From 72065fb8351b54eee5f1928c18e06ad81aa9b502 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 20 Jun 2001 20:00:40 +0000
Subject: - Added a brand-new access.module which allows you to manage 'roles' 
  (groups) and 'permissions' ... (inspired by Zope's system).

    + Once installed, click the help-link for more information.

    + See updates/2.00-to-x.xx.sql for the SQL updates.

- Modified loads of code to use our new access.module.  The system
  still has to mature though: new permissions have to be added and
  existing permissions need stream-lining.  Awaiting suggestions.

- As a direct result of the new access system, I had to rewrite the
  way the top-level links in admin.php are rendered and displayed,
  and xhtml-ified admin.php while I was at it.

TODO

- Home-brewed modules need updating, home-brewed themes not.
  (Examples: file.module, trip_link.module)

- As soon we *finished* the refactoring of the user system (KJ has
  been working on this refactoring already) we should consider to
  embed this role and permission code into account.module ...
---
 modules/box.module | 70 +++++++++++++++++++++++++++++++-----------------------
 1 file changed, 40 insertions(+), 30 deletions(-)

(limited to 'modules/box.module')

diff --git a/modules/box.module b/modules/box.module
index 5ae9aa538..025007620 100644
--- a/modules/box.module
+++ b/modules/box.module
@@ -29,6 +29,10 @@ function box_help() {
  <?php
 }
 
+function box_perm() {
+  return array("add and edit boxes");
+}
+
 function box_block() {
   $result = db_query("SELECT * FROM boxes ORDER BY subject");
   $i = 0;
@@ -142,36 +146,42 @@ function box_admin_save($id, $subject, $content, $info, $link, $type) {
 }
 
 function box_admin() {
-  global $op, $id, $subject, $content, $info, $link, $type;
-
-  print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n";
-
-  switch ($op) {
-    case "Add box":
-      box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
-      box_admin_display();
-      box_admin_rehash();
-      break;
-    case "Save box":
-      box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
-      box_admin_display();
-      box_admin_rehash();
-      break;
-    case "help":
-      box_help();
-      break;
-    case "add":
-      box_admin_new();
-      break;
-    case "edit":
-      box_admin_edit(check_input($id));
-      break;
-    case "delete":
-      box_admin_delete(check_input($id));
-      box_admin_rehash();
-       // fall through
-    default:
-      box_admin_display();
+  global $user, $op, $id, $subject, $content, $info, $link, $type;
+
+  if (user_access($user, "add and edit boxes")) {
+
+    print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n";
+
+    switch ($op) {
+      case "Add box":
+        box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
+        box_admin_display();
+        box_admin_rehash();
+        break;
+      case "Save box":
+        box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
+        box_admin_display();
+        box_admin_rehash();
+        break;
+      case "help":
+        box_help();
+        break;
+      case "add":
+        box_admin_new();
+        break;
+      case "edit":
+        box_admin_edit(check_input($id));
+        break;
+      case "delete":
+        box_admin_delete(check_input($id));
+        box_admin_rehash();
+         // fall through
+      default:
+        box_admin_display();
+    }
+  }
+  else {
+    print message_access();
   }
 }
 
-- 
cgit v1.2.3