From 72065fb8351b54eee5f1928c18e06ad81aa9b502 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Wed, 20 Jun 2001 20:00:40 +0000 Subject: - Added a brand-new access.module which allows you to manage 'roles' (groups) and 'permissions' ... (inspired by Zope's system). + Once installed, click the help-link for more information. + See updates/2.00-to-x.xx.sql for the SQL updates. - Modified loads of code to use our new access.module. The system still has to mature though: new permissions have to be added and existing permissions need stream-lining. Awaiting suggestions. - As a direct result of the new access system, I had to rewrite the way the top-level links in admin.php are rendered and displayed, and xhtml-ified admin.php while I was at it. TODO - Home-brewed modules need updating, home-brewed themes not. (Examples: file.module, trip_link.module) - As soon we *finished* the refactoring of the user system (KJ has been working on this refactoring already) we should consider to embed this role and permission code into account.module ... --- modules/comment.module | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) (limited to 'modules/comment.module') diff --git a/modules/comment.module b/modules/comment.module index 24b156443..ad9924603 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -4,11 +4,15 @@ function comment_search($keys) { global $user; $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); + $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); } return $find; } +function comment_perm() { + return array("view comments", "post comments", "edit comments"); +} + function comment_edit($id) { global $REQUEST_URI; @@ -42,24 +46,30 @@ function comment_overview() { } function comment_admin() { - global $op, $id, $edit, $mod, $keys, $order; + global $user, $op, $id, $edit, $mod, $keys, $order; - print "overview | search comment
\n"; + if (user_access($user, "edit comments")) { - switch ($op) { - case "edit": - print comment_edit($id); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case t("Submit"): - print status(comment_save(check_input($id), $edit)); - print comment_overview(); - break; - default: - print comment_overview(); + print "overview | search comment
\n"; + + switch ($op) { + case "edit": + print comment_edit($id); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case t("Submit"): + print status(comment_save(check_input($id), $edit)); + print comment_overview(); + break; + default: + print comment_overview(); + } + } + else { + print message_access(); } } -- cgit v1.2.3