diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-06-21 18:45:30 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-06-21 18:45:30 +0000 |
| commit | 22ea50dfeca9e91dadb074f4b3dbb4656c97e978 (patch) | |
| tree | 65a8e351d76965ce28a766007e80d96da87d68d2 | |
| parent | 8f82f92a10e4dcd76322568741bcb87e8571e254 (diff) | |
| download | brdo-22ea50dfeca9e91dadb074f4b3dbb4656c97e978.tar.gz brdo-22ea50dfeca9e91dadb074f4b3dbb4656c97e978.tar.bz2 | |
- Patch #21566 by deekayan: fixed user_access() function returning a string and not a boolean. Also improves performance of user_access().
| -rw-r--r-- | modules/user.module | 12 | ||||
| -rw-r--r-- | modules/user/user.module | 12 |
2 files changed, 14 insertions, 10 deletions
diff --git a/modules/user.module b/modules/user.module index 705793d12..33678c6d3 100644 --- a/modules/user.module +++ b/modules/user.module @@ -304,7 +304,7 @@ function user_password($length = 10) { * (optional) The account to check, if not given use currently logged in user. * * @return - * TRUE iff the current user has the requested permission. + * boolean TRUE if the current user has the requested permission. * * All permission checks in Drupal should go through this function. This * way, we guarantee consistent behavior, and ensure that the superuser @@ -319,8 +319,8 @@ function user_access($string, $account = NULL) { } // User #1 has all privileges: - if ($account->uid == 1) { - return 1; + if ($account->uid === 1) { + return TRUE; } // To reduce the number of SQL queries, we cache the user's permissions @@ -329,12 +329,14 @@ function user_access($string, $account = NULL) { $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid); while ($row = db_fetch_object($result)) { - $perm[$account->uid] .= "$row->perm, "; + $perm[$account->uid][] = $row->perm; } } + if (isset($perm[$account->uid])) { - return strstr($perm[$account->uid], "$string, "); + return in_array($string, $perm[$account->uid]); } + return FALSE; } diff --git a/modules/user/user.module b/modules/user/user.module index 705793d12..33678c6d3 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -304,7 +304,7 @@ function user_password($length = 10) { * (optional) The account to check, if not given use currently logged in user. * * @return - * TRUE iff the current user has the requested permission. + * boolean TRUE if the current user has the requested permission. * * All permission checks in Drupal should go through this function. This * way, we guarantee consistent behavior, and ensure that the superuser @@ -319,8 +319,8 @@ function user_access($string, $account = NULL) { } // User #1 has all privileges: - if ($account->uid == 1) { - return 1; + if ($account->uid === 1) { + return TRUE; } // To reduce the number of SQL queries, we cache the user's permissions @@ -329,12 +329,14 @@ function user_access($string, $account = NULL) { $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid); while ($row = db_fetch_object($result)) { - $perm[$account->uid] .= "$row->perm, "; + $perm[$account->uid][] = $row->perm; } } + if (isset($perm[$account->uid])) { - return strstr($perm[$account->uid], "$string, "); + return in_array($string, $perm[$account->uid]); } + return FALSE; } |