From 7c34f8f4cf526e6053e4c9d2e5265e2b4b0ec23b Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Wed, 20 Jun 2001 20:24:46 +0000 Subject: - Added a brand-new access.module which allows you to manage 'roles' (groups) and 'permissions' ... (inspired by Zope's system). + Once installed, click the help-link for more information. + See updates/2.00-to-x.xx.sql for the SQL updates. - Modified loads of code to use our new access.module. The system still has to mature though: new permissions have to be added and existing permissions need stream-lining. Awaiting suggestions. - As a direct result of the new access system, I had to rewrite the way the top-level links in admin.php are rendered and displayed, and xhtml-ified admin.php while I was at it. TODO - Home-brewed modules need updating, home-brewed themes not. (Examples: file.module, trip_link.module) - As soon we *finished* the refactoring of the user system (KJ has been working on this refactoring already) we should consider to embed this role and permission code into account.module ... --- modules/access.module | 167 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 modules/access.module (limited to 'modules') diff --git a/modules/access.module b/modules/access.module new file mode 100644 index 000000000..1b7d614c5 --- /dev/null +++ b/modules/access.module @@ -0,0 +1,167 @@ + +

Roles

+

Users have roles that define what kinds of actions they can take. Roles define classes of users such as anonymous user, authenticated user, moderator, administrator and so on. Every user can have one role.

+

Roles make it easier for you to manage security. Instead of defining what every single user can do, you can simply set a couple different permissions for different user roles.

+

Drupal comes with three built-in roles:

+ +

For basic Drupal sites you can get by with anonymous user and authenticated user but for more complex sites where you want other users to be able to perform maintainance or administrative duties, you may want to create your own roles to classify your users into different groups.

+ +

Permissions

+

Each Drupal's permission describes a fine-grained logical operation such as access administration pages or add and modify user accounts. You could say a permission represents access granted to a user to perform a set of operations.

+ +

Access control

+

Roles tie users to permissions. The combination of roles and permissions represent a way to tie user authorization to the performance of actions, which is how Drupal can determine what users can do.

+ name] = $role->name; + } + return $roles; +} + +function access_role_form($edit = array()) { + global $REQUEST_URI; + + $form .= form_textfield("Role name", "name", $edit[name], 50, 64, "The name for this role. Example: 'moderator', 'editorial board', 'site architect'."); + $form .= form_submit("Submit"); + + if ($edit[rid]) { + $form .= form_submit(t("Delete")); + $form .= form_hidden("rid", $edit[rid]); + } + + return form($REQUEST_URI, $form); +} + +function access_role_save($edit) { + if ($edit[rid] && $edit[name]) { + db_query("UPDATE role SET name = '". check_input($edit[name]) ."' WHERE rid = '$edit[rid]'"); + } + else if ($edit[rid]) { + db_query("DELETE FROM role WHERE rid = '". check_input($edit[rid]) ."'"); + } + else { + db_query("INSERT INTO role (name) VALUES ('". check_input($edit[name]) ."')"); + } +} + +function access_role_view() { + $result = db_query("SELECT * FROM role ORDER BY name"); + $output .= "\n"; + $output .= " \n"; + while ($role = db_fetch_object($result)) { + $output .= "\n"; + } + $output .= "
nameoperations
". check_output($role->name) ."rid\">edit role
\n"; + + return $output; +} + +function access_perm_form() { + global $REQUEST_URI; + + // Compile permission array: + foreach (module_list() as $name) { + if (module_hook($name, "perm")) { + $perms = array_merge($perms, module_invoke($name, "perm")); + } + } + asort($perms); + + // Compile role array: + $result = db_query("SELECT * FROM role ORDER BY name"); + while ($role = db_fetch_object($result)) $roles[$role->name] = $role->perm; + + // Render roles / permission table: + $output .= "\n"; + $output .= " \n"; + foreach ($perms as $perm) { + $output .= " \n"; + $output .= " \n"; + foreach ($roles as $name => $value) { + $output .= " \n"; + } + $output .= " \n"; + } + $output .= "
 ". implode("", array_keys($roles)) ."
". check_output($perm) ."
\n"; + $output .= form_submit("Save permissions"); + + return form($REQUEST_URI, $output); +} + +function access_perm_save($edit) { + $result = db_query("SELECT * FROM role"); + while ($role = db_fetch_object($result)) { + $perm = $edit[$role->name] ? implode(", ", array_keys($edit[$role->name])) : ""; + db_query("UPDATE role SET perm = '$perm' WHERE name = '$role->name'"); + } + + return "permissions have been saved."; +} + +function access_default() { + $role = db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user'")); + if (!$role) db_query("INSERT INTO role (name) VALUES ('anonymous user')"); + + $role = db_fetch_object(db_query("SELECT * FROM role WHERE name = 'authenticated user'")); + if (!$role) db_query("INSERT INTO role (name) VALUES ('authenticated user')"); +} + +function access_admin() { + global $user, $edit, $op, $id; + + if (user_access($user, "edit roles and permissions")) { + + print "add new role | role overview | permission overview | help
\n"; + + access_default(); + + switch ($op) { + case "add": + print access_role_form(); + break; + case "edit": + print access_role_form(access_get_role($id)); + break; + case "help": + print access_help(); + break; + case "Delete": + $edit[name] = 0; + // fall through: + case "Submit": + print status(access_role_save($edit)); + // fall through: + case "role": + print access_role_view(); + break; + case "Save permissions": + print status(access_perm_save($edit)); + // fall through: + default: + print access_perm_form(); + } + } + else { + print message_access(); + } +} + +?> \ No newline at end of file -- cgit v1.2.3