Հայոց Русский

Extra Block Types (EBT) - New Layout Builder experience❗

Extra Block Types (EBT) - styled, customizable block types: Slideshows, Tabs, Cards, Accordions and many others. Built-in settings for background, DOM Box, javascript plugins. Experience the future of layout building today.

Demo EBT modules Download EBT modules

❗Extra Paragraph Types (EPT) - New Paragraphs experience

Extra Paragraph Types (EPT) - analogical paragraph based set of modules.

Demo EPT modules Download EPT modules

Scroll
  1. Home
  2. Articles

hook_permission Drupal 7 access permissions for different roles

17/04/2025, by Ivan

In previous lessons, we displayed pages and blocks in various places, and we also used the properties 'access arguments' and 'access callback' to set access restrictions for pages. In this lesson, we’ll create a more flexible way to manage access rights to operations via administration pages. For this, we’ll use hook_permission() (in Drupal 6, it was hook_perm()).

hook_permission()

Defines permissions for users.

This hook can add permissions so your module can specify which are selectable on the user permissions page. It is also used to fully or partially control access to actions performed by the module.

Permissions are checked using user_access().

Return Values

An array whose keys are permission names and whose values are arrays containing the following key-value pairs:

title: Human-readable name for the permission shown on the permissions page. This value should be wrapped in t() for translation.

description: (Optional) Description of what the permission does. Also should be wrapped in t().

restrict access: (Optional) Boolean (true or false) to indicate that the site administrator should restrict access to this permission to trusted users only. This is used for permissions that, if granted, may expose serious security vulnerabilities. When set to TRUE, the default warning message defined in user_admin_permissions() will be displayed via theme_user_permission_description(). The default is FALSE.

warning: (Optional) Custom warning message for the permission on the admin page. This overrides the automatic message generated when restrict access is TRUE. Use this sparingly to keep admin UI consistent.

Now let’s add this hook to the code from the previous lesson:

function sitemade_permission(){     
   return array('view page example'
    => array(
      'title' => t('View page example'),
      'description' => t('View simple page example'),
    ),
   ); 
}

function sitemade_menu(){
    $items = array();    
    $items['admin/config/content/page_example'] = array(
        'title' => 'Page example',
        'description' => 'Simple page',
        'page callback' => '_page_example',
        'access arguments' => array('view page example'),
    );    
    return $items;
}

function _page_example($content = NULL) {
    $content = '';
    $query = db_select('node_revision', 'n');
    $query->innerJoin('field_revision_body', 'b', 'b.revision_id = n.vid');
    $query->innerJoin('node', 'd', 'n.nid = d.nid');
    $query->fields('n', array('title'), array('nid'), array('vid'));
    $query->fields('b', array('body_value'));
    $query->condition('d.type', 'news');
    $query->orderBy('n.timestamp', 'DESC');
    $query->range(0, 10);
    $result = $query->execute();

    while ($nodes = $result->fetch()) {
        $content .= '
' . $nodes->title . '
';
        $content .= $nodes->body_value;
    }

    return $content;
}

Now a new permission will appear on the admin/people/permissions page:

Drupal add permission

Assign this permission to administrators only so regular users can't access the page. Now when regular users try to visit admin/config/content/page_example, Drupal will deny access with a 403 error.

In the next lesson, we’ll create an administration page with a settings selection form using the Drupal Forms API.