diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-02-06 09:37:10 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-02-06 09:37:10 +0000 |
| commit | de0a0b7a819006b15b727e632635287845a25c22 (patch) | |
| tree | 465e66c1c6f0ddc2ef13ff4fd98b1366d7c7ee13 | |
| parent | 7c6a7872951e8fa353efcbe541416d0094af800f (diff) | |
| download | brdo-de0a0b7a819006b15b727e632635287845a25c22.tar.gz brdo-de0a0b7a819006b15b727e632635287845a25c22.tar.bz2 | |
- Patch #16462 by Moshe: book pages slighty disobey the node_access system because they always return a value for book_access('update'). This simple patch causes us to use node_access when the user has a chance of being able to update the current page.
| -rw-r--r-- | modules/book.module | 12 | ||||
| -rw-r--r-- | modules/book/book.module | 12 |
2 files changed, 20 insertions, 4 deletions
diff --git a/modules/book.module b/modules/book.module index a7aa2a994..1fa4948e9 100644 --- a/modules/book.module +++ b/modules/book.module @@ -39,7 +39,12 @@ function book_access($op, $node) { // of that page waiting for approval. That is, only updates that // don't overwrite the current or pending information are allowed. - return ((user_access('maintain books') && !$node->moderate) || ($node->uid == $user->uid && user_access('edit own book pages'))); + if ((user_access('maintain books') && !$node->moderate) || ($node->uid == $user->uid && user_access('edit own book pages'))) { + return TRUE; + } + else { + // do nothing. node-access() will determine further access + } } } @@ -426,8 +431,11 @@ function book_nodeapi(&$node, $op, $teaser, $page) { case 'view': if (!$teaser) { $book = db_fetch_array(db_query('SELECT * FROM {book} WHERE nid = %d', $node->nid)); - if ($book) { + if ($node->moderate && user_access('administer nodes')) { + drupal_set_message(t("This update/post awaits moderation and won't be accessible until approved.")); + } + foreach ($book as $key => $value) { $node->$key = $value; } diff --git a/modules/book/book.module b/modules/book/book.module index a7aa2a994..1fa4948e9 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -39,7 +39,12 @@ function book_access($op, $node) { // of that page waiting for approval. That is, only updates that // don't overwrite the current or pending information are allowed. - return ((user_access('maintain books') && !$node->moderate) || ($node->uid == $user->uid && user_access('edit own book pages'))); + if ((user_access('maintain books') && !$node->moderate) || ($node->uid == $user->uid && user_access('edit own book pages'))) { + return TRUE; + } + else { + // do nothing. node-access() will determine further access + } } } @@ -426,8 +431,11 @@ function book_nodeapi(&$node, $op, $teaser, $page) { case 'view': if (!$teaser) { $book = db_fetch_array(db_query('SELECT * FROM {book} WHERE nid = %d', $node->nid)); - if ($book) { + if ($node->moderate && user_access('administer nodes')) { + drupal_set_message(t("This update/post awaits moderation and won't be accessible until approved.")); + } + foreach ($book as $key => $value) { $node->$key = $value; } |