From 72065fb8351b54eee5f1928c18e06ad81aa9b502 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Wed, 20 Jun 2001 20:00:40 +0000 Subject: - Added a brand-new access.module which allows you to manage 'roles' (groups) and 'permissions' ... (inspired by Zope's system). + Once installed, click the help-link for more information. + See updates/2.00-to-x.xx.sql for the SQL updates. - Modified loads of code to use our new access.module. The system still has to mature though: new permissions have to be added and existing permissions need stream-lining. Awaiting suggestions. - As a direct result of the new access system, I had to rewrite the way the top-level links in admin.php are rendered and displayed, and xhtml-ified admin.php while I was at it. TODO - Home-brewed modules need updating, home-brewed themes not. (Examples: file.module, trip_link.module) - As soon we *finished* the refactoring of the user system (KJ has been working on this refactoring already) we should consider to embed this role and permission code into account.module ... --- modules/diary.module | 114 ++++++++++++++++++++++++++++----------------------- 1 file changed, 62 insertions(+), 52 deletions(-) (limited to 'modules/diary.module') diff --git a/modules/diary.module b/modules/diary.module index 9cfb21c47..a186161ce 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -1,10 +1,14 @@ "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp); + $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "edit diary entries") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp); } return $find; @@ -13,25 +17,31 @@ function diary_search($keys) { function diary_page_overview($num = 20) { global $theme, $user; - $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num"); - - while ($diary = db_fetch_object($result)) { - if ($time != date("F jS", $diary->timestamp)) { - $output .= "". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."\n"; - $time = date("F jS", $diary->timestamp); + if (user_access($user, "view diary entries")) { + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num"); + + while ($diary = db_fetch_object($result)) { + if ($time != date("F jS", $diary->timestamp)) { + $output .= "". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."\n"; + $time = date("F jS", $diary->timestamp); + } + $output .= "
\n"; + $output .= "

$diary->userid ". t("wrote") .":

\n"; + $output .= "
\n"; + $output .= "

". check_output($diary->text, 1) ."

[ userid\">". t("more") ." ]

\n"; + $output .= "
\n"; + $output .= "
\n"; } - $output .= "
\n"; - $output .= "

$diary->userid ". t("wrote") .":

\n"; - $output .= "
\n"; - $output .= "

". check_output($diary->text, 1) ."

[ userid\">". t("more") ." ]

\n"; - $output .= "
\n"; - $output .= "
\n"; - } - - $theme->header(); - $theme->box(t("Online diary"), $output); - $theme->footer(); + $theme->header(); + $theme->box(t("Online diary"), $output); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function diary_page_entry($timestamp, $text, $id = 0) { @@ -177,7 +187,7 @@ function diary_page() { diary_page_delete(check_input($id)); diary_page_display(check_input($name)); break; - case "edit": + case "edit": diary_page_edit(check_input($id)); break; case "view": @@ -299,40 +309,40 @@ function diary_admin_display($order = "date") { function diary_admin() { - global $op, $id, $mod, $keys, $text, $order; - - print "overview | search diary | help
\n"; - - switch ($op) { - case "delete": - diary_admin_delete(check_input($id)); - diary_admin_display(); - break; - case "edit": - diary_admin_edit(check_input($id)); - break; - case "help": - diary_help(); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case "Save diary entry": - diary_admin_save(check_input($id), check_input($text)); - diary_admin_display(); - break; - case "Update": - diary_admin_display(check_input($order)); - break; - default: - diary_admin_display(); + global $user, $op, $id, $mod, $keys, $text, $order; + + if (user_access($user, "edit diary entries")) { + + print "overview | search diary | help
\n"; + + switch ($op) { + case "delete": + diary_admin_delete(check_input($id)); + diary_admin_display(); + break; + case "edit": + diary_admin_edit(check_input($id)); + break; + case "help": + diary_help(); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case "Save diary entry": + diary_admin_save(check_input($id), check_input($text)); + diary_admin_display(); + break; + case "Update": + diary_admin_display(check_input($order)); + break; + default: + diary_admin_display(); + } } -} - -function diary_export($uri) { - if ($uri[2] == "diary") { - print "TODO: export diary for user $uri[3]"; + else { + print message_access(); } } -- cgit v1.2.3