diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2005-04-11 22:48:27 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2005-04-11 22:48:27 +0000 |
| commit | 23bccfd1c8731823205354768e5cf7a61e42a395 (patch) | |
| tree | c94803df446ebafcb6e8d7270527bf3923002835 | |
| parent | bc44805f3cae8e18a300db9fa3469ff0daf17ac1 (diff) | |
| download | brdo-23bccfd1c8731823205354768e5cf7a61e42a395.tar.gz brdo-23bccfd1c8731823205354768e5cf7a61e42a395.tar.bz2 | |
- #4166: Respect 'access userlist' permission for profile data.
| -rw-r--r-- | includes/common.inc | 7 | ||||
| -rw-r--r-- | modules/profile.module | 2 | ||||
| -rw-r--r-- | modules/profile/profile.module | 2 | ||||
| -rw-r--r-- | modules/search.module | 4 | ||||
| -rw-r--r-- | modules/search/search.module | 4 | ||||
| -rw-r--r-- | modules/user.module | 79 | ||||
| -rw-r--r-- | modules/user/user.module | 79 |
7 files changed, 102 insertions, 75 deletions
diff --git a/includes/common.inc b/includes/common.inc index b93623e96..287b38e36 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -927,7 +927,12 @@ function format_name($object) { $name = $object->name; } - $output = l($name, 'user/'. $object->uid, array('title' => t('View user profile.'))); + if (user_access('access user profiles')) { + $output = l($name, 'user/'. $object->uid, array('title' => t('View user profile.'))); + } + else { + $output = $name; + } } else if ($object->name) { // Sometimes modules display content composed by people who are diff --git a/modules/profile.module b/modules/profile.module index 6de53a4d3..4212a3e43 100644 --- a/modules/profile.module +++ b/modules/profile.module @@ -35,7 +35,7 @@ function profile_menu($may_cache) { if ($may_cache) { $items[] = array('path' => 'profile', 'title' => t('user list'), 'callback' => 'profile_browse', - 'access' => TRUE, + 'access' => user_access('access user profiles'), 'type' => MENU_SUGGESTED_ITEM); $items[] = array('path' => 'admin/settings/profile', 'title' => t('profiles'), 'callback' => 'profile_admin_overview', diff --git a/modules/profile/profile.module b/modules/profile/profile.module index 6de53a4d3..4212a3e43 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -35,7 +35,7 @@ function profile_menu($may_cache) { if ($may_cache) { $items[] = array('path' => 'profile', 'title' => t('user list'), 'callback' => 'profile_browse', - 'access' => TRUE, + 'access' => user_access('access user profiles'), 'type' => MENU_SUGGESTED_ITEM); $items[] = array('path' => 'admin/settings/profile', 'title' => t('profiles'), 'callback' => 'profile_admin_overview', diff --git a/modules/search.module b/modules/search.module index 2b461726a..8b7b5cdb7 100644 --- a/modules/search.module +++ b/modules/search.module @@ -108,8 +108,8 @@ function search_menu($may_cache) { $keys = search_get_keys(); $keys = strlen($keys) ? '/'. $keys : ''; foreach (module_list() as $name) { - if (module_hook($name, 'search')) { - $items[] = array('path' => 'search/'. $name . $keys, 'title' => module_invoke($name, 'search', 'name'), + if (module_hook($name, 'search') && $title = module_invoke($name, 'search', 'name')) { + $items[] = array('path' => 'search/'. $name . $keys, 'title' => $title, 'callback' => 'search_view', 'access' => user_access('search content'), 'type' => MENU_LOCAL_TASK); diff --git a/modules/search/search.module b/modules/search/search.module index 2b461726a..8b7b5cdb7 100644 --- a/modules/search/search.module +++ b/modules/search/search.module @@ -108,8 +108,8 @@ function search_menu($may_cache) { $keys = search_get_keys(); $keys = strlen($keys) ? '/'. $keys : ''; foreach (module_list() as $name) { - if (module_hook($name, 'search')) { - $items[] = array('path' => 'search/'. $name . $keys, 'title' => module_invoke($name, 'search', 'name'), + if (module_hook($name, 'search') && $title = module_invoke($name, 'search', 'name')) { + $items[] = array('path' => 'search/'. $name . $keys, 'title' => $title, 'callback' => 'search_view', 'access' => user_access('search content'), 'type' => MENU_LOCAL_TASK); diff --git a/modules/user.module b/modules/user.module index 04db17f12..f4c1055ca 100644 --- a/modules/user.module +++ b/modules/user.module @@ -403,7 +403,7 @@ function user_fields() { * Implementation of hook_perm(). */ function user_perm() { - return array('administer users'); + return array('administer users', 'access user profiles'); } /** @@ -424,16 +424,20 @@ function user_file_download($file) { function user_search($op = 'search', $keys = null) { switch ($op) { case 'name': - return t('users'); + if (user_access('access user profiles')) { + return t('users'); + } case 'search': - $find = array(); - // Replace wildcards with MySQL/PostgreSQL wildcards. - $keys = preg_replace('!\*+!', '%', $keys); - $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); - while ($account = db_fetch_object($result)) { - $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + if (user_access('access user profiles')) { + $find = array(); + // Replace wildcards with MySQL/PostgreSQL wildcards. + $keys = preg_replace('!\*+!', '%', $keys); + $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); + while ($account = db_fetch_object($result)) { + $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + } + return $find; } - return $find; } } @@ -525,7 +529,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) { return $block; case 2: - if (user_access('access content')) { + if (user_access('access content') && user_access('access user profiles')) { $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 ORDER BY uid DESC', 0, 5); while ($account = db_fetch_object($result)) { $items[] = format_name($account); @@ -539,7 +543,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) { return $block; case 3: - if (user_access('access content')) { + if (user_access('access content') && user_access('access user profiles')) { // Count users with activity in the past defined period. $time_period = variable_get('user_block_seconds_online', 2700); @@ -625,11 +629,15 @@ function user_menu($may_cache) { $items = array(); - $access = user_access('administer users'); + $admin_access = user_access('administer users'); + // users should always be allowed to see their own user page + $view_access = (user_access('access user profiles') || ($user->uid == arg(1))); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), 'callback' => 'user_page', 'access' => TRUE, 'type' => MENU_CALLBACK); + + //registration and login pages. $items[] = array('path' => 'user/login', 'title' => t('log in'), 'type' => MENU_DEFAULT_LOCAL_TASK); $items[] = array('path' => 'user/register', 'title' => t('register'), @@ -639,53 +647,53 @@ function user_menu($may_cache) { $items[] = array('path' => 'user/help', 'title' => t('help'), 'callback' => 'user_help_page', 'type' => MENU_CALLBACK); + //admin pages $items[] = array('path' => 'admin/user', 'title' => t('users'), - 'callback' => 'user_admin', 'access' => $access); + 'callback' => 'user_admin', 'access' => $admin_access); $items[] = array('path' => 'admin/user/list', 'title' => t('list'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/user/create', 'title' => t('add user'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure', 'title' => t('configure'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); - $items[] = array('path' => 'admin/access', 'title' => t('access control'), - 'callback' => 'user_admin_perm', 'access' => $access); + 'callback' => 'user_admin_perm', 'access' => $admin_access); $items[] = array('path' => 'admin/access/permissions', 'title' => t('permissions'), - 'callback' => 'user_admin_perm', 'access' => $access, + 'callback' => 'user_admin_perm', 'access' => $admin_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/access/roles', 'title' => t('roles'), - 'callback' => 'user_admin_role', 'access' => $access, + 'callback' => 'user_admin_role', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/roles/edit', 'title' => t('edit role'), - 'callback' => 'user_admin_role', 'access' => $access, + 'callback' => 'user_admin_role', 'access' => $admin_access, 'type' => MENU_CALLBACK); - $items[] = array('path' => 'admin/access/rules', 'title' => t('account rules'), - 'callback' => 'user_admin_access', 'access' => $access, + 'callback' => 'user_admin_access', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK, 'weight' => 10); $items[] = array('path' => 'admin/access/rules/list', 'title' => t('list'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $admin_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/access/rules/add', 'title' => t('add rule'), - 'callback' => 'user_admin_access_add', 'access' => $access, + 'callback' => 'user_admin_access_add', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/rules/check', 'title' => t('check rules'), - 'callback' => 'user_admin_access_check', 'access' => $access, + 'callback' => 'user_admin_access_check', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/rules/edit', 'title' => t('edit rule'), - 'callback' => 'user_admin_access_edit', 'access' => $access, + 'callback' => 'user_admin_access_edit', 'access' => $admin_access, 'type' => MENU_CALLBACK); $items[] = array('path' => 'admin/access/rules/delete', 'title' => t('delete rule'), - 'callback' => 'user_admin_access_delete', 'access' => $access, + 'callback' => 'user_admin_access_delete', 'access' => $admin_access, 'type' => MENU_CALLBACK); if (module_exist('search')) { $items[] = array('path' => 'admin/user/search', 'title' => t('search'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); } + //Your personal page if ($user->uid) { $items[] = array('path' => 'user/'. $user->uid, 'title' => t('my account'), 'callback' => 'user_page', 'access' => TRUE, @@ -700,22 +708,25 @@ function user_menu($may_cache) { else { if (arg(0) == 'user' && is_numeric(arg(1))) { $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => TRUE); + 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => $view_access); $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), - 'callback' => 'user_edit', 'access' => $access || $user->uid == arg(1), + 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'user/'. arg(1) .'/delete', 'title' => t('delete'), - 'callback' => 'user_edit', 'access' => $access, + 'callback' => 'user_edit', 'access' => $admin_access, 'type' => MENU_CALLBACK); if (arg(2) == 'edit') { if (($categories = _user_categories()) && (count($categories) > 1)) { foreach ($categories as $key => $category) { - $items[] = array('path' => 'user/'. arg(1) .'/edit/'. $category['name'], 'title' => $category['title'], + $items[] = array( + 'path' => 'user/'. arg(1) .'/edit/'. $category['name'], + 'title' => $category['title'], 'type' => $category['name'] == 'account' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK, - 'weight' => $category['weight']); + 'weight' => $category['weight'], + 'access' => $admin_access); } } } diff --git a/modules/user/user.module b/modules/user/user.module index 04db17f12..f4c1055ca 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -403,7 +403,7 @@ function user_fields() { * Implementation of hook_perm(). */ function user_perm() { - return array('administer users'); + return array('administer users', 'access user profiles'); } /** @@ -424,16 +424,20 @@ function user_file_download($file) { function user_search($op = 'search', $keys = null) { switch ($op) { case 'name': - return t('users'); + if (user_access('access user profiles')) { + return t('users'); + } case 'search': - $find = array(); - // Replace wildcards with MySQL/PostgreSQL wildcards. - $keys = preg_replace('!\*+!', '%', $keys); - $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); - while ($account = db_fetch_object($result)) { - $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + if (user_access('access user profiles')) { + $find = array(); + // Replace wildcards with MySQL/PostgreSQL wildcards. + $keys = preg_replace('!\*+!', '%', $keys); + $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); + while ($account = db_fetch_object($result)) { + $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + } + return $find; } - return $find; } } @@ -525,7 +529,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) { return $block; case 2: - if (user_access('access content')) { + if (user_access('access content') && user_access('access user profiles')) { $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 ORDER BY uid DESC', 0, 5); while ($account = db_fetch_object($result)) { $items[] = format_name($account); @@ -539,7 +543,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) { return $block; case 3: - if (user_access('access content')) { + if (user_access('access content') && user_access('access user profiles')) { // Count users with activity in the past defined period. $time_period = variable_get('user_block_seconds_online', 2700); @@ -625,11 +629,15 @@ function user_menu($may_cache) { $items = array(); - $access = user_access('administer users'); + $admin_access = user_access('administer users'); + // users should always be allowed to see their own user page + $view_access = (user_access('access user profiles') || ($user->uid == arg(1))); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), 'callback' => 'user_page', 'access' => TRUE, 'type' => MENU_CALLBACK); + + //registration and login pages. $items[] = array('path' => 'user/login', 'title' => t('log in'), 'type' => MENU_DEFAULT_LOCAL_TASK); $items[] = array('path' => 'user/register', 'title' => t('register'), @@ -639,53 +647,53 @@ function user_menu($may_cache) { $items[] = array('path' => 'user/help', 'title' => t('help'), 'callback' => 'user_help_page', 'type' => MENU_CALLBACK); + //admin pages $items[] = array('path' => 'admin/user', 'title' => t('users'), - 'callback' => 'user_admin', 'access' => $access); + 'callback' => 'user_admin', 'access' => $admin_access); $items[] = array('path' => 'admin/user/list', 'title' => t('list'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/user/create', 'title' => t('add user'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure', 'title' => t('configure'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); - $items[] = array('path' => 'admin/access', 'title' => t('access control'), - 'callback' => 'user_admin_perm', 'access' => $access); + 'callback' => 'user_admin_perm', 'access' => $admin_access); $items[] = array('path' => 'admin/access/permissions', 'title' => t('permissions'), - 'callback' => 'user_admin_perm', 'access' => $access, + 'callback' => 'user_admin_perm', 'access' => $admin_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/access/roles', 'title' => t('roles'), - 'callback' => 'user_admin_role', 'access' => $access, + 'callback' => 'user_admin_role', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/roles/edit', 'title' => t('edit role'), - 'callback' => 'user_admin_role', 'access' => $access, + 'callback' => 'user_admin_role', 'access' => $admin_access, 'type' => MENU_CALLBACK); - $items[] = array('path' => 'admin/access/rules', 'title' => t('account rules'), - 'callback' => 'user_admin_access', 'access' => $access, + 'callback' => 'user_admin_access', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK, 'weight' => 10); $items[] = array('path' => 'admin/access/rules/list', 'title' => t('list'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $admin_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/access/rules/add', 'title' => t('add rule'), - 'callback' => 'user_admin_access_add', 'access' => $access, + 'callback' => 'user_admin_access_add', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/rules/check', 'title' => t('check rules'), - 'callback' => 'user_admin_access_check', 'access' => $access, + 'callback' => 'user_admin_access_check', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/rules/edit', 'title' => t('edit rule'), - 'callback' => 'user_admin_access_edit', 'access' => $access, + 'callback' => 'user_admin_access_edit', 'access' => $admin_access, 'type' => MENU_CALLBACK); $items[] = array('path' => 'admin/access/rules/delete', 'title' => t('delete rule'), - 'callback' => 'user_admin_access_delete', 'access' => $access, + 'callback' => 'user_admin_access_delete', 'access' => $admin_access, 'type' => MENU_CALLBACK); if (module_exist('search')) { $items[] = array('path' => 'admin/user/search', 'title' => t('search'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); } + //Your personal page if ($user->uid) { $items[] = array('path' => 'user/'. $user->uid, 'title' => t('my account'), 'callback' => 'user_page', 'access' => TRUE, @@ -700,22 +708,25 @@ function user_menu($may_cache) { else { if (arg(0) == 'user' && is_numeric(arg(1))) { $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => TRUE); + 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => $view_access); $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), - 'callback' => 'user_edit', 'access' => $access || $user->uid == arg(1), + 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'user/'. arg(1) .'/delete', 'title' => t('delete'), - 'callback' => 'user_edit', 'access' => $access, + 'callback' => 'user_edit', 'access' => $admin_access, 'type' => MENU_CALLBACK); if (arg(2) == 'edit') { if (($categories = _user_categories()) && (count($categories) > 1)) { foreach ($categories as $key => $category) { - $items[] = array('path' => 'user/'. arg(1) .'/edit/'. $category['name'], 'title' => $category['title'], + $items[] = array( + 'path' => 'user/'. arg(1) .'/edit/'. $category['name'], + 'title' => $category['title'], 'type' => $category['name'] == 'account' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK, - 'weight' => $category['weight']); + 'weight' => $category['weight'], + 'access' => $admin_access); } } } |