- Added a brand-new access.module which allows you to manage 'roles'

  (groups) and 'permissions' ... (inspired by Zope's system).

    + Once installed, click the help-link for more information.

    + See updates/2.00-to-x.xx.sql for the SQL updates.

- Modified loads of code to use our new access.module.  The system
  still has to mature though: new permissions have to be added and
  existing permissions need stream-lining.  Awaiting suggestions.

- As a direct result of the new access system, I had to rewrite the
  way the top-level links in admin.php are rendered and displayed,
  and xhtml-ified admin.php while I was at it.

TODO

- Home-brewed modules need updating, home-brewed themes not.
  (Examples: file.module, trip_link.module)

- As soon we *finished* the refactoring of the user system (KJ has
  been working on this refactoring already) we should consider to
  embed this role and permission code into account.module ...

1 files changed, 30 insertions, 13 deletions

diff --git a/modules/book/book.module b/modules/book/book.module
index 87e6bff58..138b5e5a7 100644
--- a/modules/book/book.module
+++ b/modules/book/book.module
@@ -9,6 +9,10 @@ class Book {
   }
 }
 
+function book_perm() {
+  return array("maintain book structure");
+}
+
 function book_status() {
   return array(dumped, expired, queued, posted);
 }
@@ -69,7 +73,7 @@ function book_search($keys) {
   global $status, $user;
   $result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20");
   while ($node = db_fetch_object($result)) {
-    $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
+    $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
   }
   return $find;
 }
@@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) {
   $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight");
 
   // add root node:
-  if (user_access($user, "book")) {
+  if (user_access($user, "add and edit nodes")) {
     $toc[0] = " ";
   }
 
@@ -126,7 +130,7 @@ function book_form($edit = array()) {
   $form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
   $form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations."));
 
-  if (user_access($user, "book")) {
+  if (user_access($user, "add and edit nodes")) {
     $form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top."));
   }
 
@@ -152,7 +156,7 @@ function book_save($edit) {
   if (!$edit[nid]) {
     node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight));
   }
-  else if (user_access($user)) {
+  else if (user_access($user, "add and edit nodes")) {
     node_save($edit, array(body, log, parent, title, type => "book", weight));
   }
 }
@@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) {
 }
 
 function book_admin() {
-  print book_tree();
+  global $user;
+  if (user_access($user, "maintain book structure")) {
+    print book_tree();
+  }
+  else {
+    print message_access();
+  }
 }
 
 function book_page() {
-  global $status, $theme;
+  global $user, $status, $theme;
 
-  $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
+  if (user_access($user, "view content")) {
+    $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
 
-  while ($node = db_fetch_object($result)) {
-    $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
-  }
+    while ($node = db_fetch_object($result)) {
+      $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
+    }
 
-  $theme->header();
-  $theme->box(t("Handbook"), "<DL>$output</DL>");
-  $theme->footer();
+    $theme->header();
+    $theme->box(t("Handbook"), "<DL>$output</DL>");
+    $theme->footer();
+  }
+  else {
+    $theme->header();
+    $theme->box(t("Access denied"), message_access());
+    $theme->footer();
+  }
 }
 
 function book_edit($id) {