From 4371b627d51ffc5af9498fa1877d8e519a5f2c6e Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Sun, 18 Feb 2001 15:14:56 +0000 Subject: - added fine-grained user permission system which allows us to give certain users access to specific administration sections only. Ex. a FAQ maintainer can only edit the FAQ, and members of an "editorial board" can only edit comments, diaries and stories, .. - code review => rewrote include/user.inc which is much easier now - fixed 4 small bugs --- modules/account.module | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) (limited to 'modules/account.module') diff --git a/modules/account.module b/modules/account.module index 26466e6b5..c92cbfbd5 100644 --- a/modules/account.module +++ b/modules/account.module @@ -63,7 +63,7 @@ function account_find($keys) { $find = array(); $result = db_query("SELECT * FROM users WHERE userid LIKE '%". check_input($keys) ."%' LIMIT 20"); while ($account = db_fetch_object($result)) { - array_push($find, array("subject" => $account->userid, "link" => (user_permission($user) ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid)); + array_push($find, array("subject" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid)); } return $find; } @@ -75,7 +75,7 @@ function account_search() { } function account_display($order = "username") { - $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "hostname" => "last_host DESC", "last access date" => "last_access DESC", "real e-mail address" => "real_email", "real name" => "name", "permissions" => "permissions", "rating" => "rating DESC", "status" => "status", "theme" => "theme", "timezone" => "timezone DESC", "username" => "userid"); + $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "hostname" => "last_host DESC", "last access date" => "last_access DESC", "real e-mail address" => "real_email", "real name" => "name", "rating" => "rating DESC", "status" => "status", "theme" => "theme", "timezone" => "timezone DESC", "username" => "userid"); $show = array("ID" => "id", "username" => "userid", "$order" => "$sort[$order]", "homepage" => "url"); $stat = array(0 => "blocked", 1 => "not confirmed", 2 => "open"); $perm = array(0 => "regular user", 1 => "administrator"); @@ -118,9 +118,6 @@ function account_display($order = "username") { case "status": $output .= " ". $stat[$account[$value]] ."\n"; break; - case "permissions": - $output .= " ". $perm[$account[$value]] ."\n"; - break; case "timezone": $output .= " ". check_output($account[$value] / 3600) ."\n"; break; @@ -142,6 +139,15 @@ function account_display($order = "username") { print $output; } +function account_access($account) { + $data = explode(";", $account->access); + foreach ($data as $array) { + $access = explode(":", $array); + if ($access[0]) $output .= " $access[0]"; + } + return $output; +} + function account_blocks($id) { $result = db_query("SELECT * FROM layout WHERE user = $id"); while ($layout = db_fetch_object($result)) { @@ -167,17 +173,22 @@ function account_comments($id) { } function account_edit_save($name, $edit) { - foreach ($edit as $key=>$value) { - $query .= "$key = '". addslashes($value) ."', "; - } + foreach ($edit as $key=>$value) if ($key != "access") $query .= "$key = '". addslashes($value) ."', "; db_query("UPDATE users SET $query last_access = '". time() ."' WHERE userid = '$name'"); + foreach ($edit[access] as $key=>$value) user_set(user_load($name), "access", $value, 1); watchdog("message", "account: modified user '$name'"); } function account_edit($name) { + global $access, $account; + + function access($name, $module) { + global $access, $account; + $access .= ""; + } + $status = array(0 => "blocked", 1 => "not confirmed", 2 => "open"); - $permissions = array(0 => "regular user", 1 => "administrator"); $result = db_query("SELECT * FROM users WHERE userid = '$name'"); @@ -187,21 +198,18 @@ function account_edit($name) { } $stat = "\n"; - foreach ($permissions as $key=>$value) { - $perm .= " \n"; - } - $perm = "\n"; + module_iterate("access"); $output .= "
\n"; $output .= "\n"; $output .= " \n"; $output .= " \n"; + $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; - $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; @@ -221,7 +229,6 @@ function account_edit($name) { function account_view($name) { $status = array(0 => "blocked", 1 => "not confirmed", 2 => "open"); - $permissions = array(0 => "regular user", 1 => "administrator"); $result = db_query("SELECT * FROM users WHERE userid = '$name'"); @@ -229,12 +236,12 @@ function account_view($name) { $output .= "
ID:$account->id
Status:$stat
Access:
Username:$account->userid
Real name:". check_output($account->name) ."
Real e-mail address:". format_email($account->real_email) ."
Fake e-mail address:fake_email\">
URL of homepage:url\">
Permissions:$perm
Last access:". format_date($account->last_access) ." from ". check_output($account->last_host) ."
User rating:". check_output($account->rating) ."
Bio information:
\n"; $output .= " \n"; $output .= " \n"; + $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; - $output .= " \n"; $output .= " \n"; $output .= " \n"; $output .= " \n"; -- cgit v1.2.3
ID:userid\">$account->id
Status:". $status[$account->status] ."
Access:". check_output(account_access($account)) ."
Username:$account->userid
Real name:". check_output($account->name) ."
Real e-mail address:". format_email($account->real_email) ."
Fake e-mail address:". check_output($account->fake_email) ."
URL of homepage:". format_url($account->url) ."
Permissions:". $permissions[$account->permissions] ."
Last access:". format_date($account->last_access) ." from ". check_output($account->last_host) ."
User rating:". check_output($account->rating) ."
Bio information:". check_output($account->bio) ."