function og_user_access

cis7 og.module og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE)
cle7 og.module og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE)
elmsmedia7 og.module og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE)
icor7 og.module og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE)
meedjum_blog7 og.module og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE)
mooc7 og.module og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE)

Determine whether a user has a given privilege.

All permission checks in OG should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser and group administrators can perform all actions.


$group_type: The entity type of the group.

$gid: The entity ID of the group.

$string: The permission, such as "administer group", being checked for.

$account: (optional) The account to check. Defaults to the current user.

$skip_alter: (optional) If TRUE then user access will not be sent to other modules using drupal_alter(). This can be used by modules implementing hook_og_user_access_alter() that still want to use og_user_access(), but without causing a recursion. Defaults to FALSE.

$ignore_admin: (optional) When TRUE the specific permission is checked, ignoring the "administer group" permission if the user has it. When FALSE, a user with "administer group" will be granted all permissions. Defaults to FALSE.

Return value

TRUE or FALSE if the current user has the requested permission. NULL, if the given group isn't a valid group.

18 calls to og_user_access()
OgSelectionHandler::buildEntityFieldQuery in sites/all/modules/ulmus/og/plugins/entityreference/selection/OgSelectionHandler.class.php
Build an EntityFieldQuery to get referencable entities.
OgSelectionHandler::getGidsForCreate in sites/all/modules/ulmus/og/plugins/entityreference/selection/OgSelectionHandler.class.php
Get group IDs from URL or OG-context, with access to create group-content.
og_context_plugin_access_og_perm::access in sites/all/modules/ulmus/og/og_context/includes/views/handlers/
Determine if the current user has access or not.
og_field_access_field_access in sites/all/modules/ulmus/og/og_field_access/og_field_access.module
Implements hook_field_access().
og_handler_field_og_membership_link_delete::render_link in sites/all/modules/ulmus/og/includes/views/handlers/

... See full list

1 string reference to 'og_user_access'
og_invalidate_cache in sites/all/modules/ulmus/og/og.module
Invalidate cache.


sites/all/modules/ulmus/og/og.module, line 2091
Enable users to create and manage groups with roles and permissions.


function og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE) {
  global $user;
  $perm = &drupal_static(__FUNCTION__, array());
  // Mark the group ID and permissions that invoked an alter.
  $perm_alter = &drupal_static(__FUNCTION__ . '_alter', array());

  if (!og_is_group($group_type, $gid)) {
    // Not a group.
    return NULL;

  if (empty($account)) {
    $account = clone $user;

  // User #1 has all privileges.
  if ($account->uid == 1) {
    return TRUE;

  // Administer group permission.
  if (user_access('administer group', $account) && !$ignore_admin) {
    return TRUE;

  // Group manager has all privileges (if variable is TRUE).
  if (!empty($account->uid) && variable_get('og_group_manager_full_access', TRUE)) {
    $group = entity_load_single($group_type, $gid);
    if (!empty($group->uid) && $group->uid == $account->uid) {
      return TRUE;

  $identifier = $group_type . ':' . $gid;

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  if (!isset($perm[$identifier][$account->uid])) {
    $roles = og_get_user_roles($group_type, $gid, $account->uid);
    $role_permissions = og_role_permissions($roles);

    $perms = array();
    foreach ($role_permissions as $one_role) {
      $perms += $one_role;
    $perm[$identifier][$account->uid] = $perms;

  if (!$skip_alter && empty($perm_alter[$identifier][$account->uid][$string])) {
    // Let modules alter the permissions. since $perm is static we create
    // a clone of it.
    $group = !empty($group) ? $group : entity_load_single($group_type, $gid);
    $temp_perm = $perm[$identifier][$account->uid];
    $context = array(
      'string' => $string,
      'group_type' => $group_type,
      'group' => $group,
      'account' => $account,
    drupal_alter('og_user_access', $temp_perm, $context);

    // Re-assing the altered permissions.
    $perm[$identifier][$account->uid] = $temp_perm;

    // Make sure alter isn't called for the same permissions.
    $perm_alter[$identifier][$account->uid][$string] = TRUE;

  return !empty($perm[$identifier][$account->uid][$string]) || (!empty($perm[$identifier][$account->uid]['administer group']) && !$ignore_admin);