diff options
45 files changed, 1241 insertions, 964 deletions
diff --git a/account.php b/account.php index 52f8c2a24..4d3a800cc 100644 --- a/account.php +++ b/account.php @@ -269,7 +269,7 @@ function account_create_submit($userid, $email) { $new[passwd] = user_password(); $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12); - $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash])); + $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "role" => "authenticated user", "status" => 1, "hash" => $new[hash])); $link = path_uri() ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]"; $subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal"))); @@ -2,9 +2,6 @@ include_once "includes/common.inc"; -// validate user access: -if (!user_access($user)) exit(); - function status($message) { if ($message) return "<B>Status:</B> $message<HR>\n"; } @@ -14,33 +11,43 @@ function admin_page($mod) { function module($name) { global $menu, $user; - if (function_exists($name. "_admin") && user_access($user, $name)) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | "; + if (module_hook($name, "admin")) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | "; $menu .= $output; } ?> - <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> - <HTML> - <HEAD><TITLE><?php echo variable_get(site_name, "drupal"); ?> administration</TITLE></HEAD> - <STYLE> + <html> + <head> + <title><?php echo variable_get(site_name, "drupal"); ?> administration pages</title> + </head> + <style> body { font-family: helvetica, arial; } h1 { font-famile: helvetica, arial; font-size: 18pt; font-weight: bold; color: #660000; } h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; color: #000066; } h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; color: #006600; } th { font-family: helvetica, arial; text-align: center; vertical-align: top; background-color: #CCCCCC; color: #995555; } td { font-family: helvetica, arial; } - </STYLE> - <BODY BGCOLOR="#FFFFFF" LINK="#005599" VLINK="#004499" ALINK="#FF0000"> - <H1>Administration</H1> - <?php module_iterate("module"); ?> - <HR><?php echo $menu; ?><A HREF="index.php">home</A><HR> - <?php if (user_access($user, $mod)) module_invoke($mod, "admin"); ?> - </BODY> - </HTML> + </style> + <body bgcolor="#FFFFFF" link="#005599" vlink="#004499" alink="#FF0000"> + <h1>Administration</h1> + <?php + foreach (module_list() as $name) { + if (module_hook($name, "admin")) $links[] = "<a href=\"admin.php?mod=$name\">$name</a>"; + } + $links[] = "<a href=\"index.php\">home</a>"; + + print implode(" | ", $links) ."<hr />"; + + if ($mod) module_invoke($mod, "admin"); + ?> + </body> + </html> <?php } -user_rehash(); -admin_page($mod); +if (user_access($user, "access administration pages")) { + user_rehash(); + admin_page($mod); +} ?>
\ No newline at end of file diff --git a/includes/comment.inc b/includes/comment.inc index cf49b49e6..e7f14cb06 100644 --- a/includes/comment.inc +++ b/includes/comment.inc @@ -50,16 +50,16 @@ function comment_settings($mode, $order, $threshold) { function comment_form($edit) { global $REQUEST_URI, $user; - // Name field: + // name field: $form .= form_item(t("Your name"), format_username($user->userid)); - // Subject field: + // subject field: $form .= form_textfield(t("Subject"), "subject", check_input($edit[subject]), 50, 60); - // Comment field: + // comment field: $form .= form_textarea(t("Comment"), "comment", check_input($edit[comment]), 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); - // Preview button: + // preview button: $form .= form_hidden("pid", check_input($edit[pid])); $form .= form_hidden("id", check_input($edit[id])); @@ -87,7 +87,12 @@ function comment_reply($pid, $id) { $pid = 0; } - $theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id))); + if (user_access($user, "post comments")) { + $theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id))); + } + else { + $theme->box(t("Reply"), t("You are not authorized to post comments.")); + } } function comment_preview($edit) { @@ -102,24 +107,26 @@ function comment_preview($edit) { function comment_post($edit) { global $theme, $user; - // check comment submission rate: - throttle("post comment", variable_get(max_comment_rate, 60)); + if (user_access($user, "post comments")) { + // check comment submission rate: + throttle("post comment", variable_get(max_comment_rate, 60)); - // check for duplicate comments: - $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0); + // check for duplicate comments: + $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0); - if ($duplicate != 0) { - watchdog("warning", "comment: duplicate '$subject'"); - } - else { - // validate subject: - $subject = ($subject) ? $subject : substr($comment, 0, 29); + if ($duplicate != 0) { + watchdog("warning", "comment: duplicate '$subject'"); + } + else { + // validate subject: + $subject = ($subject) ? $subject : substr($comment, 0, 29); - // add watchdog entry: - watchdog("special", "comment: added '$subject'"); + // add watchdog entry: + watchdog("special", "comment: added '$subject'"); - // add comment to database: - db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')"); + // add comment to database: + db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')"); + } } } @@ -250,68 +257,71 @@ function comment_thread_max($cid, $mode, $threshold, $level = 0, $dummy = 0) { } function comment_render($lid, $cid) { - global $theme, $REQUEST_URI, $user; + global $user, $theme, $REQUEST_URI; - // Pre-process variables: - $lid = empty($lid) ? 0 : $lid; - $cid = empty($cid) ? 0 : $cid; - $mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4); - $order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1); - $threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3); + if (user_access($user, "view comments")) { - if ($user->id) { - // Comment control: - $theme->box(t("Comment control"), comment_controls($threshold, $mode, $order)); + // Pre-process variables: + $lid = empty($lid) ? 0 : $lid; + $cid = empty($cid) ? 0 : $cid; + $mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4); + $order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1); + $threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3); - // Print moderation form: - print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n"; - } + if ($user->id) { + // Comment control: + $theme->box(t("Comment control"), comment_controls($threshold, $mode, $order)); - if ($cid > 0) { - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'"); - if ($comment = db_fetch_object($result)) { - comment_view($comment, comment_link($comment)); + // Print moderation form: + print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n"; } - } - else { - if ($mode == 1) { - $result = comment_query($lid, $order); - print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n"; - print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n"; - while ($comment = db_fetch_object($result)) { - if (comment_visible($comment, $threshold)) { - print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n"; - } + + if ($cid > 0) { + $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'"); + if ($comment = db_fetch_object($result)) { + comment_view($comment, comment_link($comment)); } - print "</TABLE>\n"; } - else if ($mode == 2) { - $result = comment_query($lid, $order); - while ($comment = db_fetch_object($result)) { - comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0)); + else { + if ($mode == 1) { + $result = comment_query($lid, $order); + print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n"; + print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n"; + while ($comment = db_fetch_object($result)) { + if (comment_visible($comment, $threshold)) { + print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n"; + } + } + print "</TABLE>\n"; } - } - else if ($mode == 3) { - $result = comment_query($lid, $order, 0); - while ($comment = db_fetch_object($result)) { - comment_view($comment); - comment_thread_min($comment->cid, $threshold); + else if ($mode == 2) { + $result = comment_query($lid, $order); + while ($comment = db_fetch_object($result)) { + comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0)); + } } - } - else { - $result = comment_query($lid, $order, 0); - while ($comment = db_fetch_object($result)) { - comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0)); - comment_thread_max($comment->cid, $mode, $threshold, $level + 1); + else if ($mode == 3) { + $result = comment_query($lid, $order, 0); + while ($comment = db_fetch_object($result)) { + comment_view($comment); + comment_thread_min($comment->cid, $threshold); + } + } + else { + $result = comment_query($lid, $order, 0); + while ($comment = db_fetch_object($result)) { + comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0)); + comment_thread_max($comment->cid, $mode, $threshold, $level + 1); + } } } - } - if ($user->id) { - // Print moderation form: - print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n"; - print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n"; - print "</FORM>\n"; + if ($user->id) { + // Print moderation form: + print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n"; + print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n"; + print "</FORM>\n"; + } } } diff --git a/includes/common.inc b/includes/common.inc index 2fc7c8a42..778f87a39 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -25,7 +25,7 @@ function watchdog($type, $message) { function throttle($type, $rate) { global $user; - if (!user_access($user)) { + if (!user_access($user, "access administration pages")) { if ($throttle = db_fetch_object(db_query("SELECT * FROM watchdog WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) { watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type"); die(message_throttle()); @@ -46,8 +46,8 @@ function path_img() { return "./images/"; } -function message_account() { - return t("This page requires a valid user account. Please <A HREF=\"account.php\">create a user account</A> and <A HREF=\"account.php\">login</A> prior to accessing it."); +function message_access() { + return t("You are not authorized to access to this page."); } function message_throttle() { @@ -136,7 +136,7 @@ function format_date($timestamp, $type = "medium", $format = "") { function format_username($username) { global $user; - if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>"); + if ($username) return (user_access($user, "add and edit user accounts") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>"); else return variable_get(anonymous, "Anonymous"); } diff --git a/includes/node.inc b/includes/node.inc index 20c47cde6..affb44371 100644 --- a/includes/node.inc +++ b/includes/node.inc @@ -236,7 +236,7 @@ function node_index($node) { function node_visible($node) { global $user, $status; - return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "node"); + return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "add and edit nodes"); } function node_access($account, $node) { diff --git a/includes/theme.inc b/includes/theme.inc index ff0e93167..68c2d5adf 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -59,9 +59,9 @@ function theme_account($theme) { $content .= "<A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A><BR>\n"; $content .= "<P>\n"; - if (user_access($user)) { + if (user_access($user, "access administration pages")) { $content .= "<A HREF=\"admin.php\">". strtr(t("administer %a"), array("%a" => variable_get("site_name", "drupal"))) ."</A><BR>\n"; - $content .= "<P>\n"; + $content .= "<P>\n"; } foreach (module_list() as $name) { diff --git a/includes/user.inc b/includes/user.inc index 73d3243bd..2abdf094a 100644 --- a/includes/user.inc +++ b/includes/user.inc @@ -3,14 +3,14 @@ class User { function User($userid, $passwd = 0) { if ($passwd) { - $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2"); + $result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') AND status = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id"); } } else { - $result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2"); + $result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE u.userid = '$userid' AND u.status = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id"); @@ -52,10 +52,16 @@ function user_save($account, $array) { return user_load(($account->userid ? $account->userid : $array[userid])); } -function user_access($account, $section = 0) { - global $user; - if ($section) return (field_get($account->access, $section) || $account->id == 1); - else return ($account->access || $account->id == 1); +function user_access($account, $perm) { + if ($account->id == 1) { + return 1; + } + else if ($account->perm) { + return strstr($account->perm, $perm); + } + else { + return db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user' AND perm LIKE '%$perm%'")); + } } function user_ban($mask, $type) { @@ -4,12 +4,19 @@ include_once "includes/common.inc"; page_header(); -$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10))); $theme->header(); -while ($node = db_fetch_object($result)) { - node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1); + +if (user_access($user, "view content")) { + $result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10))); + while ($node = db_fetch_object($result)) { + node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1); + } +} +else { + $theme->box("Access denied", message_access()); } + $theme->footer(); page_footer(); diff --git a/modules/account.module b/modules/account.module index ff1e131af..45cb32722 100644 --- a/modules/account.module +++ b/modules/account.module @@ -32,6 +32,10 @@ function account_help() { <?php } +function account_perm() { + return array("add and edit user accounts"); +} + function account_conf_options() { $output .= form_select(t("Public accounts"), "account_register", variable_get("account_register", 1), array("Disabled", "Enabled"), "If enabled, everyone can create a new user account. If disabled, new user accounts can only be created by site administrators."); return $output; @@ -41,7 +45,7 @@ function account_search($keys) { global $user; $result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20"); while ($account = db_fetch_object($result)) { - $find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid); + $find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "add and edit user accounts") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid); } return $find; } @@ -99,15 +103,6 @@ function account_overview($query = array()) { return $output; } -function account_access($account) { - $data = explode(",", $account->access); - foreach ($data as $array) { - $access = explode("=", $array); - if ($access[0]) $output .= " $access[0]"; - } - return $output; -} - function account_blocks($id) { $result = db_query("SELECT * FROM layout WHERE user = '$id'"); while ($layout = db_fetch_object($result)) { @@ -143,24 +138,11 @@ function account_delete($name) { } function account_form($account = 0) { - global $access; - - function access($name) { - global $access, $account; - if (module_hook($name, "admin")) $access[$name] = $name; - } - module_iterate("access"); - - $account->access = explode(",", $account->access); - foreach ($account->access as $key=>$value) { - $account->access[$key] = substr($value, 0, -2); - } $form .= $account->id ? form_item("ID", $account->id) . form_hidden("id", $account->id) : ""; $form .= $account->userid ? form_item(t("Username"), check_output($account->userid)) . form_hidden("userid", $account->userid) : form_textfield(t("Username"), "userid", $account->userid, 15, 15); - $form .= form_select(t("Status"), "status", ($account->status ? $account->status : 1), array("blocked", "not confirmed", "open")); - $form .= form_select(t("Administrator access"), "access", $account->access, $access, 0, "multiple=\"true\" size=\"10\""); -// $form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>"); + $form .= form_select(t("Status"), "status", $account->status, array("blocked", "not confirmed", "open")); + $form .= form_select(t("Role"), "role", $account->role, access_get_roles()); $form .= form_textfield(t("Real name"), "name", $account->name, 30, 55); $form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55); $form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55); @@ -179,18 +161,8 @@ function account_save($edit) { if ($edit[id]) { // Updating existing account foreach ($edit as $key=>$value) { - if ($key != "access") { $query .= "$key = '". addslashes($value) ."', "; - } } - - if ($edit[access]) { - foreach ($edit[access] as $key=>$value) { - $access = field_set($access, $value, 1); - } - } - $query .= "access = '$access'"; - db_query("UPDATE users SET $query WHERE id = $edit[id]"); watchdog("account", "account: modified user '$edit[userid]'"); return $edit[userid]; @@ -208,14 +180,7 @@ function account_save($edit) { $edit[passwd] = user_password(); $edit[hash] = substr(md5("$edit[userid]. ". time()), 0, 12); - if ($edit[access]) { - foreach ($edit[access] as $key=>$value) { - $access = field_set($access, $value, 1); - } - $edit[access] = $access; - } - - $user = user_save("", array("userid" => $edit[userid], "access" => $edit[access], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash])); + $user = user_save("", array("userid" => $edit[userid], "role" => $edit[role], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash])); $link = path_uri() ."account.php?op=confirm&name=". urlencode($edit[userid]) ."&hash=$edit[hash]"; $subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal"))); @@ -231,8 +196,6 @@ function account_save($edit) { } function account_edit($name) { - $status = array("blocked", "not confirmed", "open"); - $result = db_query("SELECT * FROM users WHERE userid = '$name'"); if ($account = db_fetch_object($result)) { @@ -258,7 +221,7 @@ function account_view($name) { $output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n"; $output .= " <TR><TH>Username:</TH><TD>$account->userid</TD></TR>\n"; $output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n"; - $output .= " <TR><TH>Access:</TH><TD>". check_output(account_access($account)) ."</TD></TR>\n"; + $output .= " <TR><TH>Role:</TH><TD>". check_output($account->role) ."</TD></TR>\n"; $output .= " <TR><TH>Real name:</TH><TD>". check_output($account->name) ."</TD></TR>\n"; $output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n"; $output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n"; @@ -280,72 +243,77 @@ function account_view($name) { } function account_query($type = "") { - $queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with access rights", "WHERE access != '' ORDER BY last_access DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC")); + $queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC")); return ($queries[$type] ? $queries[$type] : $queries); } function account_admin() { - global $op, $edit, $id, $mod, $keys, $order, $name, $query; - - print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>"; - - $query = $query ? $query : 0; - $name = $name ? $name : $edit[name]; - - switch ($op) { - case "access": - print account_ac(); - break; - case "Add rule": - print status(account_ac_add($edit)); - print account_ac(); - break; - case "Check": - print status(account_ac_check($edit)); - print account_ac(); - break; - case "delete": - print status(account_ac_del($id)); - print account_ac(); - break; - case "Delete account": - print status(account_delete($name)); - print account_overview(account_query($query)); - break; - case "add": - print account_add(); - break; - case "Edit account": - case "edit": - print account_edit($name); - break; - case "help": - print account_help(); - break; - case "listing": - print node_listing(account_query()); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case "Save account": - $name = account_save($edit); - if ($name) - print account_view($name); - else { - foreach ($edit as $key=>$value) { - $account->$key = $value; + global $user, $op, $edit, $id, $mod, $keys, $order, $name, $query; + + if (user_access($user, "add and edit user accounts")) { + print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>"; + + $query = $query ? $query : 0; + $name = $name ? $name : $edit[name]; + + switch ($op) { + case "access": + print account_ac(); + break; + case "Add rule": + print status(account_ac_add($edit)); + print account_ac(); + break; + case "Check": + print status(account_ac_check($edit)); + print account_ac(); + break; + case "delete": + print status(account_ac_del($id)); + print account_ac(); + break; + case "Delete account": + print status(account_delete($name)); + print account_overview(account_query($query)); + break; + case "add": + print account_add(); + break; + case "Edit account": + case "edit": + print account_edit($name); + break; + case "help": + print account_help(); + break; + case "listing": + print node_listing(account_query()); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case "Save account": + $name = account_save($edit); + if ($name) + print account_view($name); + else { + foreach ($edit as $key=>$value) { + $account->$key = $value; + } + print account_form($account); } - print account_form($account); - } - break; - case "View account": - case "view": - print account_view($name); - break; - default: - print account_overview(account_query($query)); + break; + case "View account": + case "view": + print account_view($name); + break; + default: + print account_overview(account_query($query)); + } + } + else { + print message_access(); } } diff --git a/modules/aggregator.module b/modules/aggregator.module index 460084c44..8befa5beb 100644 --- a/modules/aggregator.module +++ b/modules/aggregator.module @@ -6,6 +6,10 @@ function import_help() { <?php } +function import_perm() { + return array("add and edit news feeds"); +} + function import_cron() { $result = db_query("SELECT * FROM feed"); while ($feed = db_fetch_array($result)) { @@ -232,54 +236,60 @@ function import_view_item() { } function import_admin() { - global $op, $id, $type, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; - - switch($op) { - case "help": - print import_help(); - break; - case "add": - if ($type == "bundle") - print import_form_bundle(); - else - print import_form_feed(); - break; - case "edit": - if ($type == "bundle") - print import_form_bundle(import_get_bundle($id)); - else - print import_form_feed(import_get_feed($id)); - break; - case "remove": - print status(import_remove(import_get_feed($id))); - print import_view_feed(); - break; - case "update": - print status(import_update(import_get_feed($id))); - print import_view_feed(); - break; - case "Save attributes": - print status(import_save_attributes($edit)); - print import_view_item(); - break; - case "Delete": - $edit[title] = 0; - // fall through: - case "Submit": - if ($type == "bundle") - print status(import_save_bundle($edit)); - else - print status(import_save_feed($edit)); - // fall through: - default: - if ($type == "bundle") - print import_view_bundle(); - else if ($type == "item") - print import_view_item(); - else + global $user, $op, $id, $type, $edit; + + if (user_access($user, "add and edit news feeds")) { + + print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; + + switch($op) { + case "help": + print import_help(); + break; + case "add": + if ($type == "bundle") + print import_form_bundle(); + else + print import_form_feed(); + break; + case "edit": + if ($type == "bundle") + print import_form_bundle(import_get_bundle($id)); + else + print import_form_feed(import_get_feed($id)); + break; + case "remove": + print status(import_remove(import_get_feed($id))); + print import_view_feed(); + break; + case "update": + print status(import_update(import_get_feed($id))); print import_view_feed(); + break; + case "Save attributes": + print status(import_save_attributes($edit)); + print import_view_item(); + break; + case "Delete": + $edit[title] = 0; + // fall through: + case "Submit": + if ($type == "bundle") + print status(import_save_bundle($edit)); + else + print status(import_save_feed($edit)); + // fall through: + default: + if ($type == "bundle") + print import_view_bundle(); + else if ($type == "item") + print import_view_item(); + else + print import_view_feed(); + } + } + else { + print message_access(); } } diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index 460084c44..8befa5beb 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -6,6 +6,10 @@ function import_help() { <?php } +function import_perm() { + return array("add and edit news feeds"); +} + function import_cron() { $result = db_query("SELECT * FROM feed"); while ($feed = db_fetch_array($result)) { @@ -232,54 +236,60 @@ function import_view_item() { } function import_admin() { - global $op, $id, $type, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; - - switch($op) { - case "help": - print import_help(); - break; - case "add": - if ($type == "bundle") - print import_form_bundle(); - else - print import_form_feed(); - break; - case "edit": - if ($type == "bundle") - print import_form_bundle(import_get_bundle($id)); - else - print import_form_feed(import_get_feed($id)); - break; - case "remove": - print status(import_remove(import_get_feed($id))); - print import_view_feed(); - break; - case "update": - print status(import_update(import_get_feed($id))); - print import_view_feed(); - break; - case "Save attributes": - print status(import_save_attributes($edit)); - print import_view_item(); - break; - case "Delete": - $edit[title] = 0; - // fall through: - case "Submit": - if ($type == "bundle") - print status(import_save_bundle($edit)); - else - print status(import_save_feed($edit)); - // fall through: - default: - if ($type == "bundle") - print import_view_bundle(); - else if ($type == "item") - print import_view_item(); - else + global $user, $op, $id, $type, $edit; + + if (user_access($user, "add and edit news feeds")) { + + print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; + + switch($op) { + case "help": + print import_help(); + break; + case "add": + if ($type == "bundle") + print import_form_bundle(); + else + print import_form_feed(); + break; + case "edit": + if ($type == "bundle") + print import_form_bundle(import_get_bundle($id)); + else + print import_form_feed(import_get_feed($id)); + break; + case "remove": + print status(import_remove(import_get_feed($id))); + print import_view_feed(); + break; + case "update": + print status(import_update(import_get_feed($id))); print import_view_feed(); + break; + case "Save attributes": + print status(import_save_attributes($edit)); + print import_view_item(); + break; + case "Delete": + $edit[title] = 0; + // fall through: + case "Submit": + if ($type == "bundle") + print status(import_save_bundle($edit)); + else + print status(import_save_feed($edit)); + // fall through: + default: + if ($type == "bundle") + print import_view_bundle(); + else if ($type == "item") + print import_view_item(); + else + print import_view_feed(); + } + } + else { + print message_access(); } } diff --git a/modules/block.module b/modules/block.module index 108ee645c..0de1f0146 100644 --- a/modules/block.module +++ b/modules/block.module @@ -9,6 +9,10 @@ function block_help() { <?php } +function block_perm() { + return array("add and edit blocks"); +} + function block_admin_save($edit) { foreach ($edit as $key=>$value) { db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); @@ -99,24 +103,28 @@ function block_admin_preview() { } function block_admin() { - global $op, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - block_help(); - break; - case "preview": - block_admin_preview(); - break; - case "Save blocks": - block_admin_save($edit); - // fall through - default: - block_admin_display(); + global $user, $op, $edit; + + if (user_access($user, "add and edit blocks")) { + print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + block_help(); + break; + case "preview": + block_admin_preview(); + break; + case "Save blocks": + block_admin_save($edit); + // fall through + default: + block_admin_display(); + } + } + else { + print message_access(); } - } ?> diff --git a/modules/block/block.module b/modules/block/block.module index 108ee645c..0de1f0146 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -9,6 +9,10 @@ function block_help() { <?php } +function block_perm() { + return array("add and edit blocks"); +} + function block_admin_save($edit) { foreach ($edit as $key=>$value) { db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); @@ -99,24 +103,28 @@ function block_admin_preview() { } function block_admin() { - global $op, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - block_help(); - break; - case "preview": - block_admin_preview(); - break; - case "Save blocks": - block_admin_save($edit); - // fall through - default: - block_admin_display(); + global $user, $op, $edit; + + if (user_access($user, "add and edit blocks")) { + print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + block_help(); + break; + case "preview": + block_admin_preview(); + break; + case "Save blocks": + block_admin_save($edit); + // fall through + default: + block_admin_display(); + } + } + else { + print message_access(); } - } ?> diff --git a/modules/book.module b/modules/book.module index 87e6bff58..138b5e5a7 100644 --- a/modules/book.module +++ b/modules/book.module @@ -9,6 +9,10 @@ class Book { } } +function book_perm() { + return array("maintain book structure"); +} + function book_status() { return array(dumped, expired, queued, posted); } @@ -69,7 +73,7 @@ function book_search($keys) { global $status, $user; $result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20"); while ($node = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); + $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); } return $find; } @@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) { $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight"); // add root node: - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $toc[0] = " "; } @@ -126,7 +130,7 @@ function book_form($edit = array()) { $form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations.")); - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top.")); } @@ -152,7 +156,7 @@ function book_save($edit) { if (!$edit[nid]) { node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(body, log, parent, title, type => "book", weight)); } } @@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) { } function book_admin() { - print book_tree(); + global $user; + if (user_access($user, "maintain book structure")) { + print book_tree(); + } + else { + print message_access(); + } } function book_page() { - global $status, $theme; + global $user, $status, $theme; - $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); + if (user_access($user, "view content")) { + $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); - while ($node = db_fetch_object($result)) { - $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; - } + while ($node = db_fetch_object($result)) { + $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; + } - $theme->header(); - $theme->box(t("Handbook"), "<DL>$output</DL>"); - $theme->footer(); + $theme->header(); + $theme->box(t("Handbook"), "<DL>$output</DL>"); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function book_edit($id) { diff --git a/modules/book/book.module b/modules/book/book.module index 87e6bff58..138b5e5a7 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -9,6 +9,10 @@ class Book { } } +function book_perm() { + return array("maintain book structure"); +} + function book_status() { return array(dumped, expired, queued, posted); } @@ -69,7 +73,7 @@ function book_search($keys) { global $status, $user; $result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20"); while ($node = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); + $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); } return $find; } @@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) { $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight"); // add root node: - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $toc[0] = " "; } @@ -126,7 +130,7 @@ function book_form($edit = array()) { $form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations.")); - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top.")); } @@ -152,7 +156,7 @@ function book_save($edit) { if (!$edit[nid]) { node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(body, log, parent, title, type => "book", weight)); } } @@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) { } function book_admin() { - print book_tree(); + global $user; + if (user_access($user, "maintain book structure")) { + print book_tree(); + } + else { + print message_access(); + } } function book_page() { - global $status, $theme; + global $user, $status, $theme; - $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); + if (user_access($user, "view content")) { + $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); - while ($node = db_fetch_object($result)) { - $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; - } + while ($node = db_fetch_object($result)) { + $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; + } - $theme->header(); - $theme->box(t("Handbook"), "<DL>$output</DL>"); - $theme->footer(); + $theme->header(); + $theme->box(t("Handbook"), "<DL>$output</DL>"); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function book_edit($id) { diff --git a/modules/box.module b/modules/box.module index 5ae9aa538..025007620 100644 --- a/modules/box.module +++ b/modules/box.module @@ -29,6 +29,10 @@ function box_help() { <?php } +function box_perm() { + return array("add and edit boxes"); +} + function box_block() { $result = db_query("SELECT * FROM boxes ORDER BY subject"); $i = 0; @@ -142,36 +146,42 @@ function box_admin_save($id, $subject, $content, $info, $link, $type) { } function box_admin() { - global $op, $id, $subject, $content, $info, $link, $type; - - print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "Add box": - box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); - box_admin_display(); - box_admin_rehash(); - break; - case "Save box": - box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); - box_admin_display(); - box_admin_rehash(); - break; - case "help": - box_help(); - break; - case "add": - box_admin_new(); - break; - case "edit": - box_admin_edit(check_input($id)); - break; - case "delete": - box_admin_delete(check_input($id)); - box_admin_rehash(); - // fall through - default: - box_admin_display(); + global $user, $op, $id, $subject, $content, $info, $link, $type; + + if (user_access($user, "add and edit boxes")) { + + print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "Add box": + box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); + box_admin_display(); + box_admin_rehash(); + break; + case "Save box": + box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); + box_admin_display(); + box_admin_rehash(); + break; + case "help": + box_help(); + break; + case "add": + box_admin_new(); + break; + case "edit": + box_admin_edit(check_input($id)); + break; + case "delete": + box_admin_delete(check_input($id)); + box_admin_rehash(); + // fall through + default: + box_admin_display(); + } + } + else { + print message_access(); } } diff --git a/modules/comment.module b/modules/comment.module index 24b156443..ad9924603 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -4,11 +4,15 @@ function comment_search($keys) { global $user; $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); + $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); } return $find; } +function comment_perm() { + return array("view comments", "post comments", "edit comments"); +} + function comment_edit($id) { global $REQUEST_URI; @@ -42,24 +46,30 @@ function comment_overview() { } function comment_admin() { - global $op, $id, $edit, $mod, $keys, $order; + global $user, $op, $id, $edit, $mod, $keys, $order; - print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + if (user_access($user, "edit comments")) { - switch ($op) { - case "edit": - print comment_edit($id); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case t("Submit"): - print status(comment_save(check_input($id), $edit)); - print comment_overview(); - break; - default: - print comment_overview(); + print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + + switch ($op) { + case "edit": + print comment_edit($id); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case t("Submit"): + print status(comment_save(check_input($id), $edit)); + print comment_overview(); + break; + default: + print comment_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 24b156443..ad9924603 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -4,11 +4,15 @@ function comment_search($keys) { global $user; $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); + $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); } return $find; } +function comment_perm() { + return array("view comments", "post comments", "edit comments"); +} + function comment_edit($id) { global $REQUEST_URI; @@ -42,24 +46,30 @@ function comment_overview() { } function comment_admin() { - global $op, $id, $edit, $mod, $keys, $order; + global $user, $op, $id, $edit, $mod, $keys, $order; - print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + if (user_access($user, "edit comments")) { - switch ($op) { - case "edit": - print comment_edit($id); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case t("Submit"): - print status(comment_save(check_input($id), $edit)); - print comment_overview(); - break; - default: - print comment_overview(); + print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + + switch ($op) { + case "edit": + print comment_edit($id); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case t("Submit"): + print status(comment_save(check_input($id), $edit)); + print comment_overview(); + break; + default: + print comment_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/conf.module b/modules/conf.module index 4a03a1a99..ba55d82b6 100644 --- a/modules/conf.module +++ b/modules/conf.module @@ -12,6 +12,10 @@ function conf_help() { <?php } +function conf_perm() { + return array("edit configuration options"); +} + function conf_view_options() { global $conf, $cmodes, $corder, $themes; @@ -97,24 +101,30 @@ function conf_view($type) { } function conf_admin() { - global $edit, $op, $type; - - print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - conf_help(); - break; - case "Reset to defaults": - print status(conf_default($edit)); - print conf_view($type); - break; - case "Save configuration": - print status(conf_save($edit)); - print conf_view($type); - break; - default: - print conf_view($type); + global $user, $edit, $op, $type; + + if (user_access($user, "edit configuration options")) { + + print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + conf_help(); + break; + case "Reset to defaults": + print status(conf_default($edit)); + print conf_view($type); + break; + case "Save configuration": + print status(conf_save($edit)); + print conf_view($type); + break; + default: + print conf_view($type); + } + } + else { + print message_access(); } } diff --git a/modules/cvs.module b/modules/cvs.module index 7eefac3de..cc81a12e6 100644 --- a/modules/cvs.module +++ b/modules/cvs.module @@ -1,5 +1,9 @@ <?php +function cvs_perm() { + return array("view CVS messages"); +} + function cvs_cron() { if (time() - variable_get("cvs_cron_last", 0) > variable_get("cvs_cron_time", time())) { variable_set("cvs_cron_last", time()); @@ -22,20 +26,27 @@ function cvs_conf_options() { } function cvs_page() { - global $theme; + global $user, $theme; - $result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50"); + if (user_access($user, "view CVS messages")) { + $result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50"); - while ($cvs = db_fetch_object($result)) { - $output .= "<b>File:</b> $cvs->files<br />"; - $output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />"; - $output .= "<b>User:</b> $cvs->user<br />"; - $output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />"; - } + while ($cvs = db_fetch_object($result)) { + $output .= "<b>File:</b> $cvs->files<br />"; + $output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />"; + $output .= "<b>User:</b> $cvs->user<br />"; + $output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />"; + } - $theme->header(); - $theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>"); - $theme->footer(); + $theme->header(); + $theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>"); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } ?>
\ No newline at end of file diff --git a/modules/diary.module b/modules/diary.module index 9cfb21c47..a186161ce 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -1,10 +1,14 @@ <?php +function diary_perm() { + return array("view diary entries", "edit diary entries"); +} + function diary_search($keys) { global $user; $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20"); while ($diary = db_fetch_object($result)) { - $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp); + $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "edit diary entries") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp); } return $find; @@ -13,25 +17,31 @@ function diary_search($keys) { function diary_page_overview($num = 20) { global $theme, $user; - $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num"); - - while ($diary = db_fetch_object($result)) { - if ($time != date("F jS", $diary->timestamp)) { - $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n"; - $time = date("F jS", $diary->timestamp); + if (user_access($user, "view diary entries")) { + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num"); + + while ($diary = db_fetch_object($result)) { + if ($time != date("F jS", $diary->timestamp)) { + $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n"; + $time = date("F jS", $diary->timestamp); + } + $output .= "<DL>\n"; + $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n"; + $output .= " <DL>\n"; + $output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n"; + $output .= " </DL>\n"; + $output .= "</DL>\n"; } - $output .= "<DL>\n"; - $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n"; - $output .= " <DL>\n"; - $output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n"; - $output .= " </DL>\n"; - $output .= "</DL>\n"; - } - - $theme->header(); - $theme->box(t("Online diary"), $output); - $theme->footer(); + $theme->header(); + $theme->box(t("Online diary"), $output); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function diary_page_entry($timestamp, $text, $id = 0) { @@ -177,7 +187,7 @@ function diary_page() { diary_page_delete(check_input($id)); diary_page_display(check_input($name)); break; - case "edit": + case "edit": diary_page_edit(check_input($id)); break; case "view": @@ -299,40 +309,40 @@ function diary_admin_display($order = "date") { function diary_admin() { - global $op, $id, $mod, $keys, $text, $order; - - print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "delete": - diary_admin_delete(check_input($id)); - diary_admin_display(); - break; - case "edit": - diary_admin_edit(check_input($id)); - break; - case "help": - diary_help(); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case "Save diary entry": - diary_admin_save(check_input($id), check_input($text)); - diary_admin_display(); - break; - case "Update": - diary_admin_display(check_input($order)); - break; - default: - diary_admin_display(); + global $user, $op, $id, $mod, $keys, $text, $order; + + if (user_access($user, "edit diary entries")) { + + print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "delete": + diary_admin_delete(check_input($id)); + diary_admin_display(); + break; + case "edit": + diary_admin_edit(check_input($id)); + break; + case "help": + diary_help(); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case "Save diary entry": + diary_admin_save(check_input($id), check_input($text)); + diary_admin_display(); + break; + case "Update": + diary_admin_display(check_input($order)); + break; + default: + diary_admin_display(); + } } -} - -function diary_export($uri) { - if ($uri[2] == "diary") { - print "TODO: export diary for user $uri[3]"; + else { + print message_access(); } } diff --git a/modules/forum.module b/modules/forum.module index 61d05f561..8bce520e3 100644 --- a/modules/forum.module +++ b/modules/forum.module @@ -24,9 +24,7 @@ function forum_form($edit = array()) { function forum_save($edit) { global $user, $status; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); } function forum_num_comments($nid) { @@ -40,21 +38,28 @@ function forum_last_comment($nid) { } function forum_page() { - global $theme; + global $user, $theme; - $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); + if (user_access($user, "view content")) { + $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); - $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; - $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; - while ($node = db_fetch_object($result)) { - $node = node_get_object(array("nid" => $node->nid)); - $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; - } - $output .= "</TABLE>\n"; + $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; + $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; + while ($node = db_fetch_object($result)) { + $node = node_get_object(array("nid" => $node->nid)); + $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; + } + $output .= "</TABLE>\n"; - $theme->header(); - $theme->box(t("Discussion forum"), $output); - $theme->footer(); + $theme->header(); + $theme->box(t("Discussion forum"), $output); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } ?>
\ No newline at end of file diff --git a/modules/forum/forum.module b/modules/forum/forum.module index 61d05f561..8bce520e3 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -24,9 +24,7 @@ function forum_form($edit = array()) { function forum_save($edit) { global $user, $status; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); } function forum_num_comments($nid) { @@ -40,21 +38,28 @@ function forum_last_comment($nid) { } function forum_page() { - global $theme; + global $user, $theme; - $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); + if (user_access($user, "view content")) { + $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); - $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; - $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; - while ($node = db_fetch_object($result)) { - $node = node_get_object(array("nid" => $node->nid)); - $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; - } - $output .= "</TABLE>\n"; + $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; + $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; + while ($node = db_fetch_object($result)) { + $node = node_get_object(array("nid" => $node->nid)); + $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; + } + $output .= "</TABLE>\n"; - $theme->header(); - $theme->box(t("Discussion forum"), $output); - $theme->footer(); + $theme->header(); + $theme->box(t("Discussion forum"), $output); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } ?>
\ No newline at end of file diff --git a/modules/import.module b/modules/import.module index 460084c44..8befa5beb 100644 --- a/modules/import.module +++ b/modules/import.module @@ -6,6 +6,10 @@ function import_help() { <?php } +function import_perm() { + return array("add and edit news feeds"); +} + function import_cron() { $result = db_query("SELECT * FROM feed"); while ($feed = db_fetch_array($result)) { @@ -232,54 +236,60 @@ function import_view_item() { } function import_admin() { - global $op, $id, $type, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; - - switch($op) { - case "help": - print import_help(); - break; - case "add": - if ($type == "bundle") - print import_form_bundle(); - else - print import_form_feed(); - break; - case "edit": - if ($type == "bundle") - print import_form_bundle(import_get_bundle($id)); - else - print import_form_feed(import_get_feed($id)); - break; - case "remove": - print status(import_remove(import_get_feed($id))); - print import_view_feed(); - break; - case "update": - print status(import_update(import_get_feed($id))); - print import_view_feed(); - break; - case "Save attributes": - print status(import_save_attributes($edit)); - print import_view_item(); - break; - case "Delete": - $edit[title] = 0; - // fall through: - case "Submit": - if ($type == "bundle") - print status(import_save_bundle($edit)); - else - print status(import_save_feed($edit)); - // fall through: - default: - if ($type == "bundle") - print import_view_bundle(); - else if ($type == "item") - print import_view_item(); - else + global $user, $op, $id, $type, $edit; + + if (user_access($user, "add and edit news feeds")) { + + print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; + + switch($op) { + case "help": + print import_help(); + break; + case "add": + if ($type == "bundle") + print import_form_bundle(); + else + print import_form_feed(); + break; + case "edit": + if ($type == "bundle") + print import_form_bundle(import_get_bundle($id)); + else + print import_form_feed(import_get_feed($id)); + break; + case "remove": + print status(import_remove(import_get_feed($id))); + print import_view_feed(); + break; + case "update": + print status(import_update(import_get_feed($id))); print import_view_feed(); + break; + case "Save attributes": + print status(import_save_attributes($edit)); + print import_view_item(); + break; + case "Delete": + $edit[title] = 0; + // fall through: + case "Submit": + if ($type == "bundle") + print status(import_save_bundle($edit)); + else + print status(import_save_feed($edit)); + // fall through: + default: + if ($type == "bundle") + print import_view_bundle(); + else if ($type == "item") + print import_view_item(); + else + print import_view_feed(); + } + } + else { + print message_access(); } } diff --git a/modules/locale.module b/modules/locale.module index 065468e9c..db1e58127 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -24,6 +24,10 @@ function locale_help() { <?php } +function locale_perm() { + return array("add and edit locales"); +} + function locale_conf_options() { return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support.")); } @@ -83,26 +87,31 @@ function locale_overview() { } function locale_admin() { - global $id, $edit, $op; - - print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "delete": - print status(locale_delete(check_input($id))); - print locale_overview(); - break; - case "help": - print locale_help(); - break; - case "edit": - print locale_edit(check_input($id)); - break; - case "Save translations": - print locale_save(check_input($id), $edit); - // fall through - default: - print locale_overview(); + global $user, $id, $edit, $op; + + if (user_access($user, "add and edit locales")) { + print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "delete": + print status(locale_delete(check_input($id))); + print locale_overview(); + break; + case "help": + print locale_help(); + break; + case "edit": + print locale_edit(check_input($id)); + break; + case "Save translations": + print locale_save(check_input($id), $edit); + // fall through + default: + print locale_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/locale/locale.module b/modules/locale/locale.module index 065468e9c..db1e58127 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -24,6 +24,10 @@ function locale_help() { <?php } +function locale_perm() { + return array("add and edit locales"); +} + function locale_conf_options() { return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support.")); } @@ -83,26 +87,31 @@ function locale_overview() { } function locale_admin() { - global $id, $edit, $op; - - print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "delete": - print status(locale_delete(check_input($id))); - print locale_overview(); - break; - case "help": - print locale_help(); - break; - case "edit": - print locale_edit(check_input($id)); - break; - case "Save translations": - print locale_save(check_input($id), $edit); - // fall through - default: - print locale_overview(); + global $user, $id, $edit, $op; + + if (user_access($user, "add and edit locales")) { + print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "delete": + print status(locale_delete(check_input($id))); + print locale_overview(); + break; + case "help": + print locale_help(); + break; + case "edit": + print locale_edit(check_input($id)); + break; + case "Save translations": + print locale_save(check_input($id), $edit); + // fall through + default: + print locale_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/meta.module b/modules/meta.module index a46857ec1..092bf1d4c 100644 --- a/modules/meta.module +++ b/modules/meta.module @@ -6,6 +6,10 @@ function meta_help() { <?php } +function meta_conf() { + return array("add and edit meta tags"); +} + function meta_form($type, $edit = array()) { $c = db_query("SELECT * FROM collection WHERE types LIKE '%". check_input($type) ."%'"); while ($collection = db_fetch_object($c)) { @@ -125,40 +129,46 @@ function meta_overview() { } function meta_admin() { - global $edit, $type, $op, $id; - - print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "add": - if ($type == "collection") - print meta_form_collection(); - else - print meta_form_tag(); - break; - case "edit": - if ($type == "collection") - print meta_form_collection(meta_get_collection($id)); - else - print meta_form_tag(meta_get_tag($id)); - break; - case "help": - print meta_help(); - break; - case "preview": - print meta_preview(); - break; - case "Delete": - $edit[name] = 0; - // fall through: - case "Submit": - if ($type == "collection") - print status(meta_save_collection($edit)); - else - print status(meta_save_tag($edit)); - // fall through: - default: - print meta_overview(); + global $user, $edit, $type, $op, $id; + + if (user_access($user, "add and edit meta tags")) { + + print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "add": + if ($type == "collection") + print meta_form_collection(); + else + print meta_form_tag(); + break; + case "edit": + if ($type == "collection") + print meta_form_collection(meta_get_collection($id)); + else + print meta_form_tag(meta_get_tag($id)); + break; + case "help": + print meta_help(); + break; + case "preview": + print meta_preview(); + break; + case "Delete": + $edit[name] = 0; + // fall through: + case "Submit": + if ($type == "collection") + print status(meta_save_collection($edit)); + else + print status(meta_save_tag($edit)); + // fall through: + default: + print meta_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/moderate.module b/modules/moderate.module index c3db8abab..a75402c3a 100644 --- a/modules/moderate.module +++ b/modules/moderate.module @@ -1,5 +1,9 @@ <?php +function moderate_perm() { + return array("access moderation pages"); +} + function moderate_comment_access($cid) { global $user; return db_fetch_object(db_query("SELECT n.moderate FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE c.cid = '". check_input($cid) ."' AND n.moderate LIKE '%$user->userid%'")); @@ -37,7 +41,7 @@ function moderate_node($edit, $name) { return node_invoke($edit, $name); } else { - return status(t("access denied")); + return status(message_access()); } } @@ -54,7 +58,7 @@ function moderate_comment_edit($id) { return comment_edit($id); } else { - return "access denied"; + return status(message_access()); } } @@ -63,41 +67,47 @@ function moderate_comment_save($id, $edit) { return comment_save($id, $edit); } else { - return "access denied"; + return status(message_access()); } } function moderate_admin() { - global $op, $id, $edit, $type; - - switch ($type) { - case "comment": - switch ($op) { - case "edit": - print moderate_comment_edit($id); - break; - case t("Submit"): - print status(moderate_comment_save($id, $edit)); - // fall through: - default: - print moderate_overview(); + global $user, $op, $id, $edit, $type; + + if (user_access($user, "access moderation pages")) { + + switch ($type) { + case "comment": + switch ($op) { + case "edit": + print moderate_comment_edit($id); + break; + case t("Submit"): + print status(moderate_comment_save($id, $edit)); + // fall through: + default: + print moderate_overview(); + } + break; + default: + switch ($op) { + case "edit": + print moderate_node_edit(node_get_array(array("nid" => $id))); + break; + case t("Preview"): + print moderate_node_edit($edit); + break; + case t("Submit"): + print status(moderate_node_save($edit)); + // fall through: + default: + print moderate_overview(); } - break; - default: - switch ($op) { - case "edit": - print moderate_node_edit(node_get_array(array("nid" => $id))); - break; - case t("Preview"): - print moderate_node_edit($edit); - break; - case t("Submit"): - print status(moderate_node_save($edit)); - // fall through: - default: - print moderate_overview(); } } + else { + print message_access(); + } } ?> diff --git a/modules/module.module b/modules/module.module index f11832770..71bcc99a7 100644 --- a/modules/module.module +++ b/modules/module.module @@ -6,6 +6,10 @@ function module_help() { <?php } +function module_perm() { + return array("install and uninstall modules"); +} + function module_admin_rehash() { $result = db_query("SELECT * FROM modules"); while ($module = db_fetch_object($result)) { @@ -33,24 +37,30 @@ function module_admin_overview() { } function module_admin() { - global $op, $name; - - print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - module_help(); - break; - case "rehash": - module_rehash($name); - module_admin_overview(); - break; - case "Rehash modules": - module_admin_rehash(); - module_admin_overview(); - break; - default: - module_admin_overview(); + global $user, $op, $name; + + if (user_access($user, "install and uninstall modules")) { + + print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + module_help(); + break; + case "rehash": + module_rehash($name); + module_admin_overview(); + break; + case "Rehash modules": + module_admin_rehash(); + module_admin_overview(); + break; + default: + module_admin_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/node.module b/modules/node.module index 8e600e867..0b32efb40 100644 --- a/modules/node.module +++ b/modules/node.module @@ -26,6 +26,10 @@ function node_help() { } } +function node_perm() { + return array("add and edit nodes"); +} + function node_conf_options() { $output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page.")); return $output; @@ -260,77 +264,83 @@ function node_edit($node) { } function node_admin() { - global $op, $id, $edit, $query, $type, $keys; + global $user, $op, $id, $edit, $query, $type, $keys; - foreach (module_list() as $name) { - if (module_hook($name, "status") && $name != "node") { - $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + if (user_access($user, "add and edit nodes")) { + + foreach (module_list() as $name) { + if (module_hook($name, "status") && $name != "node") { + $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + } } - } - print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; - - $id = check_input($edit[nid] ? $edit[nid] : $id); - - switch ($op) { - case "add": - print module_invoke($type, "form"); - break; - case "help": - print node_help(); - break; - case "search": - print node_module_find($id); - print search_data($keys, $type); - break; - case "status": - print node_edit_status($id); - break; - case "option": - print node_edit_option($id); - break; - case "attribute": - print node_edit_attribute($id); - break; - case "content": - print node_edit_content(node_get_array(array("nid" => $id)), $type); - break; - case "default": - print node_setting(); - break; - case "delete": - print status(node_delete($id)); - print node_overview($query); - break; - case "listing": - print node_listing(node_query()); - break; - case "Save settings": - print status(conf_save($edit)); - print node_setting(); - break; - case "Reset to defaults": - print status(conf_default($edit)); - print node_setting(); - break; - case "Save node": - print node_admin_save($edit); - print node_overview($query); - break; - case "edit": - print node_edit(node_get_object(array("nid" => $id))); - break; - case "view": - print node_module_view(node_get_array(array("nid" => $id)), $type); - break; - case "Preview": - print node_edit_content($edit, $type); - break; - case "Submit": - print status(node_save_content($edit, $type)); - // fall through: - default: - print node_overview($query); + print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; + + $id = check_input($edit[nid] ? $edit[nid] : $id); + + switch ($op) { + case "add": + print module_invoke($type, "form"); + break; + case "help": + print node_help(); + break; + case "search": + print node_module_find($id); + print search_data($keys, $type); + break; + case "status": + print node_edit_status($id); + break; + case "option": + print node_edit_option($id); + break; + case "attribute": + print node_edit_attribute($id); + break; + case "content": + print node_edit_content(node_get_array(array("nid" => $id)), $type); + break; + case "default": + print node_setting(); + break; + case "delete": + print status(node_delete($id)); + print node_overview($query); + break; + case "listing": + print node_listing(node_query()); + break; + case "Save settings": + print status(conf_save($edit)); + print node_setting(); + break; + case "Reset to defaults": + print status(conf_default($edit)); + print node_setting(); + break; + case "Save node": + print node_admin_save($edit); + print node_overview($query); + break; + case "edit": + print node_edit(node_get_object(array("nid" => $id))); + break; + case "view": + print node_module_view(node_get_array(array("nid" => $id)), $type); + break; + case "Preview": + print node_edit_content($edit, $type); + break; + case "Submit": + print status(node_save_content($edit, $type)); + // fall through: + default: + print node_overview($query); + } + } + else { + print message_access(); } } diff --git a/modules/node/node.module b/modules/node/node.module index 8e600e867..0b32efb40 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -26,6 +26,10 @@ function node_help() { } } +function node_perm() { + return array("add and edit nodes"); +} + function node_conf_options() { $output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page.")); return $output; @@ -260,77 +264,83 @@ function node_edit($node) { } function node_admin() { - global $op, $id, $edit, $query, $type, $keys; + global $user, $op, $id, $edit, $query, $type, $keys; - foreach (module_list() as $name) { - if (module_hook($name, "status") && $name != "node") { - $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + if (user_access($user, "add and edit nodes")) { + + foreach (module_list() as $name) { + if (module_hook($name, "status") && $name != "node") { + $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + } } - } - print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; - - $id = check_input($edit[nid] ? $edit[nid] : $id); - - switch ($op) { - case "add": - print module_invoke($type, "form"); - break; - case "help": - print node_help(); - break; - case "search": - print node_module_find($id); - print search_data($keys, $type); - break; - case "status": - print node_edit_status($id); - break; - case "option": - print node_edit_option($id); - break; - case "attribute": - print node_edit_attribute($id); - break; - case "content": - print node_edit_content(node_get_array(array("nid" => $id)), $type); - break; - case "default": - print node_setting(); - break; - case "delete": - print status(node_delete($id)); - print node_overview($query); - break; - case "listing": - print node_listing(node_query()); - break; - case "Save settings": - print status(conf_save($edit)); - print node_setting(); - break; - case "Reset to defaults": - print status(conf_default($edit)); - print node_setting(); - break; - case "Save node": - print node_admin_save($edit); - print node_overview($query); - break; - case "edit": - print node_edit(node_get_object(array("nid" => $id))); - break; - case "view": - print node_module_view(node_get_array(array("nid" => $id)), $type); - break; - case "Preview": - print node_edit_content($edit, $type); - break; - case "Submit": - print status(node_save_content($edit, $type)); - // fall through: - default: - print node_overview($query); + print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; + + $id = check_input($edit[nid] ? $edit[nid] : $id); + + switch ($op) { + case "add": + print module_invoke($type, "form"); + break; + case "help": + print node_help(); + break; + case "search": + print node_module_find($id); + print search_data($keys, $type); + break; + case "status": + print node_edit_status($id); + break; + case "option": + print node_edit_option($id); + break; + case "attribute": + print node_edit_attribute($id); + break; + case "content": + print node_edit_content(node_get_array(array("nid" => $id)), $type); + break; + case "default": + print node_setting(); + break; + case "delete": + print status(node_delete($id)); + print node_overview($query); + break; + case "listing": + print node_listing(node_query()); + break; + case "Save settings": + print status(conf_save($edit)); + print node_setting(); + break; + case "Reset to defaults": + print status(conf_default($edit)); + print node_setting(); + break; + case "Save node": + print node_admin_save($edit); + print node_overview($query); + break; + case "edit": + print node_edit(node_get_object(array("nid" => $id))); + break; + case "view": + print node_module_view(node_get_array(array("nid" => $id)), $type); + break; + case "Preview": + print node_edit_content($edit, $type); + break; + case "Submit": + print status(node_save_content($edit, $type)); + // fall through: + default: + print node_overview($query); + } + } + else { + print message_access(); } } diff --git a/modules/page.module b/modules/page.module index 88739cbb4..8625230a1 100644 --- a/modules/page.module +++ b/modules/page.module @@ -57,9 +57,7 @@ function page_form($edit = array()) { function page_save($edit) { global $status, $user; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); } ?>
\ No newline at end of file diff --git a/modules/page/page.module b/modules/page/page.module index 88739cbb4..8625230a1 100644 --- a/modules/page/page.module +++ b/modules/page/page.module @@ -57,9 +57,7 @@ function page_form($edit = array()) { function page_save($edit) { global $status, $user; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); } ?>
\ No newline at end of file diff --git a/modules/poll.module b/modules/poll.module index f99718e94..01b143654 100644 --- a/modules/poll.module +++ b/modules/poll.module @@ -78,7 +78,7 @@ function poll_search($keys) { global $status, $user; $result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20"); while ($poll = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); + $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); } return $find; } @@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) { $active = array(0 => "Closed", 1 => "Active"); - $admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0; + $admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0; if ($edit[title]) { $form .= poll_view(new Poll(node_preview($edit))); @@ -234,7 +234,7 @@ function poll_save($edit) { if (!$edit[nid]) { $nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => "")); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { $nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll")); db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'"); } diff --git a/modules/poll/poll.module b/modules/poll/poll.module index f99718e94..01b143654 100644 --- a/modules/poll/poll.module +++ b/modules/poll/poll.module @@ -78,7 +78,7 @@ function poll_search($keys) { global $status, $user; $result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20"); while ($poll = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); + $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); } return $find; } @@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) { $active = array(0 => "Closed", 1 => "Active"); - $admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0; + $admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0; if ($edit[title]) { $form .= poll_view(new Poll(node_preview($edit))); @@ -234,7 +234,7 @@ function poll_save($edit) { if (!$edit[nid]) { $nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => "")); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { $nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll")); db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'"); } diff --git a/modules/queue.module b/modules/queue.module index 0eb1684df..3776ee2a3 100644 --- a/modules/queue.module +++ b/modules/queue.module @@ -5,6 +5,10 @@ function queue_conf_options() { $output .= form_select(t("Discard entries older than"), "queue_clear", variable_get("queue_clear", 604800), $period, t("The time nodes should be kept in the moderation queue. Older entries will be automatically discarded. Requires crontab.")); return $output; } +function queue_perm() { + return array("access moderation queue"); +} + function queue_cron() { global $status; db_query("UPDATE node SET status = '$status[dumped]' WHERE status = '$status[queued]' AND ". time() ." - timestamp > ". variable_get("queue_clear", 604800)); @@ -110,7 +114,7 @@ function queue_node($id) { function queue_page() { global $id, $op, $theme, $user, $vote; - if ($user->id) { + if ($user->id && user_access($user, "access moderation queue")) { switch($op) { case "Vote"; queue_vote(check_input($id), check_input($vote)); @@ -125,7 +129,7 @@ function queue_page() { } else { $theme->header(); - $theme->box(t("Moderation queue"), message_account()); + $theme->box(t("Moderation queue"), message_access()); $theme->footer(); } } diff --git a/modules/rating.module b/modules/rating.module index e4abb066d..164b1ecca 100644 --- a/modules/rating.module +++ b/modules/rating.module @@ -1,5 +1,9 @@ <?php +function rating_perm() { + return array("view user ratings"); +} + function rating_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 1000000000 => t("Never")); $output .= form_select(t("Update interval"), "rating_cron_time" , variable_get("rating_cron_time", 86400), $period, t("The update interval for the user ratings. Requires crontab.")); @@ -79,10 +83,18 @@ function rating_list($limit) { } function rating_page() { - global $theme; - $theme->header(); - $theme->box("Top 100 users", rating_list(100)); - $theme->footer(); + global $user, $theme; + + if (user_access($user, "view user ratings")) { + $theme->header(); + $theme->box(t("Top 100 users"), rating_list(100)); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function rating_block() { diff --git a/modules/story.module b/modules/story.module index ca9ff6946..9773f2af4 100644 --- a/modules/story.module +++ b/modules/story.module @@ -16,7 +16,7 @@ function story_search($keys) { global $status, $user; $result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20"); while ($story = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); + $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); } return $find; } @@ -75,7 +75,7 @@ function story_save($edit) { if (!$edit[nid]) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story")); } } diff --git a/modules/story/story.module b/modules/story/story.module index ca9ff6946..9773f2af4 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -16,7 +16,7 @@ function story_search($keys) { global $status, $user; $result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20"); while ($story = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); + $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); } return $find; } @@ -75,7 +75,7 @@ function story_save($edit) { if (!$edit[nid]) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story")); } } diff --git a/modules/watchdog.module b/modules/watchdog.module index 02c7c23ca..23d4c8d28 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -7,6 +7,10 @@ function watchdog_help() { <?php } +function watchdog_perm() { + return array("access watchdog"); +} + function watchdog_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never")); $output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab.")); @@ -53,19 +57,25 @@ function watchdog_view($id) { } function watchdog_admin() { - global $op, $id, $type, $order; - - print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - watchdog_help(); - break; - case "view": - print watchdog_view(check_input($id)); - break; - default: - print watchdog_overview($type); + global $user, $op, $id, $type, $order; + + if (user_access($user, "access watchdog")) { + + print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + watchdog_help(); + break; + case "view": + print watchdog_view(check_input($id)); + break; + default: + print watchdog_overview($type); + } + } + else { + print message_access(); } } diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index 02c7c23ca..23d4c8d28 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -7,6 +7,10 @@ function watchdog_help() { <?php } +function watchdog_perm() { + return array("access watchdog"); +} + function watchdog_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never")); $output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab.")); @@ -53,19 +57,25 @@ function watchdog_view($id) { } function watchdog_admin() { - global $op, $id, $type, $order; - - print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - watchdog_help(); - break; - case "view": - print watchdog_view(check_input($id)); - break; - default: - print watchdog_overview($type); + global $user, $op, $id, $type, $order; + + if (user_access($user, "access watchdog")) { + + print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + watchdog_help(); + break; + case "view": + print watchdog_view(check_input($id)); + break; + default: + print watchdog_overview($type); + } + } + else { + print message_access(); } } @@ -5,56 +5,64 @@ include_once "includes/common.inc"; page_header(); function node_render($node) { - global $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF; + global $user, $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF; - if ($node->comment) { - switch($op) { - case t("Preview comment"): - $theme->header(); - comment_preview($edit); - $theme->footer(); - break; - case t("Post comment"): - comment_post($edit); - $theme->header(); - node_view($node); - comment_render($edit[id], $cid); - $theme->footer(); - break; - case t("Add comment"): - $theme->header(); - comment_reply(check_input($cid), check_input($id)); - $theme->footer(); - break; - case "reply": - $theme->header(); - comment_reply(check_input($pid), check_input($id)); - $theme->footer(); - break; - case t("Update settings"): - comment_settings(check_input($mode), check_input($order), check_input($threshold)); - $theme->header(); - node_view($node); - comment_render($id, $cid); - $theme->footer(); - break; - case t("Moderate comments"): - comment_moderate($moderate); - $theme->header(); - node_view($node); - comment_render($id, $cid); - $theme->footer(); - break; - default: - $theme->header(); - node_view($node); - comment_render($id, $cid); - $theme->footer(); + if (user_access($node, "view content")) { + + if ($node->comment) { + switch($op) { + case t("Preview comment"): + $theme->header(); + comment_preview($edit); + $theme->footer(); + break; + case t("Post comment"): + comment_post($edit); + $theme->header(); + node_view($node); + comment_render($edit[id], $cid); + $theme->footer(); + break; + case t("Add comment"): + $theme->header(); + comment_reply(check_input($cid), check_input($id)); + $theme->footer(); + break; + case "reply": + $theme->header(); + comment_reply(check_input($pid), check_input($id)); + $theme->footer(); + break; + case t("Update settings"): + comment_settings(check_input($mode), check_input($order), check_input($threshold)); + $theme->header(); + node_view($node); + comment_render($id, $cid); + $theme->footer(); + break; + case t("Moderate comments"): + comment_moderate($moderate); + $theme->header(); + node_view($node); + comment_render($id, $cid); + $theme->footer(); + break; + default: + $theme->header(); + node_view($node); + comment_render($id, $cid); + $theme->footer(); + } + } + else { + $theme->header(); + node_view($node); + $theme->footer(); } } else { $theme->header(); - node_view($node); + $theme->box(t("Access denied"), message_access()); $theme->footer(); } } diff --git a/search.php b/search.php index cc1dfd4b8..44c583475 100644 --- a/search.php +++ b/search.php @@ -4,36 +4,43 @@ include_once "includes/common.inc"; page_header(); -// verify input: -$type = check_input($type); -$keys = check_input($keys); - -// build options list: -foreach (module_list() as $name) { - if (module_hook($name, "search")) { - $options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n"; +if (user_access($user, "search content")) { + // verify input: + $type = check_input($type); + $keys = check_input($keys); + + // build options list: + foreach (module_list() as $name) { + if (module_hook($name, "search")) { + $options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n"; + } } -} -// build form: -$form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n"; -$form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n"; -$form .= " <SELECT NAME=\"type\">$options</SELECT>\n"; -$form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n"; -$form .= "</FORM>\n"; + // build form: + $form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n"; + $form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n"; + $form .= " <SELECT NAME=\"type\">$options</SELECT>\n"; + $form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n"; + $form .= "</FORM>\n"; -// visualize form: -$theme->header(); + // visualize form: + $theme->header(); -if ($form) { - $theme->box(t("Search"), $form); -} + if ($form) { + $theme->box(t("Search"), $form); + } -if ($keys) { - $theme->box(t("Result"), search_data($keys, $type)); -} + if ($keys) { + $theme->box(t("Result"), search_data($keys, $type)); + } -$theme->footer(); + $theme->footer(); +} +else { + $theme->header(); + $theme->box("Access denied", message_access()); + $theme->footer(); +} page_footer(); diff --git a/submit.php b/submit.php index 2a78a6819..02b6f8959 100644 --- a/submit.php +++ b/submit.php @@ -6,7 +6,7 @@ page_header(); $theme->header(); -if ($user->id) { +if (user_access($user, "post content")) { if ($mod) { module_invoke($mod, "user"); } @@ -25,7 +25,7 @@ if ($user->id) { } } else { - $theme->box("Submit", message_account()); + $theme->box("Submit", message_access()); } $theme->footer(); diff --git a/updates/2.00-to-x.xx.sql b/updates/2.00-to-x.xx.sql index 501c4bfe0..b43d97ead 100644 --- a/updates/2.00-to-x.xx.sql +++ b/updates/2.00-to-x.xx.sql @@ -265,3 +265,16 @@ ALTER TABLE book ADD log text NOT NULL; ALTER TABLE node DROP pid; ALTER TABLE node DROP log; DROP TABLE headlines; + +# 20/06/01 +CREATE TABLE role ( + rid int(10) unsigned DEFAULT '0' NOT NULL auto_increment, + name varchar(32) DEFAULT '' NOT NULL, + perm text DEFAULT '' NOT NULL, + UNIQUE name (name), + PRIMARY KEY (rid) +); + +ALTER TABLE users ADD role varchar(32) DEFAULT '' NOT NULL; +ALTER TABLE users DROP access; +UPDATE users SET role = 'registered user'; |