#305566 by agentrickard and moshe weitzman: Split 'bypass node access' from 'administer nodes'.

3 files changed, 32 insertions, 5 deletions

diff --git a/modules/node/node.module b/modules/node/node.module
index 0f8c5f9fd..176804062 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -1176,12 +1176,16 @@ function node_perm() {
     ),
     'administer nodes' => array(
       'title' => t('Administer nodes'),
-      'description' => t('Manage all website content, and bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
+      'description' => t('Manage all information associated with site content, such as author, publication date and current revision. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
     ),
     'access content' => array(
       'title' => t('Access content'),
       'description' => t('View published content.'),
     ),
+    'bypass node access' => array(
+      'title' => t('Bypass node access'),
+      'description' => t('View, edit and delete all site content. Users with this permission will bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
+    ),
     'view revisions' => array(
       'title' => t('View revisions'),
       'description' => t('View content revisions.'),
@@ -2100,7 +2104,7 @@ function node_access($op, $node, $account = NULL) {
     return FALSE;
   }
 
-  if (user_access('administer nodes', $account)) {
+  if (user_access('bypass node access', $account)) {
     return TRUE;
   }
 
@@ -2157,7 +2161,7 @@ function node_access($op, $node, $account = NULL) {
  *   An SQL join clause.
  */
 function _node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
-  if (user_access('administer nodes')) {
+  if (user_access('bypass node access')) {
     return '';
   }
 
@@ -2179,7 +2183,7 @@ function _node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
  *   An SQL where clause.
  */
 function _node_access_where_sql($op = 'view', $node_access_alias = 'na', $account = NULL) {
-  if (user_access('administer nodes')) {
+  if (user_access('bypass node access')) {
     return;
   }
 
diff --git a/modules/node/node.test b/modules/node/node.test
index 764f989bf..13753ea53 100644
--- a/modules/node/node.test
+++ b/modules/node/node.test
@@ -417,7 +417,7 @@ class PageViewTestCase extends DrupalWebTestCase {
     $this->assertResponse(403);
 
     // Create user with permission to edit node.
-    $web_user = $this->drupalCreateUser(array('administer nodes'));
+    $web_user = $this->drupalCreateUser(array('bypass node access'));
     $this->drupalLogin($web_user);
 
     // Attempt to access edit page.
diff --git a/modules/system/system.install b/modules/system/system.install
index cbdc52ff8..3a5904dfd 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -3048,6 +3048,29 @@ function system_update_7010() {
 }
 
 /**
+ * Split the 'bypass node access' permission from 'administer nodes'.
+ */
+function system_update_7011() {
+  $ret = array();
+  // Get existing roles that can 'administer nodes'.
+  $rids = array();
+  $rids = db_query("SELECT rid FROM {role_permission} WHERE permission = :perm", array(':perm' => 'administer nodes'))->fetchCol();
+  // None found.
+  if (empty($rids)) {
+    return $ret;
+  }
+  $insert = db_insert('role_permission')->fields(array('rid', 'permission'));
+  foreach ($rids as $rid) {
+    $insert->values(array(
+    'rid' => $rid,
+    'permission' => 'bypass node access',
+    ));
+  }
+  $insert->execute();  
+  return $ret;
+}
+
+/**
  * @} End of "defgroup updates-6.x-to-7.x"
  * The next series of updates should start at 8000.
  */