From 72065fb8351b54eee5f1928c18e06ad81aa9b502 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Wed, 20 Jun 2001 20:00:40 +0000 Subject: - Added a brand-new access.module which allows you to manage 'roles' (groups) and 'permissions' ... (inspired by Zope's system). + Once installed, click the help-link for more information. + See updates/2.00-to-x.xx.sql for the SQL updates. - Modified loads of code to use our new access.module. The system still has to mature though: new permissions have to be added and existing permissions need stream-lining. Awaiting suggestions. - As a direct result of the new access system, I had to rewrite the way the top-level links in admin.php are rendered and displayed, and xhtml-ified admin.php while I was at it. TODO - Home-brewed modules need updating, home-brewed themes not. (Examples: file.module, trip_link.module) - As soon we *finished* the refactoring of the user system (KJ has been working on this refactoring already) we should consider to embed this role and permission code into account.module ... --- node.php | 98 +++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 53 insertions(+), 45 deletions(-) (limited to 'node.php') diff --git a/node.php b/node.php index dae4683b9..6bbeed207 100644 --- a/node.php +++ b/node.php @@ -5,56 +5,64 @@ include_once "includes/common.inc"; page_header(); function node_render($node) { - global $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF; + global $user, $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF; - if ($node->comment) { - switch($op) { - case t("Preview comment"): - $theme->header(); - comment_preview($edit); - $theme->footer(); - break; - case t("Post comment"): - comment_post($edit); - $theme->header(); - node_view($node); - comment_render($edit[id], $cid); - $theme->footer(); - break; - case t("Add comment"): - $theme->header(); - comment_reply(check_input($cid), check_input($id)); - $theme->footer(); - break; - case "reply": - $theme->header(); - comment_reply(check_input($pid), check_input($id)); - $theme->footer(); - break; - case t("Update settings"): - comment_settings(check_input($mode), check_input($order), check_input($threshold)); - $theme->header(); - node_view($node); - comment_render($id, $cid); - $theme->footer(); - break; - case t("Moderate comments"): - comment_moderate($moderate); - $theme->header(); - node_view($node); - comment_render($id, $cid); - $theme->footer(); - break; - default: - $theme->header(); - node_view($node); - comment_render($id, $cid); - $theme->footer(); + if (user_access($node, "view content")) { + + if ($node->comment) { + switch($op) { + case t("Preview comment"): + $theme->header(); + comment_preview($edit); + $theme->footer(); + break; + case t("Post comment"): + comment_post($edit); + $theme->header(); + node_view($node); + comment_render($edit[id], $cid); + $theme->footer(); + break; + case t("Add comment"): + $theme->header(); + comment_reply(check_input($cid), check_input($id)); + $theme->footer(); + break; + case "reply": + $theme->header(); + comment_reply(check_input($pid), check_input($id)); + $theme->footer(); + break; + case t("Update settings"): + comment_settings(check_input($mode), check_input($order), check_input($threshold)); + $theme->header(); + node_view($node); + comment_render($id, $cid); + $theme->footer(); + break; + case t("Moderate comments"): + comment_moderate($moderate); + $theme->header(); + node_view($node); + comment_render($id, $cid); + $theme->footer(); + break; + default: + $theme->header(); + node_view($node); + comment_render($id, $cid); + $theme->footer(); + } + } + else { + $theme->header(); + node_view($node); + $theme->footer(); } } else { $theme->header(); - node_view($node); + $theme->box(t("Access denied"), message_access()); $theme->footer(); } } -- cgit v1.2.3