diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-06-20 20:00:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-06-20 20:00:40 +0000 |
| commit | 72065fb8351b54eee5f1928c18e06ad81aa9b502 (patch) | |
| tree | 59052fb790134eed81b52b69150a1e231bd44083 /modules | |
| parent | 7752dc4c7c4cffda07152d8ee89bce05f16a5d6c (diff) | |
| download | brdo-72065fb8351b54eee5f1928c18e06ad81aa9b502.tar.gz brdo-72065fb8351b54eee5f1928c18e06ad81aa9b502.tar.bz2 | |
- Added a brand-new access.module which allows you to manage 'roles'
(groups) and 'permissions' ... (inspired by Zope's system).
+ Once installed, click the help-link for more information.
+ See updates/2.00-to-x.xx.sql for the SQL updates.
- Modified loads of code to use our new access.module. The system
still has to mature though: new permissions have to be added and
existing permissions need stream-lining. Awaiting suggestions.
- As a direct result of the new access system, I had to rewrite the
way the top-level links in admin.php are rendered and displayed,
and xhtml-ified admin.php while I was at it.
TODO
- Home-brewed modules need updating, home-brewed themes not.
(Examples: file.module, trip_link.module)
- As soon we *finished* the refactoring of the user system (KJ has
been working on this refactoring already) we should consider to
embed this role and permission code into account.module ...
Diffstat (limited to 'modules')
33 files changed, 1008 insertions, 789 deletions
diff --git a/modules/account.module b/modules/account.module index ff1e131af..45cb32722 100644 --- a/modules/account.module +++ b/modules/account.module @@ -32,6 +32,10 @@ function account_help() { <?php } +function account_perm() { + return array("add and edit user accounts"); +} + function account_conf_options() { $output .= form_select(t("Public accounts"), "account_register", variable_get("account_register", 1), array("Disabled", "Enabled"), "If enabled, everyone can create a new user account. If disabled, new user accounts can only be created by site administrators."); return $output; @@ -41,7 +45,7 @@ function account_search($keys) { global $user; $result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20"); while ($account = db_fetch_object($result)) { - $find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid); + $find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "add and edit user accounts") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid); } return $find; } @@ -99,15 +103,6 @@ function account_overview($query = array()) { return $output; } -function account_access($account) { - $data = explode(",", $account->access); - foreach ($data as $array) { - $access = explode("=", $array); - if ($access[0]) $output .= " $access[0]"; - } - return $output; -} - function account_blocks($id) { $result = db_query("SELECT * FROM layout WHERE user = '$id'"); while ($layout = db_fetch_object($result)) { @@ -143,24 +138,11 @@ function account_delete($name) { } function account_form($account = 0) { - global $access; - - function access($name) { - global $access, $account; - if (module_hook($name, "admin")) $access[$name] = $name; - } - module_iterate("access"); - - $account->access = explode(",", $account->access); - foreach ($account->access as $key=>$value) { - $account->access[$key] = substr($value, 0, -2); - } $form .= $account->id ? form_item("ID", $account->id) . form_hidden("id", $account->id) : ""; $form .= $account->userid ? form_item(t("Username"), check_output($account->userid)) . form_hidden("userid", $account->userid) : form_textfield(t("Username"), "userid", $account->userid, 15, 15); - $form .= form_select(t("Status"), "status", ($account->status ? $account->status : 1), array("blocked", "not confirmed", "open")); - $form .= form_select(t("Administrator access"), "access", $account->access, $access, 0, "multiple=\"true\" size=\"10\""); -// $form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>"); + $form .= form_select(t("Status"), "status", $account->status, array("blocked", "not confirmed", "open")); + $form .= form_select(t("Role"), "role", $account->role, access_get_roles()); $form .= form_textfield(t("Real name"), "name", $account->name, 30, 55); $form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55); $form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55); @@ -179,18 +161,8 @@ function account_save($edit) { if ($edit[id]) { // Updating existing account foreach ($edit as $key=>$value) { - if ($key != "access") { $query .= "$key = '". addslashes($value) ."', "; - } } - - if ($edit[access]) { - foreach ($edit[access] as $key=>$value) { - $access = field_set($access, $value, 1); - } - } - $query .= "access = '$access'"; - db_query("UPDATE users SET $query WHERE id = $edit[id]"); watchdog("account", "account: modified user '$edit[userid]'"); return $edit[userid]; @@ -208,14 +180,7 @@ function account_save($edit) { $edit[passwd] = user_password(); $edit[hash] = substr(md5("$edit[userid]. ". time()), 0, 12); - if ($edit[access]) { - foreach ($edit[access] as $key=>$value) { - $access = field_set($access, $value, 1); - } - $edit[access] = $access; - } - - $user = user_save("", array("userid" => $edit[userid], "access" => $edit[access], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash])); + $user = user_save("", array("userid" => $edit[userid], "role" => $edit[role], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash])); $link = path_uri() ."account.php?op=confirm&name=". urlencode($edit[userid]) ."&hash=$edit[hash]"; $subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal"))); @@ -231,8 +196,6 @@ function account_save($edit) { } function account_edit($name) { - $status = array("blocked", "not confirmed", "open"); - $result = db_query("SELECT * FROM users WHERE userid = '$name'"); if ($account = db_fetch_object($result)) { @@ -258,7 +221,7 @@ function account_view($name) { $output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n"; $output .= " <TR><TH>Username:</TH><TD>$account->userid</TD></TR>\n"; $output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n"; - $output .= " <TR><TH>Access:</TH><TD>". check_output(account_access($account)) ."</TD></TR>\n"; + $output .= " <TR><TH>Role:</TH><TD>". check_output($account->role) ."</TD></TR>\n"; $output .= " <TR><TH>Real name:</TH><TD>". check_output($account->name) ."</TD></TR>\n"; $output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n"; $output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n"; @@ -280,72 +243,77 @@ function account_view($name) { } function account_query($type = "") { - $queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with access rights", "WHERE access != '' ORDER BY last_access DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC")); + $queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC")); return ($queries[$type] ? $queries[$type] : $queries); } function account_admin() { - global $op, $edit, $id, $mod, $keys, $order, $name, $query; - - print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>"; - - $query = $query ? $query : 0; - $name = $name ? $name : $edit[name]; - - switch ($op) { - case "access": - print account_ac(); - break; - case "Add rule": - print status(account_ac_add($edit)); - print account_ac(); - break; - case "Check": - print status(account_ac_check($edit)); - print account_ac(); - break; - case "delete": - print status(account_ac_del($id)); - print account_ac(); - break; - case "Delete account": - print status(account_delete($name)); - print account_overview(account_query($query)); - break; - case "add": - print account_add(); - break; - case "Edit account": - case "edit": - print account_edit($name); - break; - case "help": - print account_help(); - break; - case "listing": - print node_listing(account_query()); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case "Save account": - $name = account_save($edit); - if ($name) - print account_view($name); - else { - foreach ($edit as $key=>$value) { - $account->$key = $value; + global $user, $op, $edit, $id, $mod, $keys, $order, $name, $query; + + if (user_access($user, "add and edit user accounts")) { + print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>"; + + $query = $query ? $query : 0; + $name = $name ? $name : $edit[name]; + + switch ($op) { + case "access": + print account_ac(); + break; + case "Add rule": + print status(account_ac_add($edit)); + print account_ac(); + break; + case "Check": + print status(account_ac_check($edit)); + print account_ac(); + break; + case "delete": + print status(account_ac_del($id)); + print account_ac(); + break; + case "Delete account": + print status(account_delete($name)); + print account_overview(account_query($query)); + break; + case "add": + print account_add(); + break; + case "Edit account": + case "edit": + print account_edit($name); + break; + case "help": + print account_help(); + break; + case "listing": + print node_listing(account_query()); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case "Save account": + $name = account_save($edit); + if ($name) + print account_view($name); + else { + foreach ($edit as $key=>$value) { + $account->$key = $value; + } + print account_form($account); } - print account_form($account); - } - break; - case "View account": - case "view": - print account_view($name); - break; - default: - print account_overview(account_query($query)); + break; + case "View account": + case "view": + print account_view($name); + break; + default: + print account_overview(account_query($query)); + } + } + else { + print message_access(); } } diff --git a/modules/aggregator.module b/modules/aggregator.module index 460084c44..8befa5beb 100644 --- a/modules/aggregator.module +++ b/modules/aggregator.module @@ -6,6 +6,10 @@ function import_help() { <?php } +function import_perm() { + return array("add and edit news feeds"); +} + function import_cron() { $result = db_query("SELECT * FROM feed"); while ($feed = db_fetch_array($result)) { @@ -232,54 +236,60 @@ function import_view_item() { } function import_admin() { - global $op, $id, $type, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; - - switch($op) { - case "help": - print import_help(); - break; - case "add": - if ($type == "bundle") - print import_form_bundle(); - else - print import_form_feed(); - break; - case "edit": - if ($type == "bundle") - print import_form_bundle(import_get_bundle($id)); - else - print import_form_feed(import_get_feed($id)); - break; - case "remove": - print status(import_remove(import_get_feed($id))); - print import_view_feed(); - break; - case "update": - print status(import_update(import_get_feed($id))); - print import_view_feed(); - break; - case "Save attributes": - print status(import_save_attributes($edit)); - print import_view_item(); - break; - case "Delete": - $edit[title] = 0; - // fall through: - case "Submit": - if ($type == "bundle") - print status(import_save_bundle($edit)); - else - print status(import_save_feed($edit)); - // fall through: - default: - if ($type == "bundle") - print import_view_bundle(); - else if ($type == "item") - print import_view_item(); - else + global $user, $op, $id, $type, $edit; + + if (user_access($user, "add and edit news feeds")) { + + print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; + + switch($op) { + case "help": + print import_help(); + break; + case "add": + if ($type == "bundle") + print import_form_bundle(); + else + print import_form_feed(); + break; + case "edit": + if ($type == "bundle") + print import_form_bundle(import_get_bundle($id)); + else + print import_form_feed(import_get_feed($id)); + break; + case "remove": + print status(import_remove(import_get_feed($id))); + print import_view_feed(); + break; + case "update": + print status(import_update(import_get_feed($id))); print import_view_feed(); + break; + case "Save attributes": + print status(import_save_attributes($edit)); + print import_view_item(); + break; + case "Delete": + $edit[title] = 0; + // fall through: + case "Submit": + if ($type == "bundle") + print status(import_save_bundle($edit)); + else + print status(import_save_feed($edit)); + // fall through: + default: + if ($type == "bundle") + print import_view_bundle(); + else if ($type == "item") + print import_view_item(); + else + print import_view_feed(); + } + } + else { + print message_access(); } } diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index 460084c44..8befa5beb 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -6,6 +6,10 @@ function import_help() { <?php } +function import_perm() { + return array("add and edit news feeds"); +} + function import_cron() { $result = db_query("SELECT * FROM feed"); while ($feed = db_fetch_array($result)) { @@ -232,54 +236,60 @@ function import_view_item() { } function import_admin() { - global $op, $id, $type, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; - - switch($op) { - case "help": - print import_help(); - break; - case "add": - if ($type == "bundle") - print import_form_bundle(); - else - print import_form_feed(); - break; - case "edit": - if ($type == "bundle") - print import_form_bundle(import_get_bundle($id)); - else - print import_form_feed(import_get_feed($id)); - break; - case "remove": - print status(import_remove(import_get_feed($id))); - print import_view_feed(); - break; - case "update": - print status(import_update(import_get_feed($id))); - print import_view_feed(); - break; - case "Save attributes": - print status(import_save_attributes($edit)); - print import_view_item(); - break; - case "Delete": - $edit[title] = 0; - // fall through: - case "Submit": - if ($type == "bundle") - print status(import_save_bundle($edit)); - else - print status(import_save_feed($edit)); - // fall through: - default: - if ($type == "bundle") - print import_view_bundle(); - else if ($type == "item") - print import_view_item(); - else + global $user, $op, $id, $type, $edit; + + if (user_access($user, "add and edit news feeds")) { + + print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; + + switch($op) { + case "help": + print import_help(); + break; + case "add": + if ($type == "bundle") + print import_form_bundle(); + else + print import_form_feed(); + break; + case "edit": + if ($type == "bundle") + print import_form_bundle(import_get_bundle($id)); + else + print import_form_feed(import_get_feed($id)); + break; + case "remove": + print status(import_remove(import_get_feed($id))); + print import_view_feed(); + break; + case "update": + print status(import_update(import_get_feed($id))); print import_view_feed(); + break; + case "Save attributes": + print status(import_save_attributes($edit)); + print import_view_item(); + break; + case "Delete": + $edit[title] = 0; + // fall through: + case "Submit": + if ($type == "bundle") + print status(import_save_bundle($edit)); + else + print status(import_save_feed($edit)); + // fall through: + default: + if ($type == "bundle") + print import_view_bundle(); + else if ($type == "item") + print import_view_item(); + else + print import_view_feed(); + } + } + else { + print message_access(); } } diff --git a/modules/block.module b/modules/block.module index 108ee645c..0de1f0146 100644 --- a/modules/block.module +++ b/modules/block.module @@ -9,6 +9,10 @@ function block_help() { <?php } +function block_perm() { + return array("add and edit blocks"); +} + function block_admin_save($edit) { foreach ($edit as $key=>$value) { db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); @@ -99,24 +103,28 @@ function block_admin_preview() { } function block_admin() { - global $op, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - block_help(); - break; - case "preview": - block_admin_preview(); - break; - case "Save blocks": - block_admin_save($edit); - // fall through - default: - block_admin_display(); + global $user, $op, $edit; + + if (user_access($user, "add and edit blocks")) { + print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + block_help(); + break; + case "preview": + block_admin_preview(); + break; + case "Save blocks": + block_admin_save($edit); + // fall through + default: + block_admin_display(); + } + } + else { + print message_access(); } - } ?> diff --git a/modules/block/block.module b/modules/block/block.module index 108ee645c..0de1f0146 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -9,6 +9,10 @@ function block_help() { <?php } +function block_perm() { + return array("add and edit blocks"); +} + function block_admin_save($edit) { foreach ($edit as $key=>$value) { db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); @@ -99,24 +103,28 @@ function block_admin_preview() { } function block_admin() { - global $op, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - block_help(); - break; - case "preview": - block_admin_preview(); - break; - case "Save blocks": - block_admin_save($edit); - // fall through - default: - block_admin_display(); + global $user, $op, $edit; + + if (user_access($user, "add and edit blocks")) { + print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + block_help(); + break; + case "preview": + block_admin_preview(); + break; + case "Save blocks": + block_admin_save($edit); + // fall through + default: + block_admin_display(); + } + } + else { + print message_access(); } - } ?> diff --git a/modules/book.module b/modules/book.module index 87e6bff58..138b5e5a7 100644 --- a/modules/book.module +++ b/modules/book.module @@ -9,6 +9,10 @@ class Book { } } +function book_perm() { + return array("maintain book structure"); +} + function book_status() { return array(dumped, expired, queued, posted); } @@ -69,7 +73,7 @@ function book_search($keys) { global $status, $user; $result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20"); while ($node = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); + $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); } return $find; } @@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) { $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight"); // add root node: - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $toc[0] = " "; } @@ -126,7 +130,7 @@ function book_form($edit = array()) { $form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations.")); - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top.")); } @@ -152,7 +156,7 @@ function book_save($edit) { if (!$edit[nid]) { node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(body, log, parent, title, type => "book", weight)); } } @@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) { } function book_admin() { - print book_tree(); + global $user; + if (user_access($user, "maintain book structure")) { + print book_tree(); + } + else { + print message_access(); + } } function book_page() { - global $status, $theme; + global $user, $status, $theme; - $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); + if (user_access($user, "view content")) { + $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); - while ($node = db_fetch_object($result)) { - $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; - } + while ($node = db_fetch_object($result)) { + $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; + } - $theme->header(); - $theme->box(t("Handbook"), "<DL>$output</DL>"); - $theme->footer(); + $theme->header(); + $theme->box(t("Handbook"), "<DL>$output</DL>"); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function book_edit($id) { diff --git a/modules/book/book.module b/modules/book/book.module index 87e6bff58..138b5e5a7 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -9,6 +9,10 @@ class Book { } } +function book_perm() { + return array("maintain book structure"); +} + function book_status() { return array(dumped, expired, queued, posted); } @@ -69,7 +73,7 @@ function book_search($keys) { global $status, $user; $result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20"); while ($node = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); + $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp); } return $find; } @@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) { $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight"); // add root node: - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $toc[0] = " "; } @@ -126,7 +130,7 @@ function book_form($edit = array()) { $form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations.")); - if (user_access($user, "book")) { + if (user_access($user, "add and edit nodes")) { $form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top.")); } @@ -152,7 +156,7 @@ function book_save($edit) { if (!$edit[nid]) { node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(body, log, parent, title, type => "book", weight)); } } @@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) { } function book_admin() { - print book_tree(); + global $user; + if (user_access($user, "maintain book structure")) { + print book_tree(); + } + else { + print message_access(); + } } function book_page() { - global $status, $theme; + global $user, $status, $theme; - $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); + if (user_access($user, "view content")) { + $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight"); - while ($node = db_fetch_object($result)) { - $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; - } + while ($node = db_fetch_object($result)) { + $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>"; + } - $theme->header(); - $theme->box(t("Handbook"), "<DL>$output</DL>"); - $theme->footer(); + $theme->header(); + $theme->box(t("Handbook"), "<DL>$output</DL>"); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function book_edit($id) { diff --git a/modules/box.module b/modules/box.module index 5ae9aa538..025007620 100644 --- a/modules/box.module +++ b/modules/box.module @@ -29,6 +29,10 @@ function box_help() { <?php } +function box_perm() { + return array("add and edit boxes"); +} + function box_block() { $result = db_query("SELECT * FROM boxes ORDER BY subject"); $i = 0; @@ -142,36 +146,42 @@ function box_admin_save($id, $subject, $content, $info, $link, $type) { } function box_admin() { - global $op, $id, $subject, $content, $info, $link, $type; - - print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "Add box": - box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); - box_admin_display(); - box_admin_rehash(); - break; - case "Save box": - box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); - box_admin_display(); - box_admin_rehash(); - break; - case "help": - box_help(); - break; - case "add": - box_admin_new(); - break; - case "edit": - box_admin_edit(check_input($id)); - break; - case "delete": - box_admin_delete(check_input($id)); - box_admin_rehash(); - // fall through - default: - box_admin_display(); + global $user, $op, $id, $subject, $content, $info, $link, $type; + + if (user_access($user, "add and edit boxes")) { + + print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "Add box": + box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); + box_admin_display(); + box_admin_rehash(); + break; + case "Save box": + box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); + box_admin_display(); + box_admin_rehash(); + break; + case "help": + box_help(); + break; + case "add": + box_admin_new(); + break; + case "edit": + box_admin_edit(check_input($id)); + break; + case "delete": + box_admin_delete(check_input($id)); + box_admin_rehash(); + // fall through + default: + box_admin_display(); + } + } + else { + print message_access(); } } diff --git a/modules/comment.module b/modules/comment.module index 24b156443..ad9924603 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -4,11 +4,15 @@ function comment_search($keys) { global $user; $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); + $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); } return $find; } +function comment_perm() { + return array("view comments", "post comments", "edit comments"); +} + function comment_edit($id) { global $REQUEST_URI; @@ -42,24 +46,30 @@ function comment_overview() { } function comment_admin() { - global $op, $id, $edit, $mod, $keys, $order; + global $user, $op, $id, $edit, $mod, $keys, $order; - print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + if (user_access($user, "edit comments")) { - switch ($op) { - case "edit": - print comment_edit($id); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case t("Submit"): - print status(comment_save(check_input($id), $edit)); - print comment_overview(); - break; - default: - print comment_overview(); + print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + + switch ($op) { + case "edit": + print comment_edit($id); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case t("Submit"): + print status(comment_save(check_input($id), $edit)); + print comment_overview(); + break; + default: + print comment_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 24b156443..ad9924603 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -4,11 +4,15 @@ function comment_search($keys) { global $user; $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); + $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp); } return $find; } +function comment_perm() { + return array("view comments", "post comments", "edit comments"); +} + function comment_edit($id) { global $REQUEST_URI; @@ -42,24 +46,30 @@ function comment_overview() { } function comment_admin() { - global $op, $id, $edit, $mod, $keys, $order; + global $user, $op, $id, $edit, $mod, $keys, $order; - print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + if (user_access($user, "edit comments")) { - switch ($op) { - case "edit": - print comment_edit($id); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case t("Submit"): - print status(comment_save(check_input($id), $edit)); - print comment_overview(); - break; - default: - print comment_overview(); + print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n"; + + switch ($op) { + case "edit": + print comment_edit($id); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case t("Submit"): + print status(comment_save(check_input($id), $edit)); + print comment_overview(); + break; + default: + print comment_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/conf.module b/modules/conf.module index 4a03a1a99..ba55d82b6 100644 --- a/modules/conf.module +++ b/modules/conf.module @@ -12,6 +12,10 @@ function conf_help() { <?php } +function conf_perm() { + return array("edit configuration options"); +} + function conf_view_options() { global $conf, $cmodes, $corder, $themes; @@ -97,24 +101,30 @@ function conf_view($type) { } function conf_admin() { - global $edit, $op, $type; - - print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - conf_help(); - break; - case "Reset to defaults": - print status(conf_default($edit)); - print conf_view($type); - break; - case "Save configuration": - print status(conf_save($edit)); - print conf_view($type); - break; - default: - print conf_view($type); + global $user, $edit, $op, $type; + + if (user_access($user, "edit configuration options")) { + + print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + conf_help(); + break; + case "Reset to defaults": + print status(conf_default($edit)); + print conf_view($type); + break; + case "Save configuration": + print status(conf_save($edit)); + print conf_view($type); + break; + default: + print conf_view($type); + } + } + else { + print message_access(); } } diff --git a/modules/cvs.module b/modules/cvs.module index 7eefac3de..cc81a12e6 100644 --- a/modules/cvs.module +++ b/modules/cvs.module @@ -1,5 +1,9 @@ <?php +function cvs_perm() { + return array("view CVS messages"); +} + function cvs_cron() { if (time() - variable_get("cvs_cron_last", 0) > variable_get("cvs_cron_time", time())) { variable_set("cvs_cron_last", time()); @@ -22,20 +26,27 @@ function cvs_conf_options() { } function cvs_page() { - global $theme; + global $user, $theme; - $result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50"); + if (user_access($user, "view CVS messages")) { + $result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50"); - while ($cvs = db_fetch_object($result)) { - $output .= "<b>File:</b> $cvs->files<br />"; - $output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />"; - $output .= "<b>User:</b> $cvs->user<br />"; - $output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />"; - } + while ($cvs = db_fetch_object($result)) { + $output .= "<b>File:</b> $cvs->files<br />"; + $output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />"; + $output .= "<b>User:</b> $cvs->user<br />"; + $output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />"; + } - $theme->header(); - $theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>"); - $theme->footer(); + $theme->header(); + $theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>"); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } ?>
\ No newline at end of file diff --git a/modules/diary.module b/modules/diary.module index 9cfb21c47..a186161ce 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -1,10 +1,14 @@ <?php +function diary_perm() { + return array("view diary entries", "edit diary entries"); +} + function diary_search($keys) { global $user; $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20"); while ($diary = db_fetch_object($result)) { - $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp); + $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "edit diary entries") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp); } return $find; @@ -13,25 +17,31 @@ function diary_search($keys) { function diary_page_overview($num = 20) { global $theme, $user; - $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num"); - - while ($diary = db_fetch_object($result)) { - if ($time != date("F jS", $diary->timestamp)) { - $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n"; - $time = date("F jS", $diary->timestamp); + if (user_access($user, "view diary entries")) { + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num"); + + while ($diary = db_fetch_object($result)) { + if ($time != date("F jS", $diary->timestamp)) { + $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n"; + $time = date("F jS", $diary->timestamp); + } + $output .= "<DL>\n"; + $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n"; + $output .= " <DL>\n"; + $output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n"; + $output .= " </DL>\n"; + $output .= "</DL>\n"; } - $output .= "<DL>\n"; - $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n"; - $output .= " <DL>\n"; - $output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n"; - $output .= " </DL>\n"; - $output .= "</DL>\n"; - } - - $theme->header(); - $theme->box(t("Online diary"), $output); - $theme->footer(); + $theme->header(); + $theme->box(t("Online diary"), $output); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function diary_page_entry($timestamp, $text, $id = 0) { @@ -177,7 +187,7 @@ function diary_page() { diary_page_delete(check_input($id)); diary_page_display(check_input($name)); break; - case "edit": + case "edit": diary_page_edit(check_input($id)); break; case "view": @@ -299,40 +309,40 @@ function diary_admin_display($order = "date") { function diary_admin() { - global $op, $id, $mod, $keys, $text, $order; - - print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "delete": - diary_admin_delete(check_input($id)); - diary_admin_display(); - break; - case "edit": - diary_admin_edit(check_input($id)); - break; - case "help": - diary_help(); - break; - case "search": - print search_form($keys); - print search_data($keys, $mod); - break; - case "Save diary entry": - diary_admin_save(check_input($id), check_input($text)); - diary_admin_display(); - break; - case "Update": - diary_admin_display(check_input($order)); - break; - default: - diary_admin_display(); + global $user, $op, $id, $mod, $keys, $text, $order; + + if (user_access($user, "edit diary entries")) { + + print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "delete": + diary_admin_delete(check_input($id)); + diary_admin_display(); + break; + case "edit": + diary_admin_edit(check_input($id)); + break; + case "help": + diary_help(); + break; + case "search": + print search_form($keys); + print search_data($keys, $mod); + break; + case "Save diary entry": + diary_admin_save(check_input($id), check_input($text)); + diary_admin_display(); + break; + case "Update": + diary_admin_display(check_input($order)); + break; + default: + diary_admin_display(); + } } -} - -function diary_export($uri) { - if ($uri[2] == "diary") { - print "TODO: export diary for user $uri[3]"; + else { + print message_access(); } } diff --git a/modules/forum.module b/modules/forum.module index 61d05f561..8bce520e3 100644 --- a/modules/forum.module +++ b/modules/forum.module @@ -24,9 +24,7 @@ function forum_form($edit = array()) { function forum_save($edit) { global $user, $status; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); } function forum_num_comments($nid) { @@ -40,21 +38,28 @@ function forum_last_comment($nid) { } function forum_page() { - global $theme; + global $user, $theme; - $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); + if (user_access($user, "view content")) { + $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); - $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; - $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; - while ($node = db_fetch_object($result)) { - $node = node_get_object(array("nid" => $node->nid)); - $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; - } - $output .= "</TABLE>\n"; + $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; + $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; + while ($node = db_fetch_object($result)) { + $node = node_get_object(array("nid" => $node->nid)); + $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; + } + $output .= "</TABLE>\n"; - $theme->header(); - $theme->box(t("Discussion forum"), $output); - $theme->footer(); + $theme->header(); + $theme->box(t("Discussion forum"), $output); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } ?>
\ No newline at end of file diff --git a/modules/forum/forum.module b/modules/forum/forum.module index 61d05f561..8bce520e3 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -24,9 +24,7 @@ function forum_form($edit = array()) { function forum_save($edit) { global $user, $status; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0)); } function forum_num_comments($nid) { @@ -40,21 +38,28 @@ function forum_last_comment($nid) { } function forum_page() { - global $theme; + global $user, $theme; - $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); + if (user_access($user, "view content")) { + $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title"); - $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; - $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; - while ($node = db_fetch_object($result)) { - $node = node_get_object(array("nid" => $node->nid)); - $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; - } - $output .= "</TABLE>\n"; + $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; + $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>"; + while ($node = db_fetch_object($result)) { + $node = node_get_object(array("nid" => $node->nid)); + $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>"; + } + $output .= "</TABLE>\n"; - $theme->header(); - $theme->box(t("Discussion forum"), $output); - $theme->footer(); + $theme->header(); + $theme->box(t("Discussion forum"), $output); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } ?>
\ No newline at end of file diff --git a/modules/import.module b/modules/import.module index 460084c44..8befa5beb 100644 --- a/modules/import.module +++ b/modules/import.module @@ -6,6 +6,10 @@ function import_help() { <?php } +function import_perm() { + return array("add and edit news feeds"); +} + function import_cron() { $result = db_query("SELECT * FROM feed"); while ($feed = db_fetch_array($result)) { @@ -232,54 +236,60 @@ function import_view_item() { } function import_admin() { - global $op, $id, $type, $edit; - - print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; - - switch($op) { - case "help": - print import_help(); - break; - case "add": - if ($type == "bundle") - print import_form_bundle(); - else - print import_form_feed(); - break; - case "edit": - if ($type == "bundle") - print import_form_bundle(import_get_bundle($id)); - else - print import_form_feed(import_get_feed($id)); - break; - case "remove": - print status(import_remove(import_get_feed($id))); - print import_view_feed(); - break; - case "update": - print status(import_update(import_get_feed($id))); - print import_view_feed(); - break; - case "Save attributes": - print status(import_save_attributes($edit)); - print import_view_item(); - break; - case "Delete": - $edit[title] = 0; - // fall through: - case "Submit": - if ($type == "bundle") - print status(import_save_bundle($edit)); - else - print status(import_save_feed($edit)); - // fall through: - default: - if ($type == "bundle") - print import_view_bundle(); - else if ($type == "item") - print import_view_item(); - else + global $user, $op, $id, $type, $edit; + + if (user_access($user, "add and edit news feeds")) { + + print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>"; + + switch($op) { + case "help": + print import_help(); + break; + case "add": + if ($type == "bundle") + print import_form_bundle(); + else + print import_form_feed(); + break; + case "edit": + if ($type == "bundle") + print import_form_bundle(import_get_bundle($id)); + else + print import_form_feed(import_get_feed($id)); + break; + case "remove": + print status(import_remove(import_get_feed($id))); + print import_view_feed(); + break; + case "update": + print status(import_update(import_get_feed($id))); print import_view_feed(); + break; + case "Save attributes": + print status(import_save_attributes($edit)); + print import_view_item(); + break; + case "Delete": + $edit[title] = 0; + // fall through: + case "Submit": + if ($type == "bundle") + print status(import_save_bundle($edit)); + else + print status(import_save_feed($edit)); + // fall through: + default: + if ($type == "bundle") + print import_view_bundle(); + else if ($type == "item") + print import_view_item(); + else + print import_view_feed(); + } + } + else { + print message_access(); } } diff --git a/modules/locale.module b/modules/locale.module index 065468e9c..db1e58127 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -24,6 +24,10 @@ function locale_help() { <?php } +function locale_perm() { + return array("add and edit locales"); +} + function locale_conf_options() { return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support.")); } @@ -83,26 +87,31 @@ function locale_overview() { } function locale_admin() { - global $id, $edit, $op; - - print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "delete": - print status(locale_delete(check_input($id))); - print locale_overview(); - break; - case "help": - print locale_help(); - break; - case "edit": - print locale_edit(check_input($id)); - break; - case "Save translations": - print locale_save(check_input($id), $edit); - // fall through - default: - print locale_overview(); + global $user, $id, $edit, $op; + + if (user_access($user, "add and edit locales")) { + print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "delete": + print status(locale_delete(check_input($id))); + print locale_overview(); + break; + case "help": + print locale_help(); + break; + case "edit": + print locale_edit(check_input($id)); + break; + case "Save translations": + print locale_save(check_input($id), $edit); + // fall through + default: + print locale_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/locale/locale.module b/modules/locale/locale.module index 065468e9c..db1e58127 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -24,6 +24,10 @@ function locale_help() { <?php } +function locale_perm() { + return array("add and edit locales"); +} + function locale_conf_options() { return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support.")); } @@ -83,26 +87,31 @@ function locale_overview() { } function locale_admin() { - global $id, $edit, $op; - - print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "delete": - print status(locale_delete(check_input($id))); - print locale_overview(); - break; - case "help": - print locale_help(); - break; - case "edit": - print locale_edit(check_input($id)); - break; - case "Save translations": - print locale_save(check_input($id), $edit); - // fall through - default: - print locale_overview(); + global $user, $id, $edit, $op; + + if (user_access($user, "add and edit locales")) { + print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "delete": + print status(locale_delete(check_input($id))); + print locale_overview(); + break; + case "help": + print locale_help(); + break; + case "edit": + print locale_edit(check_input($id)); + break; + case "Save translations": + print locale_save(check_input($id), $edit); + // fall through + default: + print locale_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/meta.module b/modules/meta.module index a46857ec1..092bf1d4c 100644 --- a/modules/meta.module +++ b/modules/meta.module @@ -6,6 +6,10 @@ function meta_help() { <?php } +function meta_conf() { + return array("add and edit meta tags"); +} + function meta_form($type, $edit = array()) { $c = db_query("SELECT * FROM collection WHERE types LIKE '%". check_input($type) ."%'"); while ($collection = db_fetch_object($c)) { @@ -125,40 +129,46 @@ function meta_overview() { } function meta_admin() { - global $edit, $type, $op, $id; - - print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "add": - if ($type == "collection") - print meta_form_collection(); - else - print meta_form_tag(); - break; - case "edit": - if ($type == "collection") - print meta_form_collection(meta_get_collection($id)); - else - print meta_form_tag(meta_get_tag($id)); - break; - case "help": - print meta_help(); - break; - case "preview": - print meta_preview(); - break; - case "Delete": - $edit[name] = 0; - // fall through: - case "Submit": - if ($type == "collection") - print status(meta_save_collection($edit)); - else - print status(meta_save_tag($edit)); - // fall through: - default: - print meta_overview(); + global $user, $edit, $type, $op, $id; + + if (user_access($user, "add and edit meta tags")) { + + print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "add": + if ($type == "collection") + print meta_form_collection(); + else + print meta_form_tag(); + break; + case "edit": + if ($type == "collection") + print meta_form_collection(meta_get_collection($id)); + else + print meta_form_tag(meta_get_tag($id)); + break; + case "help": + print meta_help(); + break; + case "preview": + print meta_preview(); + break; + case "Delete": + $edit[name] = 0; + // fall through: + case "Submit": + if ($type == "collection") + print status(meta_save_collection($edit)); + else + print status(meta_save_tag($edit)); + // fall through: + default: + print meta_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/moderate.module b/modules/moderate.module index c3db8abab..a75402c3a 100644 --- a/modules/moderate.module +++ b/modules/moderate.module @@ -1,5 +1,9 @@ <?php +function moderate_perm() { + return array("access moderation pages"); +} + function moderate_comment_access($cid) { global $user; return db_fetch_object(db_query("SELECT n.moderate FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE c.cid = '". check_input($cid) ."' AND n.moderate LIKE '%$user->userid%'")); @@ -37,7 +41,7 @@ function moderate_node($edit, $name) { return node_invoke($edit, $name); } else { - return status(t("access denied")); + return status(message_access()); } } @@ -54,7 +58,7 @@ function moderate_comment_edit($id) { return comment_edit($id); } else { - return "access denied"; + return status(message_access()); } } @@ -63,41 +67,47 @@ function moderate_comment_save($id, $edit) { return comment_save($id, $edit); } else { - return "access denied"; + return status(message_access()); } } function moderate_admin() { - global $op, $id, $edit, $type; - - switch ($type) { - case "comment": - switch ($op) { - case "edit": - print moderate_comment_edit($id); - break; - case t("Submit"): - print status(moderate_comment_save($id, $edit)); - // fall through: - default: - print moderate_overview(); + global $user, $op, $id, $edit, $type; + + if (user_access($user, "access moderation pages")) { + + switch ($type) { + case "comment": + switch ($op) { + case "edit": + print moderate_comment_edit($id); + break; + case t("Submit"): + print status(moderate_comment_save($id, $edit)); + // fall through: + default: + print moderate_overview(); + } + break; + default: + switch ($op) { + case "edit": + print moderate_node_edit(node_get_array(array("nid" => $id))); + break; + case t("Preview"): + print moderate_node_edit($edit); + break; + case t("Submit"): + print status(moderate_node_save($edit)); + // fall through: + default: + print moderate_overview(); } - break; - default: - switch ($op) { - case "edit": - print moderate_node_edit(node_get_array(array("nid" => $id))); - break; - case t("Preview"): - print moderate_node_edit($edit); - break; - case t("Submit"): - print status(moderate_node_save($edit)); - // fall through: - default: - print moderate_overview(); } } + else { + print message_access(); + } } ?> diff --git a/modules/module.module b/modules/module.module index f11832770..71bcc99a7 100644 --- a/modules/module.module +++ b/modules/module.module @@ -6,6 +6,10 @@ function module_help() { <?php } +function module_perm() { + return array("install and uninstall modules"); +} + function module_admin_rehash() { $result = db_query("SELECT * FROM modules"); while ($module = db_fetch_object($result)) { @@ -33,24 +37,30 @@ function module_admin_overview() { } function module_admin() { - global $op, $name; - - print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - module_help(); - break; - case "rehash": - module_rehash($name); - module_admin_overview(); - break; - case "Rehash modules": - module_admin_rehash(); - module_admin_overview(); - break; - default: - module_admin_overview(); + global $user, $op, $name; + + if (user_access($user, "install and uninstall modules")) { + + print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + module_help(); + break; + case "rehash": + module_rehash($name); + module_admin_overview(); + break; + case "Rehash modules": + module_admin_rehash(); + module_admin_overview(); + break; + default: + module_admin_overview(); + } + } + else { + print message_access(); } } diff --git a/modules/node.module b/modules/node.module index 8e600e867..0b32efb40 100644 --- a/modules/node.module +++ b/modules/node.module @@ -26,6 +26,10 @@ function node_help() { } } +function node_perm() { + return array("add and edit nodes"); +} + function node_conf_options() { $output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page.")); return $output; @@ -260,77 +264,83 @@ function node_edit($node) { } function node_admin() { - global $op, $id, $edit, $query, $type, $keys; + global $user, $op, $id, $edit, $query, $type, $keys; - foreach (module_list() as $name) { - if (module_hook($name, "status") && $name != "node") { - $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + if (user_access($user, "add and edit nodes")) { + + foreach (module_list() as $name) { + if (module_hook($name, "status") && $name != "node") { + $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + } } - } - print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; - - $id = check_input($edit[nid] ? $edit[nid] : $id); - - switch ($op) { - case "add": - print module_invoke($type, "form"); - break; - case "help": - print node_help(); - break; - case "search": - print node_module_find($id); - print search_data($keys, $type); - break; - case "status": - print node_edit_status($id); - break; - case "option": - print node_edit_option($id); - break; - case "attribute": - print node_edit_attribute($id); - break; - case "content": - print node_edit_content(node_get_array(array("nid" => $id)), $type); - break; - case "default": - print node_setting(); - break; - case "delete": - print status(node_delete($id)); - print node_overview($query); - break; - case "listing": - print node_listing(node_query()); - break; - case "Save settings": - print status(conf_save($edit)); - print node_setting(); - break; - case "Reset to defaults": - print status(conf_default($edit)); - print node_setting(); - break; - case "Save node": - print node_admin_save($edit); - print node_overview($query); - break; - case "edit": - print node_edit(node_get_object(array("nid" => $id))); - break; - case "view": - print node_module_view(node_get_array(array("nid" => $id)), $type); - break; - case "Preview": - print node_edit_content($edit, $type); - break; - case "Submit": - print status(node_save_content($edit, $type)); - // fall through: - default: - print node_overview($query); + print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; + + $id = check_input($edit[nid] ? $edit[nid] : $id); + + switch ($op) { + case "add": + print module_invoke($type, "form"); + break; + case "help": + print node_help(); + break; + case "search": + print node_module_find($id); + print search_data($keys, $type); + break; + case "status": + print node_edit_status($id); + break; + case "option": + print node_edit_option($id); + break; + case "attribute": + print node_edit_attribute($id); + break; + case "content": + print node_edit_content(node_get_array(array("nid" => $id)), $type); + break; + case "default": + print node_setting(); + break; + case "delete": + print status(node_delete($id)); + print node_overview($query); + break; + case "listing": + print node_listing(node_query()); + break; + case "Save settings": + print status(conf_save($edit)); + print node_setting(); + break; + case "Reset to defaults": + print status(conf_default($edit)); + print node_setting(); + break; + case "Save node": + print node_admin_save($edit); + print node_overview($query); + break; + case "edit": + print node_edit(node_get_object(array("nid" => $id))); + break; + case "view": + print node_module_view(node_get_array(array("nid" => $id)), $type); + break; + case "Preview": + print node_edit_content($edit, $type); + break; + case "Submit": + print status(node_save_content($edit, $type)); + // fall through: + default: + print node_overview($query); + } + } + else { + print message_access(); } } diff --git a/modules/node/node.module b/modules/node/node.module index 8e600e867..0b32efb40 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -26,6 +26,10 @@ function node_help() { } } +function node_perm() { + return array("add and edit nodes"); +} + function node_conf_options() { $output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page.")); return $output; @@ -260,77 +264,83 @@ function node_edit($node) { } function node_admin() { - global $op, $id, $edit, $query, $type, $keys; + global $user, $op, $id, $edit, $query, $type, $keys; - foreach (module_list() as $name) { - if (module_hook($name, "status") && $name != "node") { - $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + if (user_access($user, "add and edit nodes")) { + + foreach (module_list() as $name) { + if (module_hook($name, "status") && $name != "node") { + $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>"; + } } - } - print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; - - $id = check_input($edit[nid] ? $edit[nid] : $id); - - switch ($op) { - case "add": - print module_invoke($type, "form"); - break; - case "help": - print node_help(); - break; - case "search": - print node_module_find($id); - print search_data($keys, $type); - break; - case "status": - print node_edit_status($id); - break; - case "option": - print node_edit_option($id); - break; - case "attribute": - print node_edit_attribute($id); - break; - case "content": - print node_edit_content(node_get_array(array("nid" => $id)), $type); - break; - case "default": - print node_setting(); - break; - case "delete": - print status(node_delete($id)); - print node_overview($query); - break; - case "listing": - print node_listing(node_query()); - break; - case "Save settings": - print status(conf_save($edit)); - print node_setting(); - break; - case "Reset to defaults": - print status(conf_default($edit)); - print node_setting(); - break; - case "Save node": - print node_admin_save($edit); - print node_overview($query); - break; - case "edit": - print node_edit(node_get_object(array("nid" => $id))); - break; - case "view": - print node_module_view(node_get_array(array("nid" => $id)), $type); - break; - case "Preview": - print node_edit_content($edit, $type); - break; - case "Submit": - print status(node_save_content($edit, $type)); - // fall through: - default: - print node_overview($query); + print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n"; + + $id = check_input($edit[nid] ? $edit[nid] : $id); + + switch ($op) { + case "add": + print module_invoke($type, "form"); + break; + case "help": + print node_help(); + break; + case "search": + print node_module_find($id); + print search_data($keys, $type); + break; + case "status": + print node_edit_status($id); + break; + case "option": + print node_edit_option($id); + break; + case "attribute": + print node_edit_attribute($id); + break; + case "content": + print node_edit_content(node_get_array(array("nid" => $id)), $type); + break; + case "default": + print node_setting(); + break; + case "delete": + print status(node_delete($id)); + print node_overview($query); + break; + case "listing": + print node_listing(node_query()); + break; + case "Save settings": + print status(conf_save($edit)); + print node_setting(); + break; + case "Reset to defaults": + print status(conf_default($edit)); + print node_setting(); + break; + case "Save node": + print node_admin_save($edit); + print node_overview($query); + break; + case "edit": + print node_edit(node_get_object(array("nid" => $id))); + break; + case "view": + print node_module_view(node_get_array(array("nid" => $id)), $type); + break; + case "Preview": + print node_edit_content($edit, $type); + break; + case "Submit": + print status(node_save_content($edit, $type)); + // fall through: + default: + print node_overview($query); + } + } + else { + print message_access(); } } diff --git a/modules/page.module b/modules/page.module index 88739cbb4..8625230a1 100644 --- a/modules/page.module +++ b/modules/page.module @@ -57,9 +57,7 @@ function page_form($edit = array()) { function page_save($edit) { global $status, $user; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); } ?>
\ No newline at end of file diff --git a/modules/page/page.module b/modules/page/page.module index 88739cbb4..8625230a1 100644 --- a/modules/page/page.module +++ b/modules/page/page.module @@ -57,9 +57,7 @@ function page_form($edit = array()) { function page_save($edit) { global $status, $user; - if (user_access($user)) { - node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); - } + node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0)); } ?>
\ No newline at end of file diff --git a/modules/poll.module b/modules/poll.module index f99718e94..01b143654 100644 --- a/modules/poll.module +++ b/modules/poll.module @@ -78,7 +78,7 @@ function poll_search($keys) { global $status, $user; $result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20"); while ($poll = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); + $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); } return $find; } @@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) { $active = array(0 => "Closed", 1 => "Active"); - $admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0; + $admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0; if ($edit[title]) { $form .= poll_view(new Poll(node_preview($edit))); @@ -234,7 +234,7 @@ function poll_save($edit) { if (!$edit[nid]) { $nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => "")); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { $nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll")); db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'"); } diff --git a/modules/poll/poll.module b/modules/poll/poll.module index f99718e94..01b143654 100644 --- a/modules/poll/poll.module +++ b/modules/poll/poll.module @@ -78,7 +78,7 @@ function poll_search($keys) { global $status, $user; $result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20"); while ($poll = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); + $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp); } return $find; } @@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) { $active = array(0 => "Closed", 1 => "Active"); - $admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0; + $admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0; if ($edit[title]) { $form .= poll_view(new Poll(node_preview($edit))); @@ -234,7 +234,7 @@ function poll_save($edit) { if (!$edit[nid]) { $nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => "")); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { $nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll")); db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'"); } diff --git a/modules/queue.module b/modules/queue.module index 0eb1684df..3776ee2a3 100644 --- a/modules/queue.module +++ b/modules/queue.module @@ -5,6 +5,10 @@ function queue_conf_options() { $output .= form_select(t("Discard entries older than"), "queue_clear", variable_get("queue_clear", 604800), $period, t("The time nodes should be kept in the moderation queue. Older entries will be automatically discarded. Requires crontab.")); return $output; } +function queue_perm() { + return array("access moderation queue"); +} + function queue_cron() { global $status; db_query("UPDATE node SET status = '$status[dumped]' WHERE status = '$status[queued]' AND ". time() ." - timestamp > ". variable_get("queue_clear", 604800)); @@ -110,7 +114,7 @@ function queue_node($id) { function queue_page() { global $id, $op, $theme, $user, $vote; - if ($user->id) { + if ($user->id && user_access($user, "access moderation queue")) { switch($op) { case "Vote"; queue_vote(check_input($id), check_input($vote)); @@ -125,7 +129,7 @@ function queue_page() { } else { $theme->header(); - $theme->box(t("Moderation queue"), message_account()); + $theme->box(t("Moderation queue"), message_access()); $theme->footer(); } } diff --git a/modules/rating.module b/modules/rating.module index e4abb066d..164b1ecca 100644 --- a/modules/rating.module +++ b/modules/rating.module @@ -1,5 +1,9 @@ <?php +function rating_perm() { + return array("view user ratings"); +} + function rating_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 1000000000 => t("Never")); $output .= form_select(t("Update interval"), "rating_cron_time" , variable_get("rating_cron_time", 86400), $period, t("The update interval for the user ratings. Requires crontab.")); @@ -79,10 +83,18 @@ function rating_list($limit) { } function rating_page() { - global $theme; - $theme->header(); - $theme->box("Top 100 users", rating_list(100)); - $theme->footer(); + global $user, $theme; + + if (user_access($user, "view user ratings")) { + $theme->header(); + $theme->box(t("Top 100 users"), rating_list(100)); + $theme->footer(); + } + else { + $theme->header(); + $theme->box(t("Access denied"), message_access()); + $theme->footer(); + } } function rating_block() { diff --git a/modules/story.module b/modules/story.module index ca9ff6946..9773f2af4 100644 --- a/modules/story.module +++ b/modules/story.module @@ -16,7 +16,7 @@ function story_search($keys) { global $status, $user; $result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20"); while ($story = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); + $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); } return $find; } @@ -75,7 +75,7 @@ function story_save($edit) { if (!$edit[nid]) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story")); } } diff --git a/modules/story/story.module b/modules/story/story.module index ca9ff6946..9773f2af4 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -16,7 +16,7 @@ function story_search($keys) { global $status, $user; $result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20"); while ($story = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); + $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp); } return $find; } @@ -75,7 +75,7 @@ function story_save($edit) { if (!$edit[nid]) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0)); } - else if (user_access($user)) { + else if (user_access($user, "add and edit nodes")) { node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story")); } } diff --git a/modules/watchdog.module b/modules/watchdog.module index 02c7c23ca..23d4c8d28 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -7,6 +7,10 @@ function watchdog_help() { <?php } +function watchdog_perm() { + return array("access watchdog"); +} + function watchdog_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never")); $output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab.")); @@ -53,19 +57,25 @@ function watchdog_view($id) { } function watchdog_admin() { - global $op, $id, $type, $order; - - print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - watchdog_help(); - break; - case "view": - print watchdog_view(check_input($id)); - break; - default: - print watchdog_overview($type); + global $user, $op, $id, $type, $order; + + if (user_access($user, "access watchdog")) { + + print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + watchdog_help(); + break; + case "view": + print watchdog_view(check_input($id)); + break; + default: + print watchdog_overview($type); + } + } + else { + print message_access(); } } diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index 02c7c23ca..23d4c8d28 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -7,6 +7,10 @@ function watchdog_help() { <?php } +function watchdog_perm() { + return array("access watchdog"); +} + function watchdog_conf_options() { $period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never")); $output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab.")); @@ -53,19 +57,25 @@ function watchdog_view($id) { } function watchdog_admin() { - global $op, $id, $type, $order; - - print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; - - switch ($op) { - case "help": - watchdog_help(); - break; - case "view": - print watchdog_view(check_input($id)); - break; - default: - print watchdog_overview($type); + global $user, $op, $id, $type, $order; + + if (user_access($user, "access watchdog")) { + + print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n"; + + switch ($op) { + case "help": + watchdog_help(); + break; + case "view": + print watchdog_view(check_input($id)); + break; + default: + print watchdog_overview($type); + } + } + else { + print message_access(); } } |