diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-11-01 17:04:20 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-11-01 17:04:20 +0000 |
| commit | 23ca7a2d8832aa16107cf7002c35170ae2b87a1c (patch) | |
| tree | 7878082b9e4bd2b0d20380d11c6404b72cd44d32 | |
| parent | 3d47ad359ded4cb947b7ada9b3418640cfb3c642 (diff) | |
| download | brdo-23ca7a2d8832aa16107cf7002c35170ae2b87a1c.tar.gz brdo-23ca7a2d8832aa16107cf7002c35170ae2b87a1c.tar.bz2 | |
- Another batch of updates/improvements:
+ introduced basic node permissions ("create", "delete", "update" and
"view") at the node level: it's up to the "<$node->type>_module" to
hide gory details (if any).
+ made the "blog it"-feature in the blog and import module work with
the new node system, in specific with the new centralized forms.
+ made it possible to update blogs.
+ made the page module work with the new node system.
+ various smaller improvements.
| -rw-r--r-- | includes/node.inc | 43 | ||||
| -rw-r--r-- | modules/aggregator.module | 6 | ||||
| -rw-r--r-- | modules/aggregator/aggregator.module | 6 | ||||
| -rw-r--r-- | modules/blog.module | 64 | ||||
| -rw-r--r-- | modules/blog/blog.module | 64 | ||||
| -rw-r--r-- | modules/book.module | 44 | ||||
| -rw-r--r-- | modules/book/book.module | 44 | ||||
| -rw-r--r-- | modules/forum.module | 27 | ||||
| -rw-r--r-- | modules/forum/forum.module | 27 | ||||
| -rw-r--r-- | modules/import.module | 6 | ||||
| -rw-r--r-- | modules/node.module | 151 | ||||
| -rw-r--r-- | modules/node/node.module | 151 | ||||
| -rw-r--r-- | modules/page.module | 41 | ||||
| -rw-r--r-- | modules/page/page.module | 41 | ||||
| -rw-r--r-- | modules/queue.module | 4 | ||||
| -rw-r--r-- | modules/story.module | 49 | ||||
| -rw-r--r-- | modules/story/story.module | 49 | ||||
| -rw-r--r-- | node.php | 6 |
18 files changed, 559 insertions, 264 deletions
diff --git a/includes/node.inc b/includes/node.inc index a42cc0232..01f5c17a0 100644 --- a/includes/node.inc +++ b/includes/node.inc @@ -1,31 +1,10 @@ <?php // $Id$ -/* -** Loading and storing nodes: -** - load: called when a node is being loaded -** - save: called before a node gets saved and used to define default -** values -** - insert: called when inserting a node to the node table -** - delete: called when deleting a node from the node table -** - update: called when updating a node in the noe table -** -** Viewing and editing nodes: -** - view: called to display a node on the screen -** - form: called to display a node's form -** -** - status -*/ - // TODO: still used by themes, yet doesn't return anything at the moment function node_index() { } -function node_access($node) { - global $user; - return ($node->status == 1) || user_access("administer nodes"); -} - function node_get_comments($nid) { $comment = db_fetch_object(db_query("SELECT COUNT(c.lid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.lid WHERE n.nid = '$nid' GROUP BY n.nid")); return $comment->number ? $comment->number : 0; @@ -210,21 +189,21 @@ function node_save($node, $filter) { } -function node_delete($conditions) { +function node_delete($node) { - if ($node = node_load($conditions)) { - - // delete the node and its comments: - db_query("DELETE FROM node WHERE nid = '$node->nid'"); - db_query("DELETE FROM comments WHERE lid = '$node->nid'"); - db_query("DELETE FROM moderate WHERE nid = '$node->nid'"); + if (is_array($node)) { + $node = node_object($node); + } - // call the node specific callback (if any): - module_invoke($node->type, "delete", &$node); + // delete the node and its comments: + db_query("DELETE FROM node WHERE nid = '$node->nid'"); + db_query("DELETE FROM comments WHERE lid = '$node->nid'"); + db_query("DELETE FROM moderate WHERE nid = '$node->nid'"); - watchdog("special", "node: deleted '$node->title'"); - } + // call the node specific callback (if any): + module_invoke($node->type, "delete", &$node); + watchdog("special", "node: deleted '$node->title'"); } function node_view($node, $main = 0) { diff --git a/modules/aggregator.module b/modules/aggregator.module index 51de2e52a..0c3c16b1a 100644 --- a/modules/aggregator.module +++ b/modules/aggregator.module @@ -497,7 +497,7 @@ function import_page_last() { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>"; if ($item->link) { @@ -530,7 +530,7 @@ function import_page_feed($fid) { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"$item->link\">". t("visit") ."</a>"; if ($item->link) { @@ -564,7 +564,7 @@ function import_page_bundle($bid) { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>"; $links[] = "<a href=\"$item->link\">". t("visit") ."</a>"; diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index 51de2e52a..0c3c16b1a 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -497,7 +497,7 @@ function import_page_last() { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>"; if ($item->link) { @@ -530,7 +530,7 @@ function import_page_feed($fid) { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"$item->link\">". t("visit") ."</a>"; if ($item->link) { @@ -564,7 +564,7 @@ function import_page_bundle($bid) { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>"; $links[] = "<a href=\"$item->link\">". t("visit") ."</a>"; diff --git a/modules/blog.module b/modules/blog.module index 97c9a8559..a0489928b 100644 --- a/modules/blog.module +++ b/modules/blog.module @@ -1,6 +1,35 @@ <?php // $Id$ +function blog_node($field) { + global $user; + + $info = array("name" => "personal blog"); + + return $info[$field]; +} + +function blog_access($op, $node) { + global $user; + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + if ($op == "create") { + return $user->uid; + } + + if ($op == "update") { + return user_access("administer nodes") || ($user->uid == $node->uid); + } + + if ($op == "delete") { + return user_access("administer nodes") || ($user->uid == $node->uid); + } + +} + function blog_help() { ?> <p>Drupal's blog module allows registered users to maintain an online blog or diary. It provides easy-to-write and easy-to-read online diaries or journals that can be filled with daily thoughts, poetry, boneless blabber, spiritual theories, intimate details, valuable experiences, cynical rants, semi-coherent comments, writing experiments, artistic babblings, critics on current facts, fresh insights, diverse dreams, chronicles and mumbling madness available for public consumption.</p> @@ -94,7 +123,7 @@ function blog_page_user($uid = 0, $date = 0) { } if ($user->uid && user_access("post blogs")) { - $links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>"; } if ($blog->comment) { @@ -131,7 +160,7 @@ function blog_page_last() { } if ($user->uid && user_access("post blogs")) { - $links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>"; } if ($blog->comment) { @@ -150,6 +179,17 @@ function blog_page_last() { } function blog_form($edit) { + global $nid, $iid; + + if (!$edit->body) { + if ($nid && $blog = node_load(array("nid" => $nid))) { + $edit->body = "<i>". $blog->body ."</i> [<a href=\"module.php?mod=blog&id=$blog->uid&date=$blog->created\">$blog->name</a>]"; + } + + if ($iid && $item = db_fetch_object(db_query("SELECT i.*, f.title as ftitle, f.link as flink FROM item i, feed f WHERE i.iid = '". check_input($iid) ."' AND i.fid = f.fid"))) { + $edit->body = "<a href=\"$item->link\">$item->title</a> - <i>". check_output($item->description) ."</i> [<a href=\"$item->flink\">$item->ftitle</a>]\n"; + } + } $output = form_textarea(t("Body"), "body", $edit->body, 60, 15, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); @@ -157,30 +197,14 @@ function blog_form($edit) { } function blog_save($node) { - global $user; if ($node->nid) { - - /* - ** Load the original blog from the database to make sure that only - ** original author can update his blog. - */ - - $blog = node_load(array("nid" => $node->nid)); - - if ($user->uid && $user->uid == $node->uid && $user->uid == $blog->uid) { - return array(); - } - else if (user_access("adminster nodes")) { - return array(); - } - else { - return 0; - } + return array(); } else { return array("promote" => 0, "moderate" => 0, "status" => 1); } + } function blog_page() { diff --git a/modules/blog/blog.module b/modules/blog/blog.module index 97c9a8559..a0489928b 100644 --- a/modules/blog/blog.module +++ b/modules/blog/blog.module @@ -1,6 +1,35 @@ <?php // $Id$ +function blog_node($field) { + global $user; + + $info = array("name" => "personal blog"); + + return $info[$field]; +} + +function blog_access($op, $node) { + global $user; + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + if ($op == "create") { + return $user->uid; + } + + if ($op == "update") { + return user_access("administer nodes") || ($user->uid == $node->uid); + } + + if ($op == "delete") { + return user_access("administer nodes") || ($user->uid == $node->uid); + } + +} + function blog_help() { ?> <p>Drupal's blog module allows registered users to maintain an online blog or diary. It provides easy-to-write and easy-to-read online diaries or journals that can be filled with daily thoughts, poetry, boneless blabber, spiritual theories, intimate details, valuable experiences, cynical rants, semi-coherent comments, writing experiments, artistic babblings, critics on current facts, fresh insights, diverse dreams, chronicles and mumbling madness available for public consumption.</p> @@ -94,7 +123,7 @@ function blog_page_user($uid = 0, $date = 0) { } if ($user->uid && user_access("post blogs")) { - $links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>"; } if ($blog->comment) { @@ -131,7 +160,7 @@ function blog_page_last() { } if ($user->uid && user_access("post blogs")) { - $links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>"; } if ($blog->comment) { @@ -150,6 +179,17 @@ function blog_page_last() { } function blog_form($edit) { + global $nid, $iid; + + if (!$edit->body) { + if ($nid && $blog = node_load(array("nid" => $nid))) { + $edit->body = "<i>". $blog->body ."</i> [<a href=\"module.php?mod=blog&id=$blog->uid&date=$blog->created\">$blog->name</a>]"; + } + + if ($iid && $item = db_fetch_object(db_query("SELECT i.*, f.title as ftitle, f.link as flink FROM item i, feed f WHERE i.iid = '". check_input($iid) ."' AND i.fid = f.fid"))) { + $edit->body = "<a href=\"$item->link\">$item->title</a> - <i>". check_output($item->description) ."</i> [<a href=\"$item->flink\">$item->ftitle</a>]\n"; + } + } $output = form_textarea(t("Body"), "body", $edit->body, 60, 15, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); @@ -157,30 +197,14 @@ function blog_form($edit) { } function blog_save($node) { - global $user; if ($node->nid) { - - /* - ** Load the original blog from the database to make sure that only - ** original author can update his blog. - */ - - $blog = node_load(array("nid" => $node->nid)); - - if ($user->uid && $user->uid == $node->uid && $user->uid == $blog->uid) { - return array(); - } - else if (user_access("adminster nodes")) { - return array(); - } - else { - return 0; - } + return array(); } else { return array("promote" => 0, "moderate" => 0, "status" => 1); } + } function blog_page() { diff --git a/modules/book.module b/modules/book.module index 39be32c66..84c7d00de 100644 --- a/modules/book.module +++ b/modules/book.module @@ -1,6 +1,35 @@ <?php // $Id$ +function book_node($field) { + global $user; + + $info = array("name" => "book page"); + + return $info[$field]; +} + +function book_access($op, $node) { + global $user; + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + if ($op == "create") { + return 1; + } + + if ($op == "update") { + return 1; + } + + if ($op == "delete") { + return user_access("adminster nodes"); + } + +} + function book_link($type) { if ($type == "page" && user_access("access content")) { $links[] = "<a href=\"module.php?mod=book\">". t("collaborative book") ."</a>"; @@ -36,17 +65,11 @@ function book_delete($node) { } function book_save($node) { - if ($node->nid) { - if (user_access("administer nodes")) { - return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight"); - } - else { - // TODO: temporay disabled book page updates by regular users - return 0; - } + if ($node->nid && user_access("administer nodes")) { + return array("pid", "log", "parent", "weight"); } else { - return array("pid", "log", "parent", "weight"); + return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight"); } } @@ -80,8 +103,7 @@ function book_view($node, $main = 0) { $indent .= "-"; } - $output .= " <TR><TD COLSPAN=\"3\">$location</TD></TR>"; -// TODO: <TD ALIGN=\"right\">". node_control($node) ."</TD></TR>\n"; + $output .= " <TR><TD COLSPAN=\"2\">$location</TD><TD ALIGN=\"right\"><A HREF=\"module.php?mod=node&op=edit&id=$node->nid\">update</A></TD></TR>\n"; $output .= " <TR><TD COLSPAN=\"3\"><HR></TD></TR>"; $output .= " <TR><TD COLSPAN=\"3\"><B><BIG>". check_output($node->title) ."</BIG></B>". ($node->body ? "<BR><SMALL><I>Last updated by ". format_name($node) ." on ". format_date($node->created) ."</I></SMALL> " : "") ."</TD></TR>\n"; } diff --git a/modules/book/book.module b/modules/book/book.module index 39be32c66..84c7d00de 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -1,6 +1,35 @@ <?php // $Id$ +function book_node($field) { + global $user; + + $info = array("name" => "book page"); + + return $info[$field]; +} + +function book_access($op, $node) { + global $user; + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + if ($op == "create") { + return 1; + } + + if ($op == "update") { + return 1; + } + + if ($op == "delete") { + return user_access("adminster nodes"); + } + +} + function book_link($type) { if ($type == "page" && user_access("access content")) { $links[] = "<a href=\"module.php?mod=book\">". t("collaborative book") ."</a>"; @@ -36,17 +65,11 @@ function book_delete($node) { } function book_save($node) { - if ($node->nid) { - if (user_access("administer nodes")) { - return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight"); - } - else { - // TODO: temporay disabled book page updates by regular users - return 0; - } + if ($node->nid && user_access("administer nodes")) { + return array("pid", "log", "parent", "weight"); } else { - return array("pid", "log", "parent", "weight"); + return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight"); } } @@ -80,8 +103,7 @@ function book_view($node, $main = 0) { $indent .= "-"; } - $output .= " <TR><TD COLSPAN=\"3\">$location</TD></TR>"; -// TODO: <TD ALIGN=\"right\">". node_control($node) ."</TD></TR>\n"; + $output .= " <TR><TD COLSPAN=\"2\">$location</TD><TD ALIGN=\"right\"><A HREF=\"module.php?mod=node&op=edit&id=$node->nid\">update</A></TD></TR>\n"; $output .= " <TR><TD COLSPAN=\"3\"><HR></TD></TR>"; $output .= " <TR><TD COLSPAN=\"3\"><B><BIG>". check_output($node->title) ."</BIG></B>". ($node->body ? "<BR><SMALL><I>Last updated by ". format_name($node) ." on ". format_date($node->created) ."</I></SMALL> " : "") ."</TD></TR>\n"; } diff --git a/modules/forum.module b/modules/forum.module index 5364b7e34..f33ad51f5 100644 --- a/modules/forum.module +++ b/modules/forum.module @@ -1,6 +1,21 @@ <?php // $Id$ +function forum_node($field) { + $info = array("name" => "discussion forum"); + + return $info[$field]; +} + +function forum_access($op, $node) { + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + return user_access("adminster nodes"); +} + function forum_link($type) { if ($type == "page" && user_access("access content")) { $links[] = "<a href=\"module.php?mod=forum\">". t("forum") ."</a>"; @@ -24,18 +39,12 @@ function forum_form($node) { function forum_save() { - if (user_access("administer nodes")) { - if ($node->nid) { - return array(); - } - else { - return array("promote" => 0, "moderate" => 0, "status" => 1); - } + if ($node->nid) { + return array(); } else { - return 0; + return array("promote" => 0, "moderate" => 0, "status" => 1); } - } function forum_num_comments($nid) { diff --git a/modules/forum/forum.module b/modules/forum/forum.module index 5364b7e34..f33ad51f5 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -1,6 +1,21 @@ <?php // $Id$ +function forum_node($field) { + $info = array("name" => "discussion forum"); + + return $info[$field]; +} + +function forum_access($op, $node) { + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + return user_access("adminster nodes"); +} + function forum_link($type) { if ($type == "page" && user_access("access content")) { $links[] = "<a href=\"module.php?mod=forum\">". t("forum") ."</a>"; @@ -24,18 +39,12 @@ function forum_form($node) { function forum_save() { - if (user_access("administer nodes")) { - if ($node->nid) { - return array(); - } - else { - return array("promote" => 0, "moderate" => 0, "status" => 1); - } + if ($node->nid) { + return array(); } else { - return 0; + return array("promote" => 0, "moderate" => 0, "status" => 1); } - } function forum_num_comments($nid) { diff --git a/modules/import.module b/modules/import.module index 51de2e52a..0c3c16b1a 100644 --- a/modules/import.module +++ b/modules/import.module @@ -497,7 +497,7 @@ function import_page_last() { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>"; if ($item->link) { @@ -530,7 +530,7 @@ function import_page_feed($fid) { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"$item->link\">". t("visit") ."</a>"; if ($item->link) { @@ -564,7 +564,7 @@ function import_page_bundle($bid) { $output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">"; while ($item = db_fetch_object($result)) { - $links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>"; + $links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>"; $links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>"; $links[] = "<a href=\"$item->link\">". t("visit") ."</a>"; diff --git a/modules/node.module b/modules/node.module index bf388d76a..c239d9868 100644 --- a/modules/node.module +++ b/modules/node.module @@ -14,6 +14,30 @@ function node_help() { } } +function node_access($op, $node = 0) { + + /* + ** Convert the node to an object if necessary: + */ + + if (is_array($node)) { + $node = node_object($node); + } + + /* + ** Construct a function: + */ + + $function = $node->type ."_access"; + + if (function_exists($function)) { + return $function($op, $node); + } + else { + return 0; + } +} + function node_perm() { return array("administer nodes", "access content", "post content"); } @@ -375,7 +399,7 @@ function node_form($edit) { $output .= form_submit(t("Submit")); } - if ($edit->nid && user_access("administer nodes")) { + if ($edit->nid && node_access("delete", $edit)) { $output .= form_submit(t("Delete")); } @@ -407,15 +431,13 @@ function node_add($type) { } else { // TODO: make building a node list generic and find an easy way to associate post permissions with them - if (user_access("adminster nodes")) { - $nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story", "page" => "static page", "forum" => "discussion forum"); - } - else { - $nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story"); - } - foreach ($nodes as $type => $name) { - $links[] = "<a href=\"module.php?mod=node&op=add&type=$type\">". t($name) ."</a>"; + $links = array(); + + foreach (module_list() as $name) { + if (($info = module_invoke($name, "node", "name")) && node_access("create", array("type" => $name))) { + $links[] = "<a href=\"module.php?mod=node&op=add&type=$name\">". t($info) ."</a>"; + } } $output .= sprintf(t("Submit a %s."), implode(", ", $links)); @@ -430,7 +452,14 @@ function node_edit($id) { $node = node_load(array("nid" => $id)); // TODO: make this generic for all node types - temporary solution - return node_form($node); + if (node_access("update", $node)) { + $output = node_form($node); + } + else { + $output = message_access(); + } + + return $output; } function node_preview($edit) { @@ -465,7 +494,7 @@ function node_preview($edit) { return node_form($edit); } -function node_submit($edit) { +function node_submit($node) { global $user; @@ -473,51 +502,68 @@ function node_submit($edit) { ** Fixup the node when required: */ - node_fixup(&$edit); + node_fixup(&$node); + + if ($node->nid) { - if ($edit->nid) { /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when updating a node. + ** Check whether the current user has the proper access rights to + ** perform this operation: */ - if (user_access("administer nodes")) { - $fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $edit->type); + if (node_access("update", $node)) { + + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when updating a node. + */ + + if (user_access("administer nodes")) { + $fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $node->type); + } + else { + $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type); + } + + node_save($node, array_merge($fields, module_invoke($node->type, "save", $node))); + + $output = t("The node has been updated."); } else { - $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $edit->type); + watchdog("warning", "node: not authorized to update node"); + $output = t("You are not authorized to update this node."); } - $output = t("The node has been updated."); } else { + /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when inserting a new node. + ** Check whether the current user has the proper access rights to + ** perform this operation: */ - if (user_access("administer nodes")) { - $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $edit->type); - } - else { - $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $edit->type); - } + if (node_access("create", $node)) { - $output = t("Thanks for your submission."); - } + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when inserting a new node. + */ - /* - ** Check whether we are allowed to save the node and if so, whether - ** there are more default values to add. - */ + if (user_access("administer nodes")) { + $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type); + } + else { + $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type); + } - $defaults = module_invoke($edit->type, "save", $edit); + node_save($node, array_merge($fields, module_invoke($node->type, "save", $node))); - if (is_array($defaults)) { - node_save($edit, array_merge($fields, $defaults)); - } - else { - $output = t("Could not save or process the specified submission."); + $output = t("Thanks for your submission."); + } + else { + watchdog("warning", "node: not authorized to create node"); + $output = t("You are not authorized to create this node."); + } } return $output; @@ -525,17 +571,25 @@ function node_submit($edit) { function node_remove($edit) { - if ($edit["confirm"]) { - node_delete(array(nid => $edit["nid"])); + $node = node_load(array("nid" => $edit["nid"])); + + if (node_access("delete", $node)) { + if ($edit["confirm"]) { + node_delete($node); - $output = node_admin_nodes(); + $output = t("The node has been deleted."); + } + else { + $output .= form_item(t("Confirm removal of"), check_output($node->title)); + $output .= form_hidden("nid", $node->nid); + $output .= form_hidden("confirm", 1); + $output .= form_submit(t("Delete")); + $output = form($output, "post", "admin.php?mod=node"); + } } else { - $output .= form_item(t("Confirm removal of"), check_output($edit["title"])); - $output .= form_hidden("nid", $edit["nid"]); - $output .= form_hidden("confirm", 1); - $output .= form_submit(t("Delete")); - $output = form($output, "post", "admin.php?mod=node"); + watchdog("warning", "node: not authorized to remove node"); + $output = t("You are not authorized to remove this node."); } return $output; @@ -564,6 +618,9 @@ function node_page() { case t("Submit"): $theme->box(t("Node"), node_submit($edit)); break; + case t("Delete"): + print node_remove($edit); + break; default: $result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '1' AND created <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY created DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10))); while ($node = db_fetch_object($result)) { diff --git a/modules/node/node.module b/modules/node/node.module index bf388d76a..c239d9868 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -14,6 +14,30 @@ function node_help() { } } +function node_access($op, $node = 0) { + + /* + ** Convert the node to an object if necessary: + */ + + if (is_array($node)) { + $node = node_object($node); + } + + /* + ** Construct a function: + */ + + $function = $node->type ."_access"; + + if (function_exists($function)) { + return $function($op, $node); + } + else { + return 0; + } +} + function node_perm() { return array("administer nodes", "access content", "post content"); } @@ -375,7 +399,7 @@ function node_form($edit) { $output .= form_submit(t("Submit")); } - if ($edit->nid && user_access("administer nodes")) { + if ($edit->nid && node_access("delete", $edit)) { $output .= form_submit(t("Delete")); } @@ -407,15 +431,13 @@ function node_add($type) { } else { // TODO: make building a node list generic and find an easy way to associate post permissions with them - if (user_access("adminster nodes")) { - $nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story", "page" => "static page", "forum" => "discussion forum"); - } - else { - $nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story"); - } - foreach ($nodes as $type => $name) { - $links[] = "<a href=\"module.php?mod=node&op=add&type=$type\">". t($name) ."</a>"; + $links = array(); + + foreach (module_list() as $name) { + if (($info = module_invoke($name, "node", "name")) && node_access("create", array("type" => $name))) { + $links[] = "<a href=\"module.php?mod=node&op=add&type=$name\">". t($info) ."</a>"; + } } $output .= sprintf(t("Submit a %s."), implode(", ", $links)); @@ -430,7 +452,14 @@ function node_edit($id) { $node = node_load(array("nid" => $id)); // TODO: make this generic for all node types - temporary solution - return node_form($node); + if (node_access("update", $node)) { + $output = node_form($node); + } + else { + $output = message_access(); + } + + return $output; } function node_preview($edit) { @@ -465,7 +494,7 @@ function node_preview($edit) { return node_form($edit); } -function node_submit($edit) { +function node_submit($node) { global $user; @@ -473,51 +502,68 @@ function node_submit($edit) { ** Fixup the node when required: */ - node_fixup(&$edit); + node_fixup(&$node); + + if ($node->nid) { - if ($edit->nid) { /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when updating a node. + ** Check whether the current user has the proper access rights to + ** perform this operation: */ - if (user_access("administer nodes")) { - $fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $edit->type); + if (node_access("update", $node)) { + + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when updating a node. + */ + + if (user_access("administer nodes")) { + $fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $node->type); + } + else { + $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type); + } + + node_save($node, array_merge($fields, module_invoke($node->type, "save", $node))); + + $output = t("The node has been updated."); } else { - $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $edit->type); + watchdog("warning", "node: not authorized to update node"); + $output = t("You are not authorized to update this node."); } - $output = t("The node has been updated."); } else { + /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when inserting a new node. + ** Check whether the current user has the proper access rights to + ** perform this operation: */ - if (user_access("administer nodes")) { - $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $edit->type); - } - else { - $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $edit->type); - } + if (node_access("create", $node)) { - $output = t("Thanks for your submission."); - } + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when inserting a new node. + */ - /* - ** Check whether we are allowed to save the node and if so, whether - ** there are more default values to add. - */ + if (user_access("administer nodes")) { + $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type); + } + else { + $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type); + } - $defaults = module_invoke($edit->type, "save", $edit); + node_save($node, array_merge($fields, module_invoke($node->type, "save", $node))); - if (is_array($defaults)) { - node_save($edit, array_merge($fields, $defaults)); - } - else { - $output = t("Could not save or process the specified submission."); + $output = t("Thanks for your submission."); + } + else { + watchdog("warning", "node: not authorized to create node"); + $output = t("You are not authorized to create this node."); + } } return $output; @@ -525,17 +571,25 @@ function node_submit($edit) { function node_remove($edit) { - if ($edit["confirm"]) { - node_delete(array(nid => $edit["nid"])); + $node = node_load(array("nid" => $edit["nid"])); + + if (node_access("delete", $node)) { + if ($edit["confirm"]) { + node_delete($node); - $output = node_admin_nodes(); + $output = t("The node has been deleted."); + } + else { + $output .= form_item(t("Confirm removal of"), check_output($node->title)); + $output .= form_hidden("nid", $node->nid); + $output .= form_hidden("confirm", 1); + $output .= form_submit(t("Delete")); + $output = form($output, "post", "admin.php?mod=node"); + } } else { - $output .= form_item(t("Confirm removal of"), check_output($edit["title"])); - $output .= form_hidden("nid", $edit["nid"]); - $output .= form_hidden("confirm", 1); - $output .= form_submit(t("Delete")); - $output = form($output, "post", "admin.php?mod=node"); + watchdog("warning", "node: not authorized to remove node"); + $output = t("You are not authorized to remove this node."); } return $output; @@ -564,6 +618,9 @@ function node_page() { case t("Submit"): $theme->box(t("Node"), node_submit($edit)); break; + case t("Delete"): + print node_remove($edit); + break; default: $result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '1' AND created <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY created DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10))); while ($node = db_fetch_object($result)) { diff --git a/modules/page.module b/modules/page.module index 84488f296..bb1affd35 100644 --- a/modules/page.module +++ b/modules/page.module @@ -3,6 +3,33 @@ $GLOBALS["format"] = array(0 => "HTML", 1 => "PHP", 2 => "text"); +function page_node($field) { + $info = array("name" => "static page"); + + return $info[$field]; +} + +function page_access($op, $node) { + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + return user_access("administer nodes"); +} + +function page_insert($node) { + db_query("INSERT INTO page (nid, format, link) VALUES ('$node->nid', '$node->format', '$node->link')"); +} + +function page_update($node) { + db_query("UPDATE page SET format = '$node->format', link = '$node->link' WHERE nid = '$node->nid'"); +} + +function page_delete($node) { + db_query("DELETE FROM page WHERE nid = '$node->nid'"); +} + function page_link($type) { if ($type == "page") { $result = db_query("SELECT nid,link FROM page WHERE link != '' ORDER BY link"); @@ -42,7 +69,8 @@ function page_form($node) { $node->body = addslashes($node->body); } - $output .= form_textarea("Body", "body", $node->body, 60, 30); + $output .= form_textarea("Body", "body", $node->body, 60, 20); + $output .= form_textfield("Link", "link", $node->link, 60, 64); $output .= form_select("Type", "format", $node->format, $format); return $output; @@ -50,16 +78,11 @@ function page_form($node) { function page_save() { - if (user_access("administer nodes")) { - if ($node->nid) { - return array(); - } - else { - return array("promote" => 0, "moderate" => 0, "status" => 1); - } + if ($node->nid) { + return array("format", "link"); } else { - return 0; + return array("format", "link", "promote" => 0, "moderate" => 0, "status" => 1); } } diff --git a/modules/page/page.module b/modules/page/page.module index 84488f296..bb1affd35 100644 --- a/modules/page/page.module +++ b/modules/page/page.module @@ -3,6 +3,33 @@ $GLOBALS["format"] = array(0 => "HTML", 1 => "PHP", 2 => "text"); +function page_node($field) { + $info = array("name" => "static page"); + + return $info[$field]; +} + +function page_access($op, $node) { + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + return user_access("administer nodes"); +} + +function page_insert($node) { + db_query("INSERT INTO page (nid, format, link) VALUES ('$node->nid', '$node->format', '$node->link')"); +} + +function page_update($node) { + db_query("UPDATE page SET format = '$node->format', link = '$node->link' WHERE nid = '$node->nid'"); +} + +function page_delete($node) { + db_query("DELETE FROM page WHERE nid = '$node->nid'"); +} + function page_link($type) { if ($type == "page") { $result = db_query("SELECT nid,link FROM page WHERE link != '' ORDER BY link"); @@ -42,7 +69,8 @@ function page_form($node) { $node->body = addslashes($node->body); } - $output .= form_textarea("Body", "body", $node->body, 60, 30); + $output .= form_textarea("Body", "body", $node->body, 60, 20); + $output .= form_textfield("Link", "link", $node->link, 60, 64); $output .= form_select("Type", "format", $node->format, $format); return $output; @@ -50,16 +78,11 @@ function page_form($node) { function page_save() { - if (user_access("administer nodes")) { - if ($node->nid) { - return array(); - } - else { - return array("promote" => 0, "moderate" => 0, "status" => 1); - } + if ($node->nid) { + return array("format", "link"); } else { - return 0; + return array("format", "link", "promote" => 0, "moderate" => 0, "status" => 1); } } diff --git a/modules/queue.module b/modules/queue.module index cbb1c5798..8dd4d2a5a 100644 --- a/modules/queue.module +++ b/modules/queue.module @@ -79,7 +79,7 @@ function queue_overview() { $theme->footer(); } -function queue_node($id) { +function queue_view($id) { global $theme, $user; $node = node_load(array(nid => $id)); @@ -130,7 +130,7 @@ function queue_page() { queue_vote(check_input($id), check_input($vote)); // fall through: case "view": - queue_node(check_input($id)); + queue_view(check_input($id)); break; default: queue_overview(); diff --git a/modules/story.module b/modules/story.module index 91bb9ef81..66870c076 100644 --- a/modules/story.module +++ b/modules/story.module @@ -1,11 +1,41 @@ <?php // $Id$ +function story_node($field) { + $info = array("name" => "story"); + + return $info[$field]; +} + +function story_access($op, $node) { + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + if ($op == "create") { + return 1; + } + + if ($op == "update") { + return user_access("administer nodes"); + } + + if ($op == "delete") { + return user_access("adminster nodes"); + } + +} + function story_help() { ?> - <P>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</P> - <P>Posted stories: published stories accessible to all visitors.</P> - <P>Dumped stories: rejected stories that are no longer available to visitors.</P> +/* + // TODO: update documentation, outdated + + <p>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</p> + <p>Posted stories: published stories accessible to all visitors.</p> + <p>Dumped stories: rejected stories that are no longer available to visitors.</p> +*/ <?php } @@ -17,21 +47,14 @@ function story_form($node) { } function story_save($node) { + if ($node->nid) { - if (user_access("administer nodes")) { - return array(); - } - else { - return 0; - } + return array(); } else { - /* - ** By default, stories get promoted to the front page and they are - ** subject to moderation. - */ return array("promote" => 1, "moderate" => 1); } + } ?> diff --git a/modules/story/story.module b/modules/story/story.module index 91bb9ef81..66870c076 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -1,11 +1,41 @@ <?php // $Id$ +function story_node($field) { + $info = array("name" => "story"); + + return $info[$field]; +} + +function story_access($op, $node) { + + if ($op == "view") { + return $node->nid && $node->status && !$node->moderate; + } + + if ($op == "create") { + return 1; + } + + if ($op == "update") { + return user_access("administer nodes"); + } + + if ($op == "delete") { + return user_access("adminster nodes"); + } + +} + function story_help() { ?> - <P>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</P> - <P>Posted stories: published stories accessible to all visitors.</P> - <P>Dumped stories: rejected stories that are no longer available to visitors.</P> +/* + // TODO: update documentation, outdated + + <p>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</p> + <p>Posted stories: published stories accessible to all visitors.</p> + <p>Dumped stories: rejected stories that are no longer available to visitors.</p> +*/ <?php } @@ -17,21 +47,14 @@ function story_form($node) { } function story_save($node) { + if ($node->nid) { - if (user_access("administer nodes")) { - return array(); - } - else { - return 0; - } + return array(); } else { - /* - ** By default, stories get promoted to the front page and they are - ** subject to moderation. - */ return array("promote" => 1, "moderate" => 1); } + } ?> @@ -71,7 +71,7 @@ function node_render($node) { function node_failure() { global $theme; $theme->header(); - $theme->box(t("Not found"), t("The node you are looking for does not exist yet or is no longer accessible.") ."\n"); + $theme->box(t("Not found"), t("The node you are looking for does no longer exist or is not accessible without the proper access rights.") ."\n"); $theme->footer(); } @@ -82,7 +82,7 @@ if ($number > 1) { $result = db_query("SELECT n.*, u.name, u.uid FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.title = '$title' AND n.status = 1 ORDER BY created DESC"); while ($node = db_fetch_object($result)) { - if (node_access($node)) { + if (node_access("view", $node)) { $output .= "<p><b><a href=\"node.php?id=$node->nid\">". check_output($node->title) ."</a></b><br /><small>$node->type - ". format_name($node) ." - ". format_date($node->ccreated, "small") ."</small></p>"; } } @@ -93,7 +93,7 @@ if ($number > 1) { } elseif ($number) { $node = ($title ? node_load(array("title" => $title, "status" => 1)) : node_load(array("nid" => ($edit[id] ? $edit[id] : $id)))); - if ($node && node_access($node)) { + if (node_access("view", $node)) { node_render($node); } else { |