diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-07-31 09:30:09 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-07-31 09:30:09 +0000 |
| commit | 202eee42a929a0f48ce693e10943cc156ef5a7ef (patch) | |
| tree | ae4b6845c42c09529c28dbe153acb21aca5eef6c /modules/blog/blog.module | |
| parent | aed1b0ca9e89d085b557d2d1e61da2cf07ce6072 (diff) | |
| download | brdo-202eee42a929a0f48ce693e10943cc156ef5a7ef.tar.gz brdo-202eee42a929a0f48ce693e10943cc156ef5a7ef.tar.bz2 | |
- Patch #9543 by JonBob: added node-level access control!
Diffstat (limited to 'modules/blog/blog.module')
| -rw-r--r-- | modules/blog/blog.module | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/modules/blog/blog.module b/modules/blog/blog.module index 6d64a5713..0401a98fc 100644 --- a/modules/blog/blog.module +++ b/modules/blog/blog.module @@ -30,22 +30,15 @@ function blog_perm() { function blog_access($op, $node) { global $user; - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('edit own blog') && $user->uid; } - if ($op == 'update') { - return user_access('edit own blog') && ($user->uid == $node->uid); - } - - if ($op == 'delete') { - return user_access('edit own blog') && ($user->uid == $node->uid); + if ($op == 'update' || $op == 'delete') { + if (user_access('edit own blog') && ($user->uid == $node->uid)) { + return TRUE; + } } - } /** @@ -143,7 +136,7 @@ function blog_page_user($uid) { $title = t("%name's blog", array('%name' => $account->name)); $output = ''; - $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid); + $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid); while ($node = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $node->nid)), 1); } @@ -162,7 +155,7 @@ function blog_page_last() { $output = ''; - $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10)); + $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10)); while ($node = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $node->nid)), 1); @@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) { } else { if (user_access('access content')) { - $block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10)); + $block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10)); $block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>'; $block['subject'] = t('Recent blog posts'); } |