diff options
| author | Dries Buytaert <dries@buytaert.net> | 2008-04-23 20:01:56 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2008-04-23 20:01:56 +0000 |
| commit | 21576021bfe440a0a02b0c179440f00e7182d321 (patch) | |
| tree | acc3e15e529a4d07827992561dc8053360f61e35 | |
| parent | 63406e5268e564acb83078eb3beb1abdfefee0ec (diff) | |
| download | brdo-21576021bfe440a0a02b0c179440f00e7182d321.tar.gz brdo-21576021bfe440a0a02b0c179440f00e7182d321.tar.bz2 | |
- Patch #249546 by pwolanin: rip menu access inheritance -- was already committed to D6.
| -rw-r--r-- | includes/menu.inc | 7 | ||||
| -rw-r--r-- | modules/aggregator/aggregator.module | 1 | ||||
| -rw-r--r-- | modules/block/block.module | 4 | ||||
| -rw-r--r-- | modules/blog/blog.module | 26 | ||||
| -rw-r--r-- | modules/comment/comment.module | 1 | ||||
| -rw-r--r-- | modules/contact/contact.module | 4 | ||||
| -rw-r--r-- | modules/dblog/dblog.module | 5 | ||||
| -rw-r--r-- | modules/filter/filter.module | 4 | ||||
| -rw-r--r-- | modules/forum/forum.module | 6 | ||||
| -rw-r--r-- | modules/locale/locale.module | 9 | ||||
| -rw-r--r-- | modules/menu/menu.module | 8 | ||||
| -rw-r--r-- | modules/node/node.module | 5 | ||||
| -rw-r--r-- | modules/openid/openid.module | 2 | ||||
| -rw-r--r-- | modules/path/path.module | 2 | ||||
| -rw-r--r-- | modules/profile/profile.module | 12 | ||||
| -rw-r--r-- | modules/search/search.module | 1 | ||||
| -rw-r--r-- | modules/simpletest/test_case.php | 102 | ||||
| -rw-r--r-- | modules/syslog/syslog.module | 1 | ||||
| -rw-r--r-- | modules/system/system.module | 17 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.module | 4 | ||||
| -rw-r--r-- | modules/tracker/tracker.module | 24 | ||||
| -rw-r--r-- | modules/trigger/trigger.module | 4 | ||||
| -rw-r--r-- | modules/user/user.module | 17 |
23 files changed, 195 insertions, 71 deletions
diff --git a/includes/menu.inc b/includes/menu.inc index 914f5c8f1..d26a0eef6 100644 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -2275,9 +2275,10 @@ function _menu_router_build($callbacks) { if (!isset($item['tab_root']) && !$parent['_tab']) { $item['tab_root'] = $parent_path; } - // If a callback is not found, we try to find the first parent that - // has a callback. - if (!isset($item['access callback']) && isset($parent['access callback'])) { + // If an access callback is not found for a default local task we use + // the callback from the parent, since we expect them to be identical. + // In all other cases, the access parameters must be specified. + if (($item['type'] == MENU_DEFAULT_LOCAL_TASK) && !isset($item['access callback']) && isset($parent['access callback'])) { $item['access callback'] = $parent['access callback']; if (!isset($item['access arguments']) && isset($parent['access arguments'])) { $item['access arguments'] = $parent['access arguments']; diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index 7b749ec28..d9af23b27 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -201,6 +201,7 @@ function aggregator_menu() { $items['aggregator/sources/%aggregator_feed'] = array( 'page callback' => 'aggregator_page_source', 'page arguments' => array(2), + 'access arguments' => array('access news feeds'), 'type' => MENU_CALLBACK, 'file' => 'aggregator.pages.inc', ); diff --git a/modules/block/block.module b/modules/block/block.module index 3d4a94450..ba1257a06 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -130,6 +130,7 @@ function block_menu() { $items['admin/build/block/list/js'] = array( 'title' => 'JavaScript List Form', 'page callback' => 'block_admin_display_js', + 'access arguments' => array('administer blocks'), 'type' => MENU_CALLBACK, 'file' => 'block.admin.inc', ); @@ -137,6 +138,7 @@ function block_menu() { 'title' => 'Configure block', 'page callback' => 'drupal_get_form', 'page arguments' => array('block_admin_configure'), + 'access arguments' => array('administer blocks'), 'type' => MENU_CALLBACK, 'file' => 'block.admin.inc', ); @@ -144,6 +146,7 @@ function block_menu() { 'title' => 'Delete block', 'page callback' => 'drupal_get_form', 'page arguments' => array('block_box_delete'), + 'access arguments' => array('administer blocks'), 'type' => MENU_CALLBACK, 'file' => 'block.admin.inc', ); @@ -151,6 +154,7 @@ function block_menu() { 'title' => 'Add block', 'page callback' => 'drupal_get_form', 'page arguments' => array('block_add_block_form'), + 'access arguments' => array('administer blocks'), 'type' => MENU_LOCAL_TASK, 'file' => 'block.admin.inc', ); diff --git a/modules/blog/blog.module b/modules/blog/blog.module index d483d48f9..884b3745b 100644 --- a/modules/blog/blog.module +++ b/modules/blog/blog.module @@ -140,19 +140,20 @@ function blog_menu() { 'type' => MENU_SUGGESTED_ITEM, 'file' => 'blog.pages.inc', ); - $items['blog/%user_current'] = array( + $items['blog/%user_uid_optional'] = array( 'title' => 'My blog', 'page callback' => 'blog_page_user', 'page arguments' => array(1), - 'access callback' => 'user_access', - 'access arguments' => array('create blog content', 1), + 'access callback' => 'blog_page_user_access', + 'access arguments' => array(1), 'file' => 'blog.pages.inc', ); $items['blog/%user/feed'] = array( 'title' => 'Blogs', 'page callback' => 'blog_feed_user', 'page arguments' => array(1), - 'access arguments' => array('access content'), + 'access callback' => 'blog_page_user_access', + 'access arguments' => array(1), 'type' => MENU_CALLBACK, 'file' => 'blog.pages.inc', ); @@ -168,6 +169,23 @@ function blog_menu() { } /** + * Access callback for user blog pages. + */ +function blog_page_user_access($account) { + // The visitor must be able to access the site's content. + // For a blog to 'exist' the user must either be able to + // create new blog entries, or it must have existing posts. + return $account->uid && user_access('access content') && (user_access('create blog entries', $account) || _blog_post_exists($account)); +} + +/** + * Helper function to determine if a user has blog posts already. + */ +function _blog_post_exists($account) { + return (bool)db_result(db_query_range(db_rewrite_sql("SELECT 1 FROM {node} n WHERE n.type = 'blog' AND n.uid = %d AND n.status = 1"), $account->uid, 0, 1)); +} + +/** * Implementation of hook_block(). * * Displays the most recent 10 blog titles. diff --git a/modules/comment/comment.module b/modules/comment/comment.module index feb069c94..05fe9a11e 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -188,6 +188,7 @@ function comment_menu() { $items['admin/content/comment/approval'] = array( 'title' => 'Approval queue', 'page arguments' => array('approval'), + 'access arguments' => array('administer comments'), 'type' => MENU_LOCAL_TASK, 'file' => 'comment.admin.inc', ); diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 94ebc0922..867f77109 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -63,6 +63,7 @@ function contact_menu() { 'title' => 'Add category', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_edit', 3), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_LOCAL_TASK, 'weight' => 1, 'file' => 'contact.admin.inc', @@ -71,6 +72,7 @@ function contact_menu() { 'title' => 'Edit contact category', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_edit', 3, 4), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_CALLBACK, 'file' => 'contact.admin.inc', ); @@ -78,6 +80,7 @@ function contact_menu() { 'title' => 'Delete contact', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_delete', 4), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_CALLBACK, 'file' => 'contact.admin.inc', ); @@ -85,6 +88,7 @@ function contact_menu() { 'title' => 'Settings', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_settings'), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_LOCAL_TASK, 'weight' => 2, 'file' => 'contact.admin.inc', diff --git a/modules/dblog/dblog.module b/modules/dblog/dblog.module index 0fb1d093c..f5d74c4b4 100644 --- a/modules/dblog/dblog.module +++ b/modules/dblog/dblog.module @@ -47,6 +47,7 @@ function dblog_menu() { 'description' => 'Settings for logging to the Drupal database logs. This is the most common method for small to medium sites on shared hosting. The logs are viewable from the admin pages.', 'page callback' => 'drupal_get_form', 'page arguments' => array('dblog_admin_settings'), + 'access arguments' => array('administer site configuration'), 'file' => 'dblog.admin.inc', ); @@ -54,6 +55,7 @@ function dblog_menu() { 'title' => 'Recent log entries', 'description' => 'View events that have recently been logged.', 'page callback' => 'dblog_overview', + 'access arguments' => array('access site reports'), 'weight' => -1, 'file' => 'dblog.admin.inc', ); @@ -62,6 +64,7 @@ function dblog_menu() { 'description' => "View 'page not found' errors (404s).", 'page callback' => 'dblog_top', 'page arguments' => array('page not found'), + 'access arguments' => array('access site reports'), 'file' => 'dblog.admin.inc', ); $items['admin/reports/access-denied'] = array( @@ -69,12 +72,14 @@ function dblog_menu() { 'description' => "View 'access denied' errors (403s).", 'page callback' => 'dblog_top', 'page arguments' => array('access denied'), + 'access arguments' => array('access site reports'), 'file' => 'dblog.admin.inc', ); $items['admin/reports/event/%'] = array( 'title' => 'Details', 'page callback' => 'dblog_event', 'page arguments' => array(3), + 'access arguments' => array('access site reports'), 'type' => MENU_CALLBACK, 'file' => 'dblog.admin.inc', ); diff --git a/modules/filter/filter.module b/modules/filter/filter.module index 98bbba41b..10a99a644 100644 --- a/modules/filter/filter.module +++ b/modules/filter/filter.module @@ -82,6 +82,7 @@ function filter_menu() { $items['admin/settings/filters/add'] = array( 'title' => 'Add input format', 'page callback' => 'filter_admin_format_page', + 'access arguments' => array('administer filters'), 'type' => MENU_LOCAL_TASK, 'weight' => 1, 'file' => 'filter.admin.inc', @@ -90,6 +91,7 @@ function filter_menu() { 'title' => 'Delete input format', 'page callback' => 'drupal_get_form', 'page arguments' => array('filter_admin_delete'), + 'access arguments' => array('administer filters'), 'type' => MENU_CALLBACK, 'file' => 'filter.admin.inc', ); @@ -120,6 +122,7 @@ function filter_menu() { 'title' => 'Configure', 'page callback' => 'filter_admin_configure_page', 'page arguments' => array(3), + 'access arguments' => array('administer filters'), 'type' => MENU_LOCAL_TASK, 'weight' => 1, 'file' => 'filter.admin.inc', @@ -128,6 +131,7 @@ function filter_menu() { 'title' => 'Rearrange', 'page callback' => 'filter_admin_order_page', 'page arguments' => array(3), + 'access arguments' => array('administer filters'), 'type' => MENU_LOCAL_TASK, 'weight' => 2, 'file' => 'filter.admin.inc', diff --git a/modules/forum/forum.module b/modules/forum/forum.module index 16cda7bd9..f2e391d61 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -106,6 +106,7 @@ function forum_menu() { 'title' => 'Add container', 'page callback' => 'forum_form_main', 'page arguments' => array('container'), + 'access arguments' => array('administer forums'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/forum', 'file' => 'forum.admin.inc', @@ -114,6 +115,7 @@ function forum_menu() { 'title' => 'Add forum', 'page callback' => 'forum_form_main', 'page arguments' => array('forum'), + 'access arguments' => array('administer forums'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/forum', 'file' => 'forum.admin.inc', @@ -122,6 +124,7 @@ function forum_menu() { 'title' => 'Settings', 'page callback' => 'drupal_get_form', 'page arguments' => array('forum_admin_settings'), + 'access arguments' => array('administer forums'), 'weight' => 5, 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/forum', @@ -129,6 +132,7 @@ function forum_menu() { ); $items['admin/content/forum/edit/%forum_term'] = array( 'page callback' => 'forum_form_main', + 'access arguments' => array('administer forums'), 'type' => MENU_CALLBACK, 'file' => 'forum.admin.inc', ); @@ -136,6 +140,7 @@ function forum_menu() { 'title' => 'Edit container', 'page callback' => 'forum_form_main', 'page arguments' => array('container', 5), + 'access arguments' => array('administer forums'), 'type' => MENU_CALLBACK, 'file' => 'forum.admin.inc', ); @@ -143,6 +148,7 @@ function forum_menu() { 'title' => 'Edit forum', 'page callback' => 'forum_form_main', 'page arguments' => array('forum', 5), + 'access arguments' => array('administer forums'), 'type' => MENU_CALLBACK, 'file' => 'forum.admin.inc', ); diff --git a/modules/locale/locale.module b/modules/locale/locale.module index 47c77204b..165cc5215 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -99,6 +99,7 @@ function locale_menu() { 'title' => 'Add language', 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_languages_add_screen'), // two forms concatenated + 'access arguments' => array('administer languages'), 'weight' => 5, 'type' => MENU_LOCAL_TASK, ); @@ -106,6 +107,7 @@ function locale_menu() { 'title' => 'Configure', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_languages_configure_form'), + 'access arguments' => array('administer languages'), 'weight' => 10, 'type' => MENU_LOCAL_TASK, ); @@ -113,12 +115,14 @@ function locale_menu() { 'title' => 'Edit language', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_languages_edit_form', 4), + 'access arguments' => array('administer languages'), 'type' => MENU_CALLBACK, ); $items['admin/settings/language/delete/%'] = array( 'title' => 'Confirm', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_languages_delete_form', 4), + 'access arguments' => array('administer languages'), 'type' => MENU_CALLBACK, ); @@ -141,11 +145,13 @@ function locale_menu() { 'type' => MENU_LOCAL_TASK, 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_translate_seek_screen'), // search results and form concatenated + 'access arguments' => array('translate interface'), ); $items['admin/build/translate/import'] = array( 'title' => 'Import', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_translate_import_form'), + 'access arguments' => array('translate interface'), 'weight' => 20, 'type' => MENU_LOCAL_TASK, ); @@ -153,6 +159,7 @@ function locale_menu() { 'title' => 'Export', 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_translate_export_screen'), // possibly multiple forms concatenated + 'access arguments' => array('translate interface'), 'weight' => 30, 'type' => MENU_LOCAL_TASK, ); @@ -160,12 +167,14 @@ function locale_menu() { 'title' => 'Edit string', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_translate_edit_form', 4), + 'access arguments' => array('translate interface'), 'type' => MENU_CALLBACK, ); $items['admin/build/translate/delete/%'] = array( 'title' => 'Delete string', 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_translate_delete', 4), // directly deletes, no confirmation + 'access arguments' => array('translate interface'), 'type' => MENU_CALLBACK, ); diff --git a/modules/menu/menu.module b/modules/menu/menu.module index a4fd8584d..a9b1fd043 100644 --- a/modules/menu/menu.module +++ b/modules/menu/menu.module @@ -65,6 +65,7 @@ function menu_menu() { 'title' => 'Add menu', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_menu', 'add'), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'file' => 'menu.admin.inc', ); @@ -72,6 +73,7 @@ function menu_menu() { 'title' => 'Settings', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_configure'), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'weight' => 5, 'file' => 'menu.admin.inc', @@ -96,6 +98,7 @@ function menu_menu() { 'title' => 'Add item', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_item', 'add', NULL, 3), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'file' => 'menu.admin.inc', ); @@ -103,6 +106,7 @@ function menu_menu() { 'title' => 'Edit menu', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_menu', 'edit', 3), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'file' => 'menu.admin.inc', ); @@ -110,6 +114,7 @@ function menu_menu() { 'title' => 'Delete menu', 'page callback' => 'menu_delete_menu_page', 'page arguments' => array(3), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); @@ -117,6 +122,7 @@ function menu_menu() { 'title' => 'Edit menu item', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_item', 'edit', 4, NULL), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); @@ -124,6 +130,7 @@ function menu_menu() { 'title' => 'Reset menu item', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_reset_item_confirm', 4), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); @@ -131,6 +138,7 @@ function menu_menu() { 'title' => 'Delete menu item', 'page callback' => 'menu_item_delete_page', 'page arguments' => array(4), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); diff --git a/modules/node/node.module b/modules/node/node.module index 73d5f334c..bfa6c8cda 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -1459,6 +1459,7 @@ function node_menu() { 'title' => 'Add content type', 'page callback' => 'drupal_get_form', 'page arguments' => array('node_type_form'), + 'access arguments' => array('administer content types'), 'file' => 'content_types.inc', 'type' => MENU_LOCAL_TASK, ); @@ -1497,6 +1498,7 @@ function node_menu() { 'title' => $type->name, 'page callback' => 'drupal_get_form', 'page arguments' => array('node_type_form', $type), + 'access arguments' => array('administer content types'), 'file' => 'content_types.inc', 'type' => MENU_CALLBACK, ); @@ -1507,6 +1509,7 @@ function node_menu() { $items['admin/content/node-type/' . $type_url_str . '/delete'] = array( 'title' => 'Delete', 'page arguments' => array('node_type_delete_confirm', $type), + 'access arguments' => array('administer content types'), 'file' => 'content_types.inc', 'type' => MENU_CALLBACK, ); @@ -1557,6 +1560,8 @@ function node_menu() { 'load arguments' => array(3), 'page callback' => 'node_show', 'page arguments' => array(1, NULL, TRUE), + 'access callback' => '_node_revision_access', + 'access arguments' => array(1), 'type' => MENU_CALLBACK, ); $items['node/%node/revisions/%/revert'] = array( diff --git a/modules/openid/openid.module b/modules/openid/openid.module index 88dfaa8df..b3a515c99 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -30,6 +30,8 @@ function openid_menu() { 'title' => 'Delete OpenID', 'page callback' => 'openid_user_delete', 'page arguments' => array(1), + 'access callback' => 'user_edit_access', + 'access arguments' => array(1), 'type' => MENU_CALLBACK, 'file' => 'openid.pages.inc', ); diff --git a/modules/path/path.module b/modules/path/path.module index ac66faedd..49ea6c000 100644 --- a/modules/path/path.module +++ b/modules/path/path.module @@ -43,6 +43,7 @@ function path_menu() { $items['admin/build/path/edit'] = array( 'title' => 'Edit alias', 'page callback' => 'path_admin_edit', + 'access arguments' => array('administer url aliases'), 'type' => MENU_CALLBACK, 'file' => 'path.admin.inc', ); @@ -50,6 +51,7 @@ function path_menu() { 'title' => 'Delete alias', 'page callback' => 'drupal_get_form', 'page arguments' => array('path_admin_delete_confirm'), + 'access arguments' => array('administer url aliases'), 'type' => MENU_CALLBACK, 'file' => 'path.admin.inc', ); diff --git a/modules/profile/profile.module b/modules/profile/profile.module index feecd0a79..6143c61cb 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -95,12 +95,14 @@ function profile_menu() { 'title' => 'Add field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_form'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); $items['admin/user/profile/autocomplete'] = array( 'title' => 'Profile category autocomplete', 'page callback' => 'profile_admin_settings_autocomplete', + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -108,6 +110,7 @@ function profile_menu() { 'title' => 'Edit field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_form'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -115,6 +118,7 @@ function profile_menu() { 'title' => 'Delete field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_delete'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -454,7 +458,7 @@ function profile_categories() { 'title' => $category->category, 'weight' => 3, 'access callback' => 'profile_category_access', - 'access arguments' => array($category->category) + 'access arguments' => array(1, $category->category) ); } return $data; @@ -463,12 +467,12 @@ function profile_categories() { /** * Menu item access callback - check if a user has access to a profile category. */ -function profile_category_access($category) { - if (user_access('administer users')) { +function profile_category_access($account, $category) { + if (user_access('administer users') && $account->uid > 0) { return TRUE; } else { - return db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN)); + return user_edit_access($account) && db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN)); } } diff --git a/modules/search/search.module b/modules/search/search.module index 76d5d98c6..f34478260 100644 --- a/modules/search/search.module +++ b/modules/search/search.module @@ -198,6 +198,7 @@ function search_menu() { 'description' => 'View most popular search phrases.', 'page callback' => 'dblog_top', 'page arguments' => array('search'), + 'access arguments' => array('access site reports'), 'file' => 'dblog.admin.inc', 'file path' => drupal_get_path('module', 'dblog'), ); diff --git a/modules/simpletest/test_case.php b/modules/simpletest/test_case.php index b7b724061..fd37658b0 100644 --- a/modules/simpletest/test_case.php +++ b/modules/simpletest/test_case.php @@ -12,7 +12,7 @@ class SimpleTestCase { var $_reporter; var $_observers; var $_should_skip = false; - + /** * Sets up the test with no display. * @param string $label If no test name is given then @@ -24,7 +24,7 @@ class SimpleTestCase { $this->_label = $label; } } - + /** * Accessor for the test name for subclasses. * @return string Name of the test. @@ -33,7 +33,7 @@ class SimpleTestCase { function getLabel() { return $this->_label ? $this->_label : get_class($this); } - + /** * This is a placeholder for skipping tests. In this * method you place skipIf() and skipUnless() calls to @@ -41,12 +41,12 @@ class SimpleTestCase { * @access public */ function skip() {} - + /** * Will issue a message to the reporter and tell the test * case to skip if the incoming flag is true. * @param string $should_skip Condition causing the tests to be skipped. - * @param string $message Text of skip condition. + * @param string $message Text of skip condition. * @access public */ function skipIf($should_skip, $message = '%s') { @@ -56,18 +56,18 @@ class SimpleTestCase { $this->_reporter->paintSkip($message . $this->getAssertionLine()); } } - + /** * Will issue a message to the reporter and tell the test * case to skip if the incoming flag is false. * @param string $shouldnt_skip Condition causing the tests to be run. - * @param string $message Text of skip condition. + * @param string $message Text of skip condition. * @access public */ function skipUnless($shouldnt_skip, $message = false) { $this->skipIf(!$shouldnt_skip, $message); } - + /** * Used to invoke the single tests. * @return SimpleInvoker Individual test runner. @@ -80,7 +80,7 @@ class SimpleTestCase { } return $invoker; } - + /** * Uses reflection to run every method within itself * starting with the string "test" unless a method @@ -117,7 +117,7 @@ class SimpleTestCase { unset($this->_reporter); return $reporter->getStatus(); } - + /** * Gets a list of test names. Normally that will * be all internal methods that start with the @@ -135,7 +135,7 @@ class SimpleTestCase { } return $methods; } - + /** * Tests to see if the method is a test that should * be run. Currently any method that starts with 'test' @@ -150,7 +150,7 @@ class SimpleTestCase { } return false; } - + /** * Announces the start of the test. * @param string $method Test method just started. @@ -160,7 +160,7 @@ class SimpleTestCase { $this->_reporter->paintMethodStart($method); $this->_observers = array(); } - + /** * Sets up unit test wide variables at the start * of each test method. To be overridden in @@ -168,14 +168,14 @@ class SimpleTestCase { * @access public */ function setUp() {} - + /** * Clears the data set in the setUp() method call. * To be overridden by the user in actual user test cases. * @access public */ function tearDown() {} - + /** * Announces the end of the test. Includes private clean up. * @param string $method Test method just finished. @@ -187,7 +187,7 @@ class SimpleTestCase { } $this->_reporter->paintMethodEnd($method); } - + /** * Sets up an observer for the test end. * @param object $observer Must have atTestEnd() @@ -197,7 +197,7 @@ class SimpleTestCase { function tell(&$observer) { $this->_observers[] = &$observer; } - + /** * @deprecated */ @@ -208,7 +208,7 @@ class SimpleTestCase { $this->_reporter->paintPass($message . $this->getAssertionLine(), $group); return TRUE; } - + /** * Sends a fail event with a message. * @param string $message Message to send. @@ -221,7 +221,7 @@ class SimpleTestCase { $this->_reporter->paintFail($message . $this->getAssertionLine(), $group); return FALSE; } - + /** * Formats a PHP error and dispatches it to the * reporter. @@ -237,7 +237,7 @@ class SimpleTestCase { } $this->_reporter->paintError("Unexpected PHP error [$message] severity [$severity] in [$file line $line]"); } - + /** * Formats an exception and dispatches it to the * reporter. @@ -247,7 +247,7 @@ class SimpleTestCase { function exception($exception) { $this->_reporter->paintException($exception); } - + /** * @deprecated */ @@ -257,7 +257,7 @@ class SimpleTestCase { } $this->_reporter->paintSignal($type, $payload); } - + /** * Runs an expectation directly, for extending the * tests with new expectation classes. @@ -277,12 +277,12 @@ class SimpleTestCase { } /** - * @deprecated + * @deprecated */ function assertExpectation(&$expectation, $compare, $message = '%s', $group = 'Other') { return $this->assert($expectation, $compare, $message, $group); } - + /** * Uses a stack trace to find the line of an assertion. * @return string Line number of first assert* @@ -300,7 +300,7 @@ class SimpleTestCase { function sendMessage($message) { $this->_reporter->PaintMessage($message); } - + /** * Accessor for the number of subtests. * @return integer Number of test cases. @@ -316,7 +316,7 @@ class SimpleTestCase { * Helps to extract test cases automatically from a file. */ class SimpleFileLoader { - + /** * Builds a test suite from a library of test cases. * The new suite is composed into this one. @@ -333,7 +333,7 @@ class SimpleFileLoader { $suite = &$this->createSuiteFromClasses($test_file, $classes); return $suite; } - + /** * Calculates the incoming test cases. Skips abstract * and ignored classes. @@ -355,7 +355,7 @@ class SimpleFileLoader { } return $classes; } - + /** * Builds a test suite from a class list. * @param string $title Title of new group. @@ -384,13 +384,13 @@ class SimpleFileLoader { * This is a composite test class for combining * test cases and other RunnableTest classes into * a group test. - * @package SimpleTest - * @subpackage UnitTester + * @package SimpleTest + * @subpackage UnitTester */ class TestSuite { var $_label; var $_test_cases; - + /** * Sets the name of the test suite. * @param string $label Name sent at the start and end @@ -401,7 +401,7 @@ class TestSuite { $this->_label = $label; $this->_test_cases = array(); } - + /** * Accessor for the test name for subclasses. If the suite * wraps a single test case the label defaults to the name of that test. @@ -416,14 +416,14 @@ class TestSuite { return $this->_label; } } - + /** * @deprecated */ function addTestCase(&$test_case) { $this->_test_cases[] = &$test_case; } - + /** * @deprecated */ @@ -435,7 +435,7 @@ class TestSuite { $this->_test_cases[] = $class; } } - + /** * Adds a test into the suite by instance or class. The class will * be instantiated if it's a test suite. @@ -455,14 +455,14 @@ class TestSuite { $this->_test_cases[] = $class; } } - + /** * @deprecated */ function addTestFile($test_file) { $this->addFile($test_file); } - + /** * Builds a test suite from a library of test cases. * The new suite is composed into this one. @@ -474,7 +474,7 @@ class TestSuite { $extractor = new SimpleFileLoader(); $this->add($extractor->load($test_file)); } - + /** * Delegates to a visiting collector to add test * files. @@ -485,7 +485,7 @@ class TestSuite { function collect($path, &$collector) { $collector->collect($this, $path); } - + /** * Invokes run() on all of the held test cases, instantiating * them if necessary. @@ -508,7 +508,7 @@ class TestSuite { $reporter->paintGroupEnd($this->getLabel()); return $reporter->getStatus(); } - + /** * Number of contained test cases. * @return integer Total count of cases in the group. @@ -526,7 +526,7 @@ class TestSuite { } return $count; } - + /** * Test to see if a class is derived from the * SimpleTestCase class. @@ -546,8 +546,8 @@ class TestSuite { } /** - * @package SimpleTest - * @subpackage UnitTester + * @package SimpleTest + * @subpackage UnitTester * @deprecated */ class GroupTest extends TestSuite {} @@ -555,13 +555,13 @@ class GroupTest extends TestSuite {} /** * This is a failing group test for when a test suite hasn't * loaded properly. - * @package SimpleTest - * @subpackage UnitTester + * @package SimpleTest + * @subpackage UnitTester */ class BadTestSuite { var $_label; var $_error; - + /** * Sets the name of the test suite and error message. * @param string $label Name sent at the start and end @@ -572,7 +572,7 @@ class BadTestSuite { $this->_label = $label; $this->_error = $error; } - + /** * Accessor for the test name for subclasses. * @return string Name of the test. @@ -581,7 +581,7 @@ class BadTestSuite { function getLabel() { return $this->_label; } - + /** * Sends a single error to the reporter. * @param SimpleReporter $reporter Current test reporter. @@ -594,7 +594,7 @@ class BadTestSuite { $reporter->paintGroupEnd($this->getLabel()); return $reporter->getStatus(); } - + /** * Number of contained test cases. Always zero. * @return integer Total count of cases in the group. @@ -606,8 +606,8 @@ class BadTestSuite { } /** - * @package SimpleTest - * @subpackage UnitTester + * @package SimpleTest + * @subpackage UnitTester * @deprecated */ class BadGroupTest extends BadTestSuite {} diff --git a/modules/syslog/syslog.module b/modules/syslog/syslog.module index 66df76f0f..b1ad2d41d 100644 --- a/modules/syslog/syslog.module +++ b/modules/syslog/syslog.module @@ -32,6 +32,7 @@ function syslog_menu() { 'description' => 'Settings for syslog logging. Syslog is an operating system administrative logging tool used in systems management and security auditing. Most suited to medium and large sites, syslog provides filtering tools that allow messages to be routed by type and severity.', 'page callback' => 'drupal_get_form', 'page arguments' => array('syslog_admin_settings'), + 'access arguments' => array('administer site configuration'), ); return $items; } diff --git a/modules/system/system.module b/modules/system/system.module index 52c183a5e..21955818a 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -336,18 +336,21 @@ function system_menu() { $items['admin/compact'] = array( 'title' => 'Compact mode', 'page callback' => 'system_admin_compact_page', + 'access arguments' => array('access administration pages'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); $items['admin/by-task'] = array( 'title' => 'By task', 'page callback' => 'system_main_admin_page', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', 'type' => MENU_DEFAULT_LOCAL_TASK, ); $items['admin/by-module'] = array( 'title' => 'By module', 'page callback' => 'system_admin_by_module', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', 'type' => MENU_LOCAL_TASK, 'weight' => 2, @@ -358,6 +361,7 @@ function system_menu() { 'position' => 'left', 'weight' => -10, 'page callback' => 'system_admin_menu_block_page', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', ); @@ -368,6 +372,7 @@ function system_menu() { 'position' => 'right', 'weight' => -5, 'page callback' => 'system_settings_overview', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', ); $items['admin/build'] = array( @@ -376,6 +381,7 @@ function system_menu() { 'position' => 'right', 'weight' => -10, 'page callback' => 'system_admin_menu_block_page', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', ); $items['admin/settings/admin'] = array( @@ -406,6 +412,7 @@ function system_menu() { $items['admin/build/themes/settings'] = array( 'title' => 'Configure', 'page arguments' => array('system_theme_settings'), + 'access arguments' => array('administer site configuration'), 'type' => MENU_LOCAL_TASK, ); // Theme configuration subtabs @@ -440,15 +447,18 @@ function system_menu() { ); $items['admin/build/modules/list/confirm'] = array( 'title' => 'List', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, ); $items['admin/build/modules/uninstall'] = array( 'title' => 'Uninstall', 'page arguments' => array('system_modules_uninstall'), + 'access arguments' => array('administer site configuration'), 'type' => MENU_LOCAL_TASK, ); $items['admin/build/modules/uninstall/confirm'] = array( 'title' => 'Uninstall', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, ); @@ -470,6 +480,7 @@ function system_menu() { 'title' => 'Configure an advanced action', 'page callback' => 'drupal_get_form', 'page arguments' => array('system_actions_configure'), + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, ); $items['admin/settings/actions/delete/%actions'] = array( @@ -477,11 +488,13 @@ function system_menu() { 'description' => 'Delete an action.', 'page callback' => 'drupal_get_form', 'page arguments' => array('system_actions_delete_form', 4), + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, ); $items['admin/settings/actions/orphan'] = array( 'title' => 'Remove orphans', 'page callback' => 'system_actions_remove_orphans', + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, ); @@ -570,6 +583,7 @@ function system_menu() { 'title' => 'Date and time lookup', 'type' => MENU_CALLBACK, 'page callback' => 'system_date_time_lookup', + 'access arguments' => array('administer site configuration'), 'file' => 'system.admin.inc', ); $items['admin/settings/site-maintenance'] = array( @@ -626,18 +640,21 @@ function system_menu() { $items['admin/reports/status/run-cron'] = array( 'title' => 'Run cron', 'page callback' => 'system_run_cron', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); $items['admin/reports/status/php'] = array( 'title' => 'PHP', 'page callback' => 'system_php', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); $items['admin/reports/status/sql'] = array( 'title' => 'SQL', 'page callback' => 'system_sql', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index 5fc6dfb10..77b90f883 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -130,6 +130,7 @@ function taxonomy_menu() { 'title' => 'Add vocabulary', 'page callback' => 'drupal_get_form', 'page arguments' => array('taxonomy_form_vocabulary'), + 'access arguments' => array('administer taxonomy'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/taxonomy', 'file' => 'taxonomy.admin.inc', @@ -139,6 +140,7 @@ function taxonomy_menu() { 'title' => 'Edit vocabulary', 'page callback' => 'taxonomy_admin_vocabulary_edit', 'page arguments' => array(5), + 'access arguments' => array('administer taxonomy'), 'type' => MENU_CALLBACK, 'file' => 'taxonomy.admin.inc', ); @@ -146,6 +148,7 @@ function taxonomy_menu() { $items['admin/content/taxonomy/edit/term'] = array( 'title' => 'Edit term', 'page callback' => 'taxonomy_admin_term_edit', + 'access arguments' => array('administer taxonomy'), 'type' => MENU_CALLBACK, 'file' => 'taxonomy.admin.inc', ); @@ -185,6 +188,7 @@ function taxonomy_menu() { 'title' => 'Add term', 'page callback' => 'taxonomy_add_term_page', 'page arguments' => array(3), + 'access arguments' => array('administer taxonomy'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/taxonomy/%taxonomy_vocabulary', 'file' => 'taxonomy.admin.inc', diff --git a/modules/tracker/tracker.module b/modules/tracker/tracker.module index 489160f96..e11d8a983 100644 --- a/modules/tracker/tracker.module +++ b/modules/tracker/tracker.module @@ -33,11 +33,11 @@ function tracker_menu() { $items['tracker/all'] = array( 'title' => 'All recent posts', 'type' => MENU_DEFAULT_LOCAL_TASK, - 'access callback' => 'user_is_logged_in', ); - $items['tracker/%user_current'] = array( + $items['tracker/%user_uid_optional'] = array( 'title' => 'My recent posts', - 'access callback' => 'user_is_logged_in', + 'access callback' => '_tracker_myrecent_access', + 'access arguments' => array(1), 'page arguments' => array(1), 'type' => MENU_LOCAL_TASK, ); @@ -46,6 +46,8 @@ function tracker_menu() { 'title' => 'Track', 'page callback' => 'tracker_page', 'page arguments' => array(1, TRUE), + 'access callback' => '_tracker_user_access', + 'access arguments' => array(1), 'type' => MENU_LOCAL_TASK, 'file' => 'tracker.pages.inc', ); @@ -55,3 +57,19 @@ function tracker_menu() { ); return $items; } + +/** + * Access callback for tracker/%user_uid_optional + */ +function _tracker_myrecent_access($account) { + // This path is only allowed for authenticated users looking at their own posts. + return $account->uid && ($GLOBALS['user']->uid == $account->uid) && user_access('access content'); +} + +/** + * Access callback for user/%user/track + */ +function _tracker_user_access($account) { + return user_view_access($account) && user_access('access content'); +} + diff --git a/modules/trigger/trigger.module b/modules/trigger/trigger.module index 4db55dd96..9be132ca5 100644 --- a/modules/trigger/trigger.module +++ b/modules/trigger/trigger.module @@ -49,6 +49,7 @@ function trigger_menu() { 'title' => 'Content', 'page callback' => 'trigger_assign', 'page arguments' => array('node'), + 'access callback' => 'trigger_access_check', 'access arguments' => array('node'), 'type' => MENU_LOCAL_TASK, 'file' => 'trigger.admin.inc', @@ -57,6 +58,7 @@ function trigger_menu() { 'title' => 'Users', 'page callback' => 'trigger_assign', 'page arguments' => array('user'), + 'access callback' => 'trigger_access_check', 'access arguments' => array('user'), 'type' => MENU_LOCAL_TASK, 'file' => 'trigger.admin.inc', @@ -83,6 +85,7 @@ function trigger_menu() { 'title' => 'Cron', 'page callback' => 'trigger_assign', 'page arguments' => array('cron'), + 'access arguments' => array('administer actions'), 'type' => MENU_LOCAL_TASK, 'file' => 'trigger.admin.inc', ); @@ -112,6 +115,7 @@ function trigger_menu() { 'description' => 'Unassign an action from a trigger.', 'page callback' => 'drupal_get_form', 'page arguments' => array('trigger_unassign'), + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, 'file' => 'trigger.admin.inc', ); diff --git a/modules/user/user.module b/modules/user/user.module index 54543c861..fd3f5b0c2 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -830,6 +830,9 @@ function user_view_access($account) { ); } +/** + * Access callback for user account editing. + */ function user_edit_access($account) { return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0; } @@ -919,6 +922,7 @@ function user_menu() { $items['admin/user/user/create'] = array( 'title' => 'Add user', 'page arguments' => array('create'), + 'access arguments' => array('administer users'), 'type' => MENU_LOCAL_TASK, 'file' => 'user.admin.inc', ); @@ -951,6 +955,7 @@ function user_menu() { $items['admin/user/roles/edit'] = array( 'title' => 'Edit role', 'page arguments' => array('user_admin_role'), + 'access arguments' => array('administer permissions'), 'type' => MENU_CALLBACK, 'file' => 'user.admin.inc', ); @@ -963,7 +968,7 @@ function user_menu() { 'file' => 'user.pages.inc', ); - $items['user/%user_current'] = array( + $items['user/%user_uid_optional'] = array( 'title' => 'My account', 'title callback' => 'user_page_title', 'title arguments' => array(1), @@ -1018,8 +1023,8 @@ function user_menu() { 'title arguments' => array($category['title']), 'page callback' => 'user_edit', 'page arguments' => array(1, 3), - 'access callback' => isset($category['access callback']) ? $category['access callback'] : TRUE, - 'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(), + 'access callback' => isset($category['access callback']) ? $category['access callback'] : 'user_edit_access', + 'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(1), 'type' => MENU_LOCAL_TASK, 'weight' => $category['weight'], 'load arguments' => array('%map', '%index'), @@ -1036,8 +1041,8 @@ function user_init() { drupal_add_css(drupal_get_path('module', 'user') . '/user.css', 'module'); } -function user_current_load($arg) { - return user_load($arg ? $arg : $GLOBALS['user']->uid); +function user_uid_optional_load($arg) { + return user_load(isset($arg) ? $arg : $GLOBALS['user']->uid); } /** @@ -1082,7 +1087,7 @@ function user_category_load($uid, &$map, $index) { /** * Returns the user id of the currently logged in user. */ -function user_current_to_arg($arg) { +function user_uid_optional_to_arg($arg) { // Give back the current user uid when called from eg. tracker, aka. // with an empty arg. Also use the current user uid when called from // the menu with a % for the current account link. |