From 23ca7a2d8832aa16107cf7002c35170ae2b87a1c Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Thu, 1 Nov 2001 17:04:20 +0000 Subject: - Another batch of updates/improvements: + introduced basic node permissions ("create", "delete", "update" and "view") at the node level: it's up to the "<$node->type>_module" to hide gory details (if any). + made the "blog it"-feature in the blog and import module work with the new node system, in specific with the new centralized forms. + made it possible to update blogs. + made the page module work with the new node system. + various smaller improvements. --- modules/node/node.module | 151 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 104 insertions(+), 47 deletions(-) (limited to 'modules/node/node.module') diff --git a/modules/node/node.module b/modules/node/node.module index bf388d76a..c239d9868 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -14,6 +14,30 @@ function node_help() { } } +function node_access($op, $node = 0) { + + /* + ** Convert the node to an object if necessary: + */ + + if (is_array($node)) { + $node = node_object($node); + } + + /* + ** Construct a function: + */ + + $function = $node->type ."_access"; + + if (function_exists($function)) { + return $function($op, $node); + } + else { + return 0; + } +} + function node_perm() { return array("administer nodes", "access content", "post content"); } @@ -375,7 +399,7 @@ function node_form($edit) { $output .= form_submit(t("Submit")); } - if ($edit->nid && user_access("administer nodes")) { + if ($edit->nid && node_access("delete", $edit)) { $output .= form_submit(t("Delete")); } @@ -407,15 +431,13 @@ function node_add($type) { } else { // TODO: make building a node list generic and find an easy way to associate post permissions with them - if (user_access("adminster nodes")) { - $nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story", "page" => "static page", "forum" => "discussion forum"); - } - else { - $nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story"); - } - foreach ($nodes as $type => $name) { - $links[] = "". t($name) .""; + $links = array(); + + foreach (module_list() as $name) { + if (($info = module_invoke($name, "node", "name")) && node_access("create", array("type" => $name))) { + $links[] = "". t($info) .""; + } } $output .= sprintf(t("Submit a %s."), implode(", ", $links)); @@ -430,7 +452,14 @@ function node_edit($id) { $node = node_load(array("nid" => $id)); // TODO: make this generic for all node types - temporary solution - return node_form($node); + if (node_access("update", $node)) { + $output = node_form($node); + } + else { + $output = message_access(); + } + + return $output; } function node_preview($edit) { @@ -465,7 +494,7 @@ function node_preview($edit) { return node_form($edit); } -function node_submit($edit) { +function node_submit($node) { global $user; @@ -473,51 +502,68 @@ function node_submit($edit) { ** Fixup the node when required: */ - node_fixup(&$edit); + node_fixup(&$node); + + if ($node->nid) { - if ($edit->nid) { /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when updating a node. + ** Check whether the current user has the proper access rights to + ** perform this operation: */ - if (user_access("administer nodes")) { - $fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $edit->type); + if (node_access("update", $node)) { + + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when updating a node. + */ + + if (user_access("administer nodes")) { + $fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $node->type); + } + else { + $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type); + } + + node_save($node, array_merge($fields, module_invoke($node->type, "save", $node))); + + $output = t("The node has been updated."); } else { - $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $edit->type); + watchdog("warning", "node: not authorized to update node"); + $output = t("You are not authorized to update this node."); } - $output = t("The node has been updated."); } else { + /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when inserting a new node. + ** Check whether the current user has the proper access rights to + ** perform this operation: */ - if (user_access("administer nodes")) { - $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $edit->type); - } - else { - $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $edit->type); - } + if (node_access("create", $node)) { - $output = t("Thanks for your submission."); - } + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when inserting a new node. + */ - /* - ** Check whether we are allowed to save the node and if so, whether - ** there are more default values to add. - */ + if (user_access("administer nodes")) { + $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type); + } + else { + $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type); + } - $defaults = module_invoke($edit->type, "save", $edit); + node_save($node, array_merge($fields, module_invoke($node->type, "save", $node))); - if (is_array($defaults)) { - node_save($edit, array_merge($fields, $defaults)); - } - else { - $output = t("Could not save or process the specified submission."); + $output = t("Thanks for your submission."); + } + else { + watchdog("warning", "node: not authorized to create node"); + $output = t("You are not authorized to create this node."); + } } return $output; @@ -525,17 +571,25 @@ function node_submit($edit) { function node_remove($edit) { - if ($edit["confirm"]) { - node_delete(array(nid => $edit["nid"])); + $node = node_load(array("nid" => $edit["nid"])); + + if (node_access("delete", $node)) { + if ($edit["confirm"]) { + node_delete($node); - $output = node_admin_nodes(); + $output = t("The node has been deleted."); + } + else { + $output .= form_item(t("Confirm removal of"), check_output($node->title)); + $output .= form_hidden("nid", $node->nid); + $output .= form_hidden("confirm", 1); + $output .= form_submit(t("Delete")); + $output = form($output, "post", "admin.php?mod=node"); + } } else { - $output .= form_item(t("Confirm removal of"), check_output($edit["title"])); - $output .= form_hidden("nid", $edit["nid"]); - $output .= form_hidden("confirm", 1); - $output .= form_submit(t("Delete")); - $output = form($output, "post", "admin.php?mod=node"); + watchdog("warning", "node: not authorized to remove node"); + $output = t("You are not authorized to remove this node."); } return $output; @@ -564,6 +618,9 @@ function node_page() { case t("Submit"): $theme->box(t("Node"), node_submit($edit)); break; + case t("Delete"): + print node_remove($edit); + break; default: $result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '1' AND created <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY created DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10))); while ($node = db_fetch_object($result)) { -- cgit v1.2.3