- Added a brand-new access.module which allows you to manage 'roles'

(groups) and 'permissions' ... (inspired by Zope's system). + Once installed, click the help-link for more information. + See updates/2.00-to-x.xx.sql for the SQL updates. - Modified loads of code to use our new access.module. The system still has to mature though: new permissions have to be added and existing permissions need stream-lining. Awaiting suggestions. - As a direct result of the new access system, I had to rewrite the way the top-level links in admin.php are rendered and displayed, and xhtml-ified admin.php while I was at it. TODO - Home-brewed modules need updating, home-brewed themes not. (Examples: file.module, trip_link.module) - As soon we *finished* the refactoring of the user system (KJ has been working on this refactoring already) we should consider to embed this role and permission code into account.module ...
author: Dries Buytaert <dries@buytaert.net> 2001-06-20 20:00:40 +0000
committer: Dries Buytaert <dries@buytaert.net> 2001-06-20 20:00:40 +0000
commit: 72065fb8351b54eee5f1928c18e06ad81aa9b502 (patch)
tree: 59052fb790134eed81b52b69150a1e231bd44083 /modules/diary.module
parent: 7752dc4c7c4cffda07152d8ee89bce05f16a5d6c (diff)
download: brdo-72065fb8351b54eee5f1928c18e06ad81aa9b502.tar.gz
brdo-72065fb8351b54eee5f1928c18e06ad81aa9b502.tar.bz2
1 files changed, 62 insertions, 52 deletions
diff --git a/modules/diary.module b/modules/diary.module
index 9cfb21c47..a186161ce 100644
--- a/modules/diary.module
+++ b/modules/diary.module
@@ -1,10 +1,14 @@
 <?php
 
+function diary_perm() {
+  return array("view diary entries", "edit diary entries");
+}
+
 function diary_search($keys) {
   global $user;
   $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20");
   while ($diary = db_fetch_object($result)) {
-    $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp);
+    $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "edit diary entries") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp);
   }
   return $find;
 
@@ -13,25 +17,31 @@ function diary_search($keys) {
 function diary_page_overview($num = 20) {
   global $theme, $user;
 
-  $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num");
-
-  while ($diary = db_fetch_object($result)) {
-    if ($time != date("F jS", $diary->timestamp)) {
-      $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n";
-      $time = date("F jS", $diary->timestamp);
+  if (user_access($user, "view diary entries")) {
+    $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num");
+
+    while ($diary = db_fetch_object($result)) {
+      if ($time != date("F jS", $diary->timestamp)) {
+        $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n";
+        $time = date("F jS", $diary->timestamp);
+      }
+      $output .= "<DL>\n";
+      $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n";
+      $output .= " <DL>\n";
+      $output .= "  <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n";
+      $output .= " </DL>\n";
+      $output .= "</DL>\n";
     }
-    $output .= "<DL>\n";
-    $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n";
-    $output .= " <DL>\n";
-    $output .= "  <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n";
-    $output .= " </DL>\n";
-    $output .= "</DL>\n";
-  }
-
-  $theme->header();
-  $theme->box(t("Online diary"), $output);
-  $theme->footer();
 
+    $theme->header();
+    $theme->box(t("Online diary"), $output);
+    $theme->footer();
+  }
+  else {
+    $theme->header();
+    $theme->box(t("Access denied"), message_access());
+    $theme->footer();
+  }
 }
 
 function diary_page_entry($timestamp, $text, $id = 0) {
@@ -177,7 +187,7 @@ function diary_page() {
       diary_page_delete(check_input($id));
       diary_page_display(check_input($name));
       break;
-   case "edit":
+    case "edit":
       diary_page_edit(check_input($id));
       break;
     case "view":
@@ -299,40 +309,40 @@ function diary_admin_display($order = "date") {
 
 
 function diary_admin() {
-  global $op, $id, $mod, $keys, $text, $order;
-
-  print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n";
-
-  switch ($op) {
-    case "delete":
-      diary_admin_delete(check_input($id));
-      diary_admin_display();
-      break;
-    case "edit":
-      diary_admin_edit(check_input($id));
-      break;
-    case "help":
-      diary_help();
-      break;
-    case "search":
-      print search_form($keys);
-      print search_data($keys, $mod);
-      break;
-    case "Save diary entry":
-      diary_admin_save(check_input($id), check_input($text));
-      diary_admin_display();
-      break;
-    case "Update":
-      diary_admin_display(check_input($order));
-      break;
-    default:
-      diary_admin_display();
+  global $user, $op, $id, $mod, $keys, $text, $order;
+
+  if (user_access($user, "edit diary entries")) {
+
+    print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n";
+
+    switch ($op) {
+      case "delete":
+        diary_admin_delete(check_input($id));
+        diary_admin_display();
+        break;
+      case "edit":
+        diary_admin_edit(check_input($id));
+        break;
+      case "help":
+        diary_help();
+        break;
+      case "search":
+        print search_form($keys);
+        print search_data($keys, $mod);
+        break;
+      case "Save diary entry":
+        diary_admin_save(check_input($id), check_input($text));
+        diary_admin_display();
+        break;
+      case "Update":
+        diary_admin_display(check_input($order));
+        break;
+      default:
+        diary_admin_display();
+    }
   }
-}
-
-function diary_export($uri) {
-  if ($uri[2] == "diary") {
-    print "TODO: export diary for user $uri[3]";
+  else {
+    print message_access();
   }
 }
author	Dries Buytaert <dries@buytaert.net>	2001-06-20 20:00:40 +0000
committer	Dries Buytaert <dries@buytaert.net>	2001-06-20 20:00:40 +0000
commit	72065fb8351b54eee5f1928c18e06ad81aa9b502 (patch)
tree	59052fb790134eed81b52b69150a1e231bd44083 /modules/diary.module
parent	7752dc4c7c4cffda07152d8ee89bce05f16a5d6c (diff)
download	brdo-72065fb8351b54eee5f1928c18e06ad81aa9b502.tar.gz brdo-72065fb8351b54eee5f1928c18e06ad81aa9b502.tar.bz2