea, or if there any links to previous discussions about it (I couldn't find anything by searching). I'd be happy to write the change if there's positive feedback/discussion (it's a one liner really). We've lived without it so far, but I'm not sure how much longer we can and I would really prefer to not hack core.

Comments

Status: Active » Closed (outdated)

Automatically closed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.