Checking the proper user account

In most cases, permission checks are made against the current user, defined in the $user object. Module authors must pay careful attention to the context of their permission checks, especially when displaying information about specific users.

For example, you may wish to add a section to the user account page where a site administrator can check the roles that an individual user has. To do this we would implement hook_user_view() and test the global $user object to ensure that this is a trusted administrator, who can view this information.

First, we set up a simple check for the current user: Does he/she have the permission to view this information?

function example_user_view($account, $view_mode) { if (!user_access('view ...

Get Drupal 7 Module Development now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.