Laptop with lock icon.

Create and use a custom permission in your Drupal module

Define a permission in Drupal code and check access programmatically

You can define your own permissions for the Drupal permissions page (/admin/people/permissions in modern Drupal, Drupal 8, 9, 10, and beyond) and then add conditional options to your code to do different things based on the role of the user and the permissions configured by a site administrator.

Here's how.

Create a modulename.permissions.yml file

This simple file has the permission machine name (lower case with spaces) and a title (Sentence case) with an optional description.

For our module, which has a particularly long name, that file is drutopia_findit_site_management.permissions.yml and its contents are like so:

access meta tab:
  title: 'Access meta tab'
  description: 'Access meta information (author, creation date, boost information) in Meta vertical tab.'

You can repeat lines like these in the same file for as many permissions as you wish to define.

Check for that permission in your code

The process for checking permissions is simply to use a user object if that's handed into your code, or to load the current user if it's not, and use the hasPermission() method which returns TRUE if that user has permission and FALSE if not.

For example, in a form alter in our drutopia_findit_site_management.module file:

/**
 * Implements hook_form_BASE_FORM_ID_alter() for node_form.
 *
 * Completely hide the Meta vertical tab (field group) from people without permission.
 *
 */
function drutopia_findit_site_management_form_node_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  // If the current user has the permission, do not hide the Meta vertical tab.
  if (\Drupal::currentUser()->hasPermission('access meta tab')) {
    return;
  }
  // Code to hide the meta tab goes here, and is only reached if the user lacks the permission. 
  // ...
}

See all this code in context in the Find It Site Management module.

To learn more about defining permissions in modern Drupal, including dynamic permissions, you can see the change record for when the new approach replaced hook_permission().

More about...

Drupal, Drupal Planet, code snippet, Drupal 9, and Modern Drupal

Comments

No comments yet, be the first!

Add new comment

The content of this field is kept private and will not be shown publicly.

Markdown

The comment language code.
CAPTCHA Please help us focus on people and not spambots by answering this question.

Related content

""

By Benjamin Melançon
On 2021 January 13

Upgrade from Drupal 6 or 7 when it is right for you: In the era of modern Drupal, release cycles of major versions have only minor importance

Drupal 7 has a much longer lifespan than the (already pushed back) official date, and Drupal 8 has an essentially infinite lifespan because it can update in-place to Drupal 9 easily and the same will be true of Drupal 10, 11, ∞. There's no reason to rush an upgrade— but there's no reason to wait either.
A tree's branches.

By David Valdez
On 2020 June 08

Keep modules compatible with multiple Drupal Core branches while using new services

How to keep modules compatible with Drupal 8.7 and below while still using the new services.

By Stefan Freudenberg
On 2015 February 25

Migrate HTML the Easy Way in Drupal 7

How to migrate HTML into a Drupal 7 site.

By David Valdez
On 2017 March 01

How to Start Contributing Code to Drupal

Practical advice on contributing code to Drupal.

Just one more thing...

The Talking Drupal Drupal logo - the brand name under a chat bubble containing a water droplet

Mauricio was interviewed on Talking Drupal to discuss his 31 Days of Migrations tutorial blog series on Drupal Migrations.

Agaric Newsletter image.

Agaric is sending out our first Newsletter since we formed 15+ years ago! Get on the list to receive our missives in the future.