diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-10-18 18:29:15 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-10-18 18:29:15 +0000 |
| commit | 07cdcb439b868f71bff92cc1b5f8b15fd9e62d76 (patch) | |
| tree | d4c4ef70e91a177e8483c617d66a9422c982917b /modules | |
| parent | 1362571d09656597b204b778d071f25f5afe781c (diff) | |
| download | brdo-07cdcb439b868f71bff92cc1b5f8b15fd9e62d76.tar.gz brdo-07cdcb439b868f71bff92cc1b5f8b15fd9e62d76.tar.bz2 | |
- Patch by James: made the blogapi module work again.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/blogapi.module | 2 | ||||
| -rw-r--r-- | modules/blogapi/blogapi.module | 2 | ||||
| -rw-r--r-- | modules/user.module | 18 | ||||
| -rw-r--r-- | modules/user/user.module | 18 |
4 files changed, 26 insertions, 14 deletions
diff --git a/modules/blogapi.module b/modules/blogapi.module index 751ac72fa..2a22f9f53 100644 --- a/modules/blogapi.module +++ b/modules/blogapi.module @@ -477,7 +477,7 @@ function blogapi_validate_user($username, $password) { $user = user_authenticate($username, $password); if ($user->uid) { - if (user_access('edit own blog')) { + if (user_access('edit own blog'), $user) { return $user; } else { diff --git a/modules/blogapi/blogapi.module b/modules/blogapi/blogapi.module index 751ac72fa..2a22f9f53 100644 --- a/modules/blogapi/blogapi.module +++ b/modules/blogapi/blogapi.module @@ -477,7 +477,7 @@ function blogapi_validate_user($username, $password) { $user = user_authenticate($username, $password); if ($user->uid) { - if (user_access('edit own blog')) { + if (user_access('edit own blog'), $user) { return $user; } else { diff --git a/modules/user.module b/modules/user.module index adfcc8425..50185acdb 100644 --- a/modules/user.module +++ b/modules/user.module @@ -293,6 +293,8 @@ function user_password($length = 10) { * * @param $string * The permission, such as "administer nodes", being checked for. + * @param $account + * (optional) The account to check, if not given use currently logged in user. * * @return * TRUE iff the current user has the requested permission. @@ -301,26 +303,30 @@ function user_password($length = 10) { * way, we guarantee consistent behavior, and ensure that the superuser * can perform all actions. */ -function user_access($string) { +function user_access($string, $account = NULL) { global $user; - static $perm = 0; + static $perm = array(); // User #1 has all priveleges: if ($user->uid == 1) { return 1; } + if (is_null($account)) { + $account = $user; + } + // To reduce the number of SQL queries, we cache the user's permissions // in a static variable. - if ($perm === 0) { - $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid); + if (!isset($perm[$account->uid])) { + $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid); while ($row = db_fetch_object($result)) { - $perm .= "$row->perm, "; + $perm[$account->uid] .= "$row->perm, "; } } - return strstr($perm, "$string, "); + return strstr($perm[$account->uid], "$string, "); } /** diff --git a/modules/user/user.module b/modules/user/user.module index adfcc8425..50185acdb 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -293,6 +293,8 @@ function user_password($length = 10) { * * @param $string * The permission, such as "administer nodes", being checked for. + * @param $account + * (optional) The account to check, if not given use currently logged in user. * * @return * TRUE iff the current user has the requested permission. @@ -301,26 +303,30 @@ function user_password($length = 10) { * way, we guarantee consistent behavior, and ensure that the superuser * can perform all actions. */ -function user_access($string) { +function user_access($string, $account = NULL) { global $user; - static $perm = 0; + static $perm = array(); // User #1 has all priveleges: if ($user->uid == 1) { return 1; } + if (is_null($account)) { + $account = $user; + } + // To reduce the number of SQL queries, we cache the user's permissions // in a static variable. - if ($perm === 0) { - $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid); + if (!isset($perm[$account->uid])) { + $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid); while ($row = db_fetch_object($result)) { - $perm .= "$row->perm, "; + $perm[$account->uid] .= "$row->perm, "; } } - return strstr($perm, "$string, "); + return strstr($perm[$account->uid], "$string, "); } /** |