diff options
| -rw-r--r-- | CHANGELOG.txt | 27 | ||||
| -rw-r--r-- | database/database.mysql | 18 | ||||
| -rw-r--r-- | database/updates.inc | 19 | ||||
| -rw-r--r-- | modules/archive.module | 2 | ||||
| -rw-r--r-- | modules/archive/archive.module | 2 | ||||
| -rw-r--r-- | modules/blog.module | 21 | ||||
| -rw-r--r-- | modules/blog/blog.module | 21 | ||||
| -rw-r--r-- | modules/book.module | 12 | ||||
| -rw-r--r-- | modules/book/book.module | 12 | ||||
| -rw-r--r-- | modules/forum.module | 31 | ||||
| -rw-r--r-- | modules/forum/forum.module | 31 | ||||
| -rw-r--r-- | modules/node.module | 207 | ||||
| -rw-r--r-- | modules/node/node.module | 207 | ||||
| -rw-r--r-- | modules/page.module | 14 | ||||
| -rw-r--r-- | modules/page/page.module | 14 | ||||
| -rw-r--r-- | modules/poll.module | 8 | ||||
| -rw-r--r-- | modules/poll/poll.module | 8 | ||||
| -rw-r--r-- | modules/story.module | 14 | ||||
| -rw-r--r-- | modules/story/story.module | 14 | ||||
| -rw-r--r-- | modules/taxonomy.module | 8 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.module | 8 | ||||
| -rw-r--r-- | modules/tracker.module | 5 | ||||
| -rw-r--r-- | modules/tracker/tracker.module | 5 | ||||
| -rw-r--r-- | modules/user.module | 8 | ||||
| -rw-r--r-- | modules/user/user.module | 8 |
25 files changed, 477 insertions, 247 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 699dea7ad..90a2e92dc 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,5 @@ Drupal x.x.x, xxxx-xx-xx ------------------------ - - navigation: * made it possible to add, delete, rename and move menu items. * introduced tabs and subtabs for local tasks. @@ -8,7 +7,9 @@ Drupal x.x.x, xxxx-xx-xx - user management: * added support for multiple roles per user. * made it possible to add custom profile fields. - * made it possible to browse the profiles by field. + * made it possible to browse user profiles by field. +- node system: + * added support for node-level permissions. - comment module: * made it possible to comment without having to register. - forum module: @@ -17,7 +18,8 @@ Drupal x.x.x, xxxx-xx-xx - syndication: * added support for RSS ping-notifications of http://technorati.com/. * refactored the categorization of syndicated news items. - * added URL aliases for 'rss.xml' and 'index.rdf'. + * added an URL alias for 'rss.xml'. + * improved date parsing. - database backend: * added support for multiple database connections. - theme system: @@ -27,8 +29,6 @@ Drupal x.x.x, xxxx-xx-xx * added 'categories' block. - blogger API: * added support for auto-discovery of blogger API via RSD. -- news aggregator: - * improved date parsing. - performance: * added support for sending gzip compressed pages. - accessibility: @@ -38,22 +38,16 @@ Drupal x.x.x, xxxx-xx-xx - documentation: * added PHPDoc/Doxygen comments. - Drupal 4.4.2, 2004-07-04 ------------------------ - - fixed bugs: no critical bugs were identified. - Drupal 4.4.1, 2004-05-01 ------------------------ - - fixed bugs: no critical bugs were identified. - Drupal 4.4.0, 2004-04-01 ------------------------ - - added support for the MetaWeblog API and MovableType extensions. - added a file API: enables better document management. - improved the watchdog and search module to log search keys. @@ -92,22 +86,16 @@ Drupal 4.4.0, 2004-04-01 - documentation: * added PHPDoc/Doxygen comments. - Drupal 4.3.2, 2004-01-01 ------------------------ - - fixed bugs: no critical bugs were identified. - Drupal 4.3.1, 2003-12-01 ------------------------ - - fixed bugs: no critical bugs were identified. - Drupal 4.3.0, 2003-11-01 ------------------------ - - added support for configurable URLs. - added support for sortable table columns. - database backend: @@ -131,7 +119,6 @@ Drupal 4.3.0, 2003-11-01 Drupal 4.2.0, 2003-08-01 ------------------------ - - added support for clean URLs. - added textarea hook and support for onload attributes: enables integration of WYSIWYG editors. - rewrote the RSS/RDF parser: @@ -159,7 +146,6 @@ Drupal 4.2.0, 2003-08-01 Drupal 4.1.0, 2003-02-01 ------------------------ - - collaboratively revised and expanded the Drupal documentation. - rewrote comment.module: * reintroduced comment rating/moderation. @@ -214,12 +200,11 @@ Drupal 4.0.0, 2002-06-15 * blocks can be set to only show up on some pages. * merged box module with block module. - node system: - * fixed node retrieval based on titles. * blogs can be updated. * teasers (abstracts) on all node types. * improved error checking. - * usability improvements. * content versioning support. + * usability improvements. - improved book module to support text, HTML and PHP pages. - improved comment module to mark new comments. - added a general outliner which will let any node type be linked to a book. diff --git a/database/database.mysql b/database/database.mysql index 003fb35d2..30591c8ef 100644 --- a/database/database.mysql +++ b/database/database.mysql @@ -339,7 +339,21 @@ CREATE TABLE node ( KEY node_changed (changed) ) TYPE=MyISAM; --- +# +# Table structure for table `node_access` +# + +CREATE TABLE node_access ( + nid int(10) unsigned NOT NULL default '0', + gid int(10) unsigned NOT NULL default '0', + realm varchar(255) NOT NULL default '', + grant_view tinyint(1) unsigned NOT NULL default '0', + grant_update tinyint(1) unsigned NOT NULL default '0', + grant_delete tinyint(1) unsigned NOT NULL default '0', + PRIMARY KEY (nid,gid,realm) +) TYPE=MyISAM; + +- -- Table structure for table 'page' -- @@ -682,3 +696,5 @@ REPLACE blocks SET module = 'user', delta = '0', status = '1'; REPLACE blocks SET module = 'user', delta = '1', status = '1'; INSERT INTO sequences (name, id) VALUES ('menu_mid', 1); + +INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0); diff --git a/database/updates.inc b/database/updates.inc index ef1d86968..501f7cd15 100644 --- a/database/updates.inc +++ b/database/updates.inc @@ -65,7 +65,8 @@ $sql_updates = array( "2004-06-30" => "update_91", "2004-07-07" => "update_92", "2004-07-11" => "update_93", - "2004-07-22" => "update_94" + "2004-07-22" => "update_94", + "2004-07-30" => "update_95" ); function update_32() { @@ -1187,6 +1188,22 @@ function update_94() { return $ret; } +function update_95() { + $ret = array(); + + $ret[] = update_sql("CREATE TABLE node_access ( + nid int(10) unsigned NOT NULL default '0', + gid int(10) unsigned NOT NULL default '0', + realm varchar(255) NOT NULL default '', + grant_view tinyint(1) unsigned NOT NULL default '0', + grant_update tinyint(1) unsigned NOT NULL default '0', + grant_delete tinyint(1) unsigned NOT NULL default '0', + PRIMARY KEY (nid,gid,realm) + )"); + $ret[] = update_sql("INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);"); + return $ret; +} + function update_sql($sql) { $edit = $_POST["edit"]; $result = db_query($sql); diff --git a/modules/archive.module b/modules/archive.module index db1c8e5f7..359d9e189 100644 --- a/modules/archive.module +++ b/modules/archive.module @@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) { if ($year && $month && $day) { // Fetch nodes for the selected date, if one was specified. - $result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20); + $result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20); while ($nid = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $nid->nid)), 1); diff --git a/modules/archive/archive.module b/modules/archive/archive.module index db1c8e5f7..359d9e189 100644 --- a/modules/archive/archive.module +++ b/modules/archive/archive.module @@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) { if ($year && $month && $day) { // Fetch nodes for the selected date, if one was specified. - $result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20); + $result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20); while ($nid = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $nid->nid)), 1); diff --git a/modules/blog.module b/modules/blog.module index 6d64a5713..0401a98fc 100644 --- a/modules/blog.module +++ b/modules/blog.module @@ -30,22 +30,15 @@ function blog_perm() { function blog_access($op, $node) { global $user; - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('edit own blog') && $user->uid; } - if ($op == 'update') { - return user_access('edit own blog') && ($user->uid == $node->uid); - } - - if ($op == 'delete') { - return user_access('edit own blog') && ($user->uid == $node->uid); + if ($op == 'update' || $op == 'delete') { + if (user_access('edit own blog') && ($user->uid == $node->uid)) { + return TRUE; + } } - } /** @@ -143,7 +136,7 @@ function blog_page_user($uid) { $title = t("%name's blog", array('%name' => $account->name)); $output = ''; - $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid); + $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid); while ($node = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $node->nid)), 1); } @@ -162,7 +155,7 @@ function blog_page_last() { $output = ''; - $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10)); + $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10)); while ($node = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $node->nid)), 1); @@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) { } else { if (user_access('access content')) { - $block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10)); + $block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10)); $block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>'; $block['subject'] = t('Recent blog posts'); } diff --git a/modules/blog/blog.module b/modules/blog/blog.module index 6d64a5713..0401a98fc 100644 --- a/modules/blog/blog.module +++ b/modules/blog/blog.module @@ -30,22 +30,15 @@ function blog_perm() { function blog_access($op, $node) { global $user; - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('edit own blog') && $user->uid; } - if ($op == 'update') { - return user_access('edit own blog') && ($user->uid == $node->uid); - } - - if ($op == 'delete') { - return user_access('edit own blog') && ($user->uid == $node->uid); + if ($op == 'update' || $op == 'delete') { + if (user_access('edit own blog') && ($user->uid == $node->uid)) { + return TRUE; + } } - } /** @@ -143,7 +136,7 @@ function blog_page_user($uid) { $title = t("%name's blog", array('%name' => $account->name)); $output = ''; - $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid); + $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid); while ($node = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $node->nid)), 1); } @@ -162,7 +155,7 @@ function blog_page_last() { $output = ''; - $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10)); + $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10)); while ($node = db_fetch_object($result)) { $output .= node_view(node_load(array('nid' => $node->nid)), 1); @@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) { } else { if (user_access('access content')) { - $block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10)); + $block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10)); $block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>'; $block['subject'] = t('Recent blog posts'); } diff --git a/modules/book.module b/modules/book.module index a378d73c5..216c53577 100644 --- a/modules/book.module +++ b/modules/book.module @@ -371,7 +371,7 @@ function book_prev($node) { */ function book_next($node) { // get first direct child - $child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid)); + $child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid)); if ($child) { return $child; } @@ -380,7 +380,7 @@ function book_next($node) { array_push($path = book_location($node), $node); // Path to top-level node including this one. while (($leaf = array_pop($path)) && count($path)) { - $next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title)); + $next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title)); if ($next) { return $next; } @@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) { } function book_toc($parent = 0, $indent = '', $toc = array()) { - $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title'); + $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title'); while ($node = db_fetch_object($result)) { if (!$children[$node->parent]) { @@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) { } function book_tree($parent = 0, $depth = 3, $unfold = array()) { - $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title'); + $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title'); while ($node = db_fetch_object($result)) { $list = $children[$node->parent] ? $children[$node->parent] : array(); @@ -630,7 +630,7 @@ function book_render() { */ function book_print($nid = 0, $depth = 1) { global $base_url; - $result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid); + $result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid); while ($page = db_fetch_object($result)) { // load the node: @@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) { } function book_print_recurse($parent = '', $depth = 1) { - $result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title"); + $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title"); while ($page = db_fetch_object($result)) { // Load the node: diff --git a/modules/book/book.module b/modules/book/book.module index a378d73c5..216c53577 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -371,7 +371,7 @@ function book_prev($node) { */ function book_next($node) { // get first direct child - $child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid)); + $child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid)); if ($child) { return $child; } @@ -380,7 +380,7 @@ function book_next($node) { array_push($path = book_location($node), $node); // Path to top-level node including this one. while (($leaf = array_pop($path)) && count($path)) { - $next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title)); + $next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title)); if ($next) { return $next; } @@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) { } function book_toc($parent = 0, $indent = '', $toc = array()) { - $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title'); + $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title'); while ($node = db_fetch_object($result)) { if (!$children[$node->parent]) { @@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) { } function book_tree($parent = 0, $depth = 3, $unfold = array()) { - $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title'); + $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title'); while ($node = db_fetch_object($result)) { $list = $children[$node->parent] ? $children[$node->parent] : array(); @@ -630,7 +630,7 @@ function book_render() { */ function book_print($nid = 0, $depth = 1) { global $base_url; - $result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid); + $result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid); while ($page = db_fetch_object($result)) { // load the node: @@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) { } function book_print_recurse($parent = '', $depth = 1) { - $result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title"); + $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title"); while ($page = db_fetch_object($result)) { // Load the node: diff --git a/modules/forum.module b/modules/forum.module index 0843d0171..aaad68486 100644 --- a/modules/forum.module +++ b/modules/forum.module @@ -36,9 +36,6 @@ function forum_node_name($node) { * Implementation of hook_access(). */ function forum_access($op, $node) { - if ($op == 'view') { - return $node->status; - } if ($op == 'create') { return user_access('create forum topics'); } @@ -121,9 +118,9 @@ function forum_block($op = 'list', $delta = 0) { } else { if (user_access('access content')) { - $content = node_title_list(db_query_range("SELECT n.nid, n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:')); + $content = node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n ". node_access_join_sql() ." LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:')); - $content .= node_title_list(db_query_range("SELECT nid, title FROM {node} WHERE type = 'forum' AND status = 1 ORDER BY nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:')); + $content .= node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY n.nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:')); if ($content) { $content .= '<div class="more-link">'. l(t('more'), 'forum', array('title' => t('Read the latest forum topics.'))) .'</div>'; @@ -152,7 +149,7 @@ function forum_link($type, $node = 0, $main = 0) { if (!$main && $type == 'node' && $node->type == 'forum') { // get previous and next topic - $result = db_query('SELECT n.nid, n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid); + $result = db_query('SELECT DISTINCT(n.nid), n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid); while ($topic = db_fetch_object($result)) { if ($stop == 1) { @@ -357,27 +354,27 @@ function forum_get_forums($tid = 0) { } function _forum_num_topics($term) { - return db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid WHERE f.tid = %d AND n.status = 1 AND f.shadow = 0', $term)); + return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND f.shadow = 0', $term)); } function _forum_num_replies($term) { - return db_result(db_query("SELECT COUNT(*) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND c.status = 0 AND n.type = 'forum'", $term)); + return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND '. node_access_where_sql() ." AND c.status = 0 AND n.type = 'forum'", $term)); } function _forum_topics_read($term, $uid) { // Calculate the number of topics the user has read. Assume all entries older // than NODE_NEW_LIMIT are read, and include the recent posts that user has // read. - $ancient = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid WHERE f.tid = %d AND n.status = 1 AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT)); - $recent = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT)); + $ancient = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT)); + $recent = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT)); return $ancient + $recent; } function _forum_last_post($term) { - $topic = db_fetch_object(db_query_range("SELECT n.nid, n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 ORDER BY timestamp DESC", $term, 0, 1)); + $topic = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY timestamp DESC", $term, 0, 1)); - $reply = db_fetch_object(db_query_range("SELECT n.nid, c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1)); + $reply = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1)); $reply->name = $reply->uid ? $reply->name : $reply->anonymous_name; $value = ($topic->timestamp > $reply->timestamp) ? $topic : $reply; @@ -410,10 +407,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { // show topics with the correct tid, or in the forum but with shadow = 1 // @TODO: this is not ANSI SQL! ("user error: 'n.created' isn't in GROUP BY") // @TODO: timestamp is a sql reserved word. are there more? - $sql = "SELECT n.nid, n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid"; + $sql = "SELECT DISTINCT(n.nid), n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid"; $sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,'); - $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum'"; + $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum'"; $result = pager_query($sql, $forum_per_page, 0, $sql_count); $topic_num = db_num_rows($result); @@ -427,7 +424,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { $topic->new = 0; } else { - $topic->new_replies = db_result(db_query('SELECT COUNT(c.nid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history)); + $topic->new_replies = db_result(db_query('SELECT COUNT(DISTINCT(c.nid)) FROM {node} n '. node_access_join_sql() .' INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history)); $topic->new = $topic->new_replies || ($topic->timestamp > $history); } } @@ -446,12 +443,12 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { function _forum_new($tid) { global $user; - $result = db_query("SELECT n.nid FROM {node} n, {history} h, {forum} f WHERE n.type = 'forum' AND n.status = 1 AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid); + $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n, {history} h, {forum} f ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid); while ($r = db_fetch_object($result)) { $read[] = $r->nid; } - $nid = db_result(db_query_range("SELECT n.nid FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1)); + $nid = db_result(db_query_range("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND ". node_access_where_sql() ." AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1)); return $nid ? $nid : 0; } diff --git a/modules/forum/forum.module b/modules/forum/forum.module index 0843d0171..aaad68486 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -36,9 +36,6 @@ function forum_node_name($node) { * Implementation of hook_access(). */ function forum_access($op, $node) { - if ($op == 'view') { - return $node->status; - } if ($op == 'create') { return user_access('create forum topics'); } @@ -121,9 +118,9 @@ function forum_block($op = 'list', $delta = 0) { } else { if (user_access('access content')) { - $content = node_title_list(db_query_range("SELECT n.nid, n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:')); + $content = node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n ". node_access_join_sql() ." LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:')); - $content .= node_title_list(db_query_range("SELECT nid, title FROM {node} WHERE type = 'forum' AND status = 1 ORDER BY nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:')); + $content .= node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY n.nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:')); if ($content) { $content .= '<div class="more-link">'. l(t('more'), 'forum', array('title' => t('Read the latest forum topics.'))) .'</div>'; @@ -152,7 +149,7 @@ function forum_link($type, $node = 0, $main = 0) { if (!$main && $type == 'node' && $node->type == 'forum') { // get previous and next topic - $result = db_query('SELECT n.nid, n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid); + $result = db_query('SELECT DISTINCT(n.nid), n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid); while ($topic = db_fetch_object($result)) { if ($stop == 1) { @@ -357,27 +354,27 @@ function forum_get_forums($tid = 0) { } function _forum_num_topics($term) { - return db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid WHERE f.tid = %d AND n.status = 1 AND f.shadow = 0', $term)); + return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND f.shadow = 0', $term)); } function _forum_num_replies($term) { - return db_result(db_query("SELECT COUNT(*) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND c.status = 0 AND n.type = 'forum'", $term)); + return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND '. node_access_where_sql() ." AND c.status = 0 AND n.type = 'forum'", $term)); } function _forum_topics_read($term, $uid) { // Calculate the number of topics the user has read. Assume all entries older // than NODE_NEW_LIMIT are read, and include the recent posts that user has // read. - $ancient = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid WHERE f.tid = %d AND n.status = 1 AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT)); - $recent = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT)); + $ancient = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT)); + $recent = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT)); return $ancient + $recent; } function _forum_last_post($term) { - $topic = db_fetch_object(db_query_range("SELECT n.nid, n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 ORDER BY timestamp DESC", $term, 0, 1)); + $topic = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY timestamp DESC", $term, 0, 1)); - $reply = db_fetch_object(db_query_range("SELECT n.nid, c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1)); + $reply = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1)); $reply->name = $reply->uid ? $reply->name : $reply->anonymous_name; $value = ($topic->timestamp > $reply->timestamp) ? $topic : $reply; @@ -410,10 +407,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { // show topics with the correct tid, or in the forum but with shadow = 1 // @TODO: this is not ANSI SQL! ("user error: 'n.created' isn't in GROUP BY") // @TODO: timestamp is a sql reserved word. are there more? - $sql = "SELECT n.nid, n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid"; + $sql = "SELECT DISTINCT(n.nid), n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid"; $sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,'); - $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum'"; + $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum'"; $result = pager_query($sql, $forum_per_page, 0, $sql_count); $topic_num = db_num_rows($result); @@ -427,7 +424,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { $topic->new = 0; } else { - $topic->new_replies = db_result(db_query('SELECT COUNT(c.nid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history)); + $topic->new_replies = db_result(db_query('SELECT COUNT(DISTINCT(c.nid)) FROM {node} n '. node_access_join_sql() .' INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history)); $topic->new = $topic->new_replies || ($topic->timestamp > $history); } } @@ -446,12 +443,12 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { function _forum_new($tid) { global $user; - $result = db_query("SELECT n.nid FROM {node} n, {history} h, {forum} f WHERE n.type = 'forum' AND n.status = 1 AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid); + $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n, {history} h, {forum} f ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid); while ($r = db_fetch_object($result)) { $read[] = $r->nid; } - $nid = db_result(db_query_range("SELECT n.nid FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1)); + $nid = db_result(db_query_range("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND ". node_access_where_sql() ." AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1)); return $nid ? $nid : 0; } diff --git a/modules/node.module b/modules/node.module index e76437c73..68fcaf2e9 100644 --- a/modules/node.module +++ b/modules/node.module @@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) { * Generate a page displaying a single node, along with its comments. */ function node_show($node, $cid) { - if (node_access('view', $node)) { - $output = node_view($node, FALSE, TRUE); + $output = node_view($node, FALSE, TRUE); - if (function_exists('comment_render') && $node->comment) { - $output .= comment_render($node, $cid); - } - - // Update the history table, stating that this user viewed this node. - node_tag_new($node->nid); - - return $output; - } - else { - drupal_set_message(message_access()); - } -} - -/** - * Determine whether the current user may perform the given operation on the - * specified node. - */ -function node_access($op, $node = NULL) { - if (user_access('administer nodes')) { - return TRUE; + if (function_exists('comment_render') && $node->comment) { + $output .= comment_render($node, $cid); } - // Convert the node to an object if necessary: - $node = array2object($node); + // Update the history table, stating that this user viewed this node. + node_tag_new($node->nid); - // Can't use node_invoke(), because the access hook takes the $op parameter - // before the $node parameter. - return module_invoke(node_get_module_name($node), 'access', $op, $node); + return $output; } /** @@ -585,7 +563,7 @@ function node_perm() { * created, uid, name, and count. */ function node_search($keys) { - $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "select s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1")); + $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "SELECT DISTINCT s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1 AND ". node_access_where_sql())); return array(t('Matching nodes ranked in order of relevance'), $find); } @@ -678,7 +656,7 @@ function node_menu() { $items[] = array('path' => 'node/'. arg(1), 'title' => t('view'), 'callback' => 'node_page', - 'access' => user_access('access content'), + 'access' => node_access('view', $node), 'type' => MENU_CALLBACK); $items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); @@ -1281,12 +1259,7 @@ function node_edit($id) { drupal_set_title($node->title); - if (node_access('update', $node)) { - $output = node_form($node); - } - else { - $output = message_access(); - } + $output = node_form($node); return $output; } @@ -1423,7 +1396,7 @@ function node_delete($edit) { * Generate a listing of promoted nodes. */ function node_page_default() { - $result = pager_query('SELECT nid, type FROM {node} WHERE promote = 1 AND status = 1 ORDER BY sticky DESC, created DESC', variable_get('default_nodes_main', 10)); + $result = pager_query('SELECT DISTINCT(n.nid), n.type FROM {node} n '. node_access_join_sql() .' WHERE n.promote = 1 AND n.status = 1 AND '. node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10)); if (db_num_rows($result)) { drupal_set_html_head('<link rel="alternate" type="application/rss+xml" title="RSS" href="'. url('node/feed', NULL, NULL, TRUE) .'" />'); @@ -1546,4 +1519,164 @@ function node_nodeapi(&$node, $op, $arg = 0) { } } +/** + * @defgroup node_access Node access rights + * @{ + * The node access system determines who can do what to which nodes. + * + * In determining access rights for a node, node_access() first checks + * whether the user has the "administer nodes" permission. Such users have + * unrestricted access to all nodes. Then the node module's hook_access() + * is called, and a TRUE or FALSE return value will grant or deny access. + * This allows, for example, the blog module to always grant access to the + * blog author, and for the book module to always deny editing access to + * PHP pages. + * + * If node module does not intervene (returns NULL), then the + * node_access table is used to determine access. All node access + * modules are queried using hook_node_grants() to assemble a list of + * "grant IDs" for the user. This list is compared against the table. + * If any row contains the node ID in question (or 0, which stands for "all + * nodes"), one of the grant IDs returned, and a value of TRUE for the + * operation in question, then access is granted. Note that this table is a + * list of grants; any matching row is sufficient to grant access to the + * node. + * + * In node listings, the process above is followed except that + * hook_access() is not called on each node for performance reasons and for + * proper functioning of the pager system. When adding a node listing to your + * module, be sure to use node_access_join_sql() and node_access_where_sql() to add + * the appropriate clauses to your query for access checks. + * + * To see how to write a node access module of your own, see + * node_access_example.module. + */ + +/** + * Determine whether the current user may perform the given operation on the + * specified node. + * + * @param $op + * The operation to be performed on the node. Possible values are: + * - "view" + * - "update" + * - "delete" + * @param $node + * The node object (or node array) on which the operation is to be performed. + * @return + * TRUE if the operation may be performed. + */ +function node_access($op, $node = NULL) { + if (user_access('administer nodes')) { + return TRUE; + } + + // Convert the node to an object if necessary: + $node = array2object($node); + + // Can't use node_invoke(), because the access hook takes the $op parameter + // before the $node parameter. + $access = module_invoke(node_get_module_name($node), 'access', $op, $node); + if (!is_null($access)) { + return $access; + } + + // If the module did not override the access rights, use those set in the + // node_access table. + if ($node->nid && $node->status) { + $sql = 'SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) AND CONCAT(realm, gid) IN ('; + $grants = array(); + foreach (node_access_grants($op, $uid) as $realm => $gids) { + foreach ($gids as $gid) { + $grants[] = "'". $realm . $gid ."'"; + } + } + $sql .= implode(',', $grants) .') AND grant_'. $op .' = 1'; + $result = db_query($sql, $nid); + return (db_result($result)); + } + return FALSE; +} + +/** + * Generate an SQL join clause for use in fetching a node listing. + * + * @param $node_alias + * If the node table has been given an SQL alias other than the default + * "n", that must be passed here. + * @param $node_access_alias + * If the node_access table has been given an SQL alias other than the default + * "na", that must be passed here. + * @return + * An SQL join clause. + */ +function node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') { + if (user_access('administer nodes')) { + return ''; + } + + $sql = 'INNER JOIN {node_access} '. $node_access_alias; + $sql .= ' ON ('. $node_access_alias .'.nid = 0 OR '. $node_access_alias .'.nid = '. $node_alias .'.nid)'; + return $sql; +} + +/** + * Generate an SQL where clause for use in fetching a node listing. + * + * @param $op + * The operation that must be allowed to return a node. + * @param $node_access_alias + * If the node_access table has been given an SQL alias other than the default + * "na", that must be passed here. + * @return + * An SQL where clause. + */ +function node_access_where_sql($op = 'view', $node_access_alias = 'na') { + if (user_access('administer nodes')) { + return '1'; + } + + $sql = $node_access_alias .'.grant_'. $op .' = 1 AND CONCAT('. $node_access_alias .'.realm, '. $node_access_alias .'.gid) IN ('; + $grants = array(); + foreach (node_access_grants($op) as $realm => $gids) { + foreach ($gids as $gid) { + $grants[] = "'". $realm . $gid ."'"; + } + } + $sql .= implode(',', $grants) .')'; + return $sql; +} + +/** + * Fetch an array of permission IDs granted to the given user ID. + * + * The implementation here provides only the universal "all" grant. A node + * access module should implement hook_node_grants() to provide a grant + * list for the user. + * + * @param $op + * The operation that the user is trying to perform. + * @param $uid + * The user ID performing the operation. If omitted, the current user is used. + * @return + * An associative array in which the keys are realms, and the values are + * arrays of grants for those realms. + */ +function node_access_grants($op, $uid = NULL) { + global $user; + + if (isset($uid)) { + $user_object = user_load(array('uid' => $uid)); + } + else { + $user_object = $user; + } + + return array_merge(array('all' => array(0)), module_invoke_all('node_grants', $user_object, $op)); +} + +/** + * @} end of defgroup node_access + */ + ?> diff --git a/modules/node/node.module b/modules/node/node.module index e76437c73..68fcaf2e9 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) { * Generate a page displaying a single node, along with its comments. */ function node_show($node, $cid) { - if (node_access('view', $node)) { - $output = node_view($node, FALSE, TRUE); + $output = node_view($node, FALSE, TRUE); - if (function_exists('comment_render') && $node->comment) { - $output .= comment_render($node, $cid); - } - - // Update the history table, stating that this user viewed this node. - node_tag_new($node->nid); - - return $output; - } - else { - drupal_set_message(message_access()); - } -} - -/** - * Determine whether the current user may perform the given operation on the - * specified node. - */ -function node_access($op, $node = NULL) { - if (user_access('administer nodes')) { - return TRUE; + if (function_exists('comment_render') && $node->comment) { + $output .= comment_render($node, $cid); } - // Convert the node to an object if necessary: - $node = array2object($node); + // Update the history table, stating that this user viewed this node. + node_tag_new($node->nid); - // Can't use node_invoke(), because the access hook takes the $op parameter - // before the $node parameter. - return module_invoke(node_get_module_name($node), 'access', $op, $node); + return $output; } /** @@ -585,7 +563,7 @@ function node_perm() { * created, uid, name, and count. */ function node_search($keys) { - $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "select s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1")); + $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "SELECT DISTINCT s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1 AND ". node_access_where_sql())); return array(t('Matching nodes ranked in order of relevance'), $find); } @@ -678,7 +656,7 @@ function node_menu() { $items[] = array('path' => 'node/'. arg(1), 'title' => t('view'), 'callback' => 'node_page', - 'access' => user_access('access content'), + 'access' => node_access('view', $node), 'type' => MENU_CALLBACK); $items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); @@ -1281,12 +1259,7 @@ function node_edit($id) { drupal_set_title($node->title); - if (node_access('update', $node)) { - $output = node_form($node); - } - else { - $output = message_access(); - } + $output = node_form($node); return $output; } @@ -1423,7 +1396,7 @@ function node_delete($edit) { * Generate a listing of promoted nodes. */ function node_page_default() { - $result = pager_query('SELECT nid, type FROM {node} WHERE promote = 1 AND status = 1 ORDER BY sticky DESC, created DESC', variable_get('default_nodes_main', 10)); + $result = pager_query('SELECT DISTINCT(n.nid), n.type FROM {node} n '. node_access_join_sql() .' WHERE n.promote = 1 AND n.status = 1 AND '. node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10)); if (db_num_rows($result)) { drupal_set_html_head('<link rel="alternate" type="application/rss+xml" title="RSS" href="'. url('node/feed', NULL, NULL, TRUE) .'" />'); @@ -1546,4 +1519,164 @@ function node_nodeapi(&$node, $op, $arg = 0) { } } +/** + * @defgroup node_access Node access rights + * @{ + * The node access system determines who can do what to which nodes. + * + * In determining access rights for a node, node_access() first checks + * whether the user has the "administer nodes" permission. Such users have + * unrestricted access to all nodes. Then the node module's hook_access() + * is called, and a TRUE or FALSE return value will grant or deny access. + * This allows, for example, the blog module to always grant access to the + * blog author, and for the book module to always deny editing access to + * PHP pages. + * + * If node module does not intervene (returns NULL), then the + * node_access table is used to determine access. All node access + * modules are queried using hook_node_grants() to assemble a list of + * "grant IDs" for the user. This list is compared against the table. + * If any row contains the node ID in question (or 0, which stands for "all + * nodes"), one of the grant IDs returned, and a value of TRUE for the + * operation in question, then access is granted. Note that this table is a + * list of grants; any matching row is sufficient to grant access to the + * node. + * + * In node listings, the process above is followed except that + * hook_access() is not called on each node for performance reasons and for + * proper functioning of the pager system. When adding a node listing to your + * module, be sure to use node_access_join_sql() and node_access_where_sql() to add + * the appropriate clauses to your query for access checks. + * + * To see how to write a node access module of your own, see + * node_access_example.module. + */ + +/** + * Determine whether the current user may perform the given operation on the + * specified node. + * + * @param $op + * The operation to be performed on the node. Possible values are: + * - "view" + * - "update" + * - "delete" + * @param $node + * The node object (or node array) on which the operation is to be performed. + * @return + * TRUE if the operation may be performed. + */ +function node_access($op, $node = NULL) { + if (user_access('administer nodes')) { + return TRUE; + } + + // Convert the node to an object if necessary: + $node = array2object($node); + + // Can't use node_invoke(), because the access hook takes the $op parameter + // before the $node parameter. + $access = module_invoke(node_get_module_name($node), 'access', $op, $node); + if (!is_null($access)) { + return $access; + } + + // If the module did not override the access rights, use those set in the + // node_access table. + if ($node->nid && $node->status) { + $sql = 'SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) AND CONCAT(realm, gid) IN ('; + $grants = array(); + foreach (node_access_grants($op, $uid) as $realm => $gids) { + foreach ($gids as $gid) { + $grants[] = "'". $realm . $gid ."'"; + } + } + $sql .= implode(',', $grants) .') AND grant_'. $op .' = 1'; + $result = db_query($sql, $nid); + return (db_result($result)); + } + return FALSE; +} + +/** + * Generate an SQL join clause for use in fetching a node listing. + * + * @param $node_alias + * If the node table has been given an SQL alias other than the default + * "n", that must be passed here. + * @param $node_access_alias + * If the node_access table has been given an SQL alias other than the default + * "na", that must be passed here. + * @return + * An SQL join clause. + */ +function node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') { + if (user_access('administer nodes')) { + return ''; + } + + $sql = 'INNER JOIN {node_access} '. $node_access_alias; + $sql .= ' ON ('. $node_access_alias .'.nid = 0 OR '. $node_access_alias .'.nid = '. $node_alias .'.nid)'; + return $sql; +} + +/** + * Generate an SQL where clause for use in fetching a node listing. + * + * @param $op + * The operation that must be allowed to return a node. + * @param $node_access_alias + * If the node_access table has been given an SQL alias other than the default + * "na", that must be passed here. + * @return + * An SQL where clause. + */ +function node_access_where_sql($op = 'view', $node_access_alias = 'na') { + if (user_access('administer nodes')) { + return '1'; + } + + $sql = $node_access_alias .'.grant_'. $op .' = 1 AND CONCAT('. $node_access_alias .'.realm, '. $node_access_alias .'.gid) IN ('; + $grants = array(); + foreach (node_access_grants($op) as $realm => $gids) { + foreach ($gids as $gid) { + $grants[] = "'". $realm . $gid ."'"; + } + } + $sql .= implode(',', $grants) .')'; + return $sql; +} + +/** + * Fetch an array of permission IDs granted to the given user ID. + * + * The implementation here provides only the universal "all" grant. A node + * access module should implement hook_node_grants() to provide a grant + * list for the user. + * + * @param $op + * The operation that the user is trying to perform. + * @param $uid + * The user ID performing the operation. If omitted, the current user is used. + * @return + * An associative array in which the keys are realms, and the values are + * arrays of grants for those realms. + */ +function node_access_grants($op, $uid = NULL) { + global $user; + + if (isset($uid)) { + $user_object = user_load(array('uid' => $uid)); + } + else { + $user_object = $user; + } + + return array_merge(array('all' => array(0)), module_invoke_all('node_grants', $user_object, $op)); +} + +/** + * @} end of defgroup node_access + */ + ?> diff --git a/modules/page.module b/modules/page.module index 4e03a5451..48621154e 100644 --- a/modules/page.module +++ b/modules/page.module @@ -41,20 +41,14 @@ function page_node_name($node) { function page_access($op, $node) { global $user; - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('create pages'); } - if ($op == 'update') { - return user_access('edit own pages') && ($user->uid == $node->uid); - } - - if ($op == 'delete') { - return user_access('edit own pages') && ($user->uid == $node->uid); + if ($op == 'update' || $op == 'delete') { + if (user_access('edit own pages') && ($user->uid == $node->uid)) { + return TRUE; + } } } diff --git a/modules/page/page.module b/modules/page/page.module index 4e03a5451..48621154e 100644 --- a/modules/page/page.module +++ b/modules/page/page.module @@ -41,20 +41,14 @@ function page_node_name($node) { function page_access($op, $node) { global $user; - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('create pages'); } - if ($op == 'update') { - return user_access('edit own pages') && ($user->uid == $node->uid); - } - - if ($op == 'delete') { - return user_access('edit own pages') && ($user->uid == $node->uid); + if ($op == 'update' || $op == 'delete') { + if (user_access('edit own pages') && ($user->uid == $node->uid)) { + return TRUE; + } } } diff --git a/modules/poll.module b/modules/poll.module index 39f999543..214145848 100644 --- a/modules/poll.module +++ b/modules/poll.module @@ -27,10 +27,6 @@ function poll_help($section) { * Implementation of hook_access(). */ function poll_access($op, $node) { - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('create polls'); } @@ -49,7 +45,7 @@ function poll_block($op = 'list', $delta = 0) { } else { // Retrieve the latest poll. - $timestamp = db_result(db_query("SELECT MAX(created) FROM {node} WHERE type = 'poll' AND status = '1' AND moderate = '0'")); + $timestamp = db_result(db_query('SELECT MAX(n.created) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'poll' AND n.status = 1 AND ". node_access_where_sql() .' AND n.moderate = 0')); if ($timestamp) { $poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'moderate' => 0, 'status' => 1)); @@ -270,7 +266,7 @@ function poll_node_name($node) { function poll_page() { // List all polls - $result = pager_query("SELECT n.nid, n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = '1' AND moderate = '0' GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15); + $result = pager_query("SELECT DISTINCT(n.nid), n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n ". node_access_join_sql() ." INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND ". node_access_where_sql() ." AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15); $output = '<ul>'; while ($node = db_fetch_object($result)) { $output .= '<li>'. l($node->title, "node/$node->nid") .' - '. format_plural($node->votes, '1 vote', '%count votes') .' - '. ($node->active ? t('open') : t('closed')) .'</li>'; diff --git a/modules/poll/poll.module b/modules/poll/poll.module index 39f999543..214145848 100644 --- a/modules/poll/poll.module +++ b/modules/poll/poll.module @@ -27,10 +27,6 @@ function poll_help($section) { * Implementation of hook_access(). */ function poll_access($op, $node) { - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('create polls'); } @@ -49,7 +45,7 @@ function poll_block($op = 'list', $delta = 0) { } else { // Retrieve the latest poll. - $timestamp = db_result(db_query("SELECT MAX(created) FROM {node} WHERE type = 'poll' AND status = '1' AND moderate = '0'")); + $timestamp = db_result(db_query('SELECT MAX(n.created) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'poll' AND n.status = 1 AND ". node_access_where_sql() .' AND n.moderate = 0')); if ($timestamp) { $poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'moderate' => 0, 'status' => 1)); @@ -270,7 +266,7 @@ function poll_node_name($node) { function poll_page() { // List all polls - $result = pager_query("SELECT n.nid, n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = '1' AND moderate = '0' GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15); + $result = pager_query("SELECT DISTINCT(n.nid), n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n ". node_access_join_sql() ." INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND ". node_access_where_sql() ." AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15); $output = '<ul>'; while ($node = db_fetch_object($result)) { $output .= '<li>'. l($node->title, "node/$node->nid") .' - '. format_plural($node->votes, '1 vote', '%count votes') .' - '. ($node->active ? t('open') : t('closed')) .'</li>'; diff --git a/modules/story.module b/modules/story.module index fced1d355..0efb933e3 100644 --- a/modules/story.module +++ b/modules/story.module @@ -55,20 +55,14 @@ function story_perm() { function story_access($op, $node) { global $user; - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('create stories'); } - if ($op == 'update') { - return user_access('edit own stories') && ($user->uid == $node->uid); - } - - if ($op == 'delete') { - return user_access('edit own stories') && ($user->uid == $node->uid); + if ($op == 'update' || $op == 'delete') { + if (user_access('edit own stories') && ($user->uid == $node->uid)) { + return TRUE; + } } } diff --git a/modules/story/story.module b/modules/story/story.module index fced1d355..0efb933e3 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -55,20 +55,14 @@ function story_perm() { function story_access($op, $node) { global $user; - if ($op == 'view') { - return $node->status; - } - if ($op == 'create') { return user_access('create stories'); } - if ($op == 'update') { - return user_access('edit own stories') && ($user->uid == $node->uid); - } - - if ($op == 'delete') { - return user_access('edit own stories') && ($user->uid == $node->uid); + if ($op == 'update' || $op == 'delete') { + if (user_access('edit own stories') && ($user->uid == $node->uid)) { + return TRUE; + } } } diff --git a/modules/taxonomy.module b/modules/taxonomy.module index 5eae639fa..22b662ba3 100644 --- a/modules/taxonomy.module +++ b/modules/taxonomy.module @@ -771,14 +771,14 @@ function _prepare_insert($data, $stage) { function taxonomy_select_nodes($taxonomy, $pager = TRUE) { if ($taxonomy->str_tids) { if ($taxonomy->operator == 'or') { - $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 ORDER BY sticky DESC, created DESC"; - $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1"; + $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY sticky DESC, created DESC'; + $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql(); } else { - $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC"; + $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC"; // Special trick as we could not find anything better: - $count = db_num_rows(db_query("SELECT n.nid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); + $count = db_num_rows(db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); $sql_count = "SELECT $count"; } diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index 5eae639fa..22b662ba3 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -771,14 +771,14 @@ function _prepare_insert($data, $stage) { function taxonomy_select_nodes($taxonomy, $pager = TRUE) { if ($taxonomy->str_tids) { if ($taxonomy->operator == 'or') { - $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 ORDER BY sticky DESC, created DESC"; - $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1"; + $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY sticky DESC, created DESC'; + $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql(); } else { - $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC"; + $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC"; // Special trick as we could not find anything better: - $count = db_num_rows(db_query("SELECT n.nid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); + $count = db_num_rows(db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); $sql_count = "SELECT $count"; } diff --git a/modules/tracker.module b/modules/tracker.module index 9ef13b95b..f5889ec9f 100644 --- a/modules/tracker.module +++ b/modules/tracker.module @@ -44,11 +44,10 @@ function tracker_page($uid = 0) { $output .= ''; if ($uid) { - $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)', $uid, $uid); - + $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d)', $uid, $uid); } else { - $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(nid) FROM {node} WHERE status = 1'); + $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND '. node_access_where_sql()); } while ($node = db_fetch_object($result)) { diff --git a/modules/tracker/tracker.module b/modules/tracker/tracker.module index 9ef13b95b..f5889ec9f 100644 --- a/modules/tracker/tracker.module +++ b/modules/tracker/tracker.module @@ -44,11 +44,10 @@ function tracker_page($uid = 0) { $output .= ''; if ($uid) { - $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)', $uid, $uid); - + $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d)', $uid, $uid); } else { - $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(nid) FROM {node} WHERE status = 1'); + $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND '. node_access_where_sql()); } while ($node = db_fetch_object($result)) { diff --git a/modules/user.module b/modules/user.module index ea10b2cd6..9c9b0883c 100644 --- a/modules/user.module +++ b/modules/user.module @@ -266,7 +266,7 @@ function user_access($string) { // To reduce the number of SQL queries, we cache the user's permissions // in a static variable. if ($perm === 0) { - $result = db_query('SELECT DISTINCT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid); + $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid); while ($row = db_fetch_object($result)) { $perm .= "$row->perm, "; @@ -520,8 +520,8 @@ function user_block($op = 'list', $delta = 0) { $time_period = variable_get('user_block_seconds_online', 2700); // Perform database queries to gather online user lists. - $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period)); - $users = db_query('SELECT DISTINCT uid, MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period ); + $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT(sid)) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period)); + $users = db_query('SELECT DISTINCT(uid), MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period ); $total_users = db_num_rows($users); // Format the output with proper grammar. @@ -1423,7 +1423,7 @@ function user_admin_role($edit = array()) { db_query('DELETE FROM {permission} WHERE rid = %d', $id); // Update the users who have this role set: - $result = db_query('SELECT DISTINCT ur1.uid FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id); + $result = db_query('SELECT DISTINCT(ur1.uid) FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id); $uid = array(); while ($u = db_fetch_object($result)) { diff --git a/modules/user/user.module b/modules/user/user.module index ea10b2cd6..9c9b0883c 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -266,7 +266,7 @@ function user_access($string) { // To reduce the number of SQL queries, we cache the user's permissions // in a static variable. if ($perm === 0) { - $result = db_query('SELECT DISTINCT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid); + $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid); while ($row = db_fetch_object($result)) { $perm .= "$row->perm, "; @@ -520,8 +520,8 @@ function user_block($op = 'list', $delta = 0) { $time_period = variable_get('user_block_seconds_online', 2700); // Perform database queries to gather online user lists. - $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period)); - $users = db_query('SELECT DISTINCT uid, MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period ); + $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT(sid)) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period)); + $users = db_query('SELECT DISTINCT(uid), MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period ); $total_users = db_num_rows($users); // Format the output with proper grammar. @@ -1423,7 +1423,7 @@ function user_admin_role($edit = array()) { db_query('DELETE FROM {permission} WHERE rid = %d', $id); // Update the users who have this role set: - $result = db_query('SELECT DISTINCT ur1.uid FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id); + $result = db_query('SELECT DISTINCT(ur1.uid) FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id); $uid = array(); while ($u = db_fetch_object($result)) { |