diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-09 09:51:35 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-09 09:51:35 +0000 |
| commit | 33f455d2df47ef80dd5b3c736762cecd23b0ba63 (patch) | |
| tree | bb98ef555f3b1844b2043668c8539cfe99b71a8c /modules/system | |
| parent | 7de29914a9cbb6d82e4d5798f46565322e41b021 (diff) | |
| download | brdo-33f455d2df47ef80dd5b3c736762cecd23b0ba63.tar.gz brdo-33f455d2df47ef80dd5b3c736762cecd23b0ba63.tar.bz2 | |
#153998 by David_Rothstein and myself: clean up permissions in book, blog, blogapi, forum and locale modules
Diffstat (limited to 'modules/system')
| -rw-r--r-- | modules/system/system.install | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/modules/system/system.install b/modules/system/system.install index 072702667..ecb0e401e 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -2415,6 +2415,40 @@ function system_update_6044() { } /** + * Update blog, book and locale module permissions. + * + * Blog module got "edit own blog" replaced with the more granular "create + * blog entries", "edit own blog entries" and "delete own blog entries" + * permissions. We grant create and edit to previously privileged users, but + * delete is not granted to be in line with other permission changes in Drupal 6. + * + * Book module's "edit book pages" was upgraded to the bogus "edit book content" + * in Drupal 6 RC1 instead of "edit any book content", which would be correct. + * + * Locale module introduced "administer languages" and "translate interface" + * in place of "administer locales". + * + * Modeled after system_update_6039(). + */ +function system_update_6045() { + $ret = array(); + $result = db_query("SELECT rid, perm FROM {permission} ORDER BY rid"); + while ($role = db_fetch_object($result)) { + $renamed_permission = preg_replace('/(?<=^|,\ )edit\ own\ blog(?=,|$)/', 'create blog entries, edit own blog entries', $role->perm); + $renamed_permission = preg_replace('/(?<=^|,\ )edit\ book\ content(?=,|$)/', 'edit any book content', $renamed_permission); + $renamed_permission = preg_replace('/(?<=^|,\ )administer\ locales(?=,|$)/', 'administer languages, translate interface', $renamed_permission); + if ($renamed_permission != $role->perm) { + $ret[] = update_sql("UPDATE {permission} SET perm = '$renamed_permission' WHERE rid = $role->rid"); + } + } + + // Notify user that delete permissions may have been changed. This was in + // effect since system_update_6039(), but there was no user notice. + drupal_set_message('Drupal now has separate edit and delete permissions. Previously, users who were able to edit content were automatically allowed to delete it. For added security, delete permissions for individual core content types have been <strong>removed</strong> from all roles on your site (only roles with the "administer nodes" permission can now delete these types of content). If you would like to reenable any individual delete permissions, you can do this at the <a href="'. url('admin/user/permissions', array('fragment' => 'module-node')) .'">permissions page</a>.'); + return $ret; +} + +/** * @} End of "defgroup updates-5.x-to-6.x" * The next series of updates should start at 7000. */ |