From 73bcacf2cf56ba80a062730f7507773d4a9bbdd0 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Fri, 17 Nov 2006 21:46:32 +0000 Subject: - Patch #41293 by edkwh et al: proper validation of role names (duplicates). --- modules/user/user.module | 80 ++++++++++++++++++++++++++++-------------------- 1 file changed, 47 insertions(+), 33 deletions(-) (limited to 'modules/user/user.module') diff --git a/modules/user/user.module b/modules/user/user.module index 1589e747d..d9e7fcb66 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -1871,39 +1871,7 @@ function user_admin_perm_submit($form_id, $form_values) { * Menu callback: administer roles. */ function user_admin_role() { - $edit = isset($_POST) ? $_POST : ''; - $op = isset($_POST['op']) ? $_POST['op'] : ''; $id = arg(4); - - if ($op == t('Save role')) { - if ($edit['name']) { - db_query("UPDATE {role} SET name = '%s' WHERE rid = %d", $edit['name'], $id); - drupal_set_message(t('The role has been renamed.')); - drupal_goto('admin/user/roles'); - } - else { - form_set_error('name', t('You must specify a valid role name.')); - } - } - else if ($op == t('Delete role')) { - db_query('DELETE FROM {role} WHERE rid = %d', $id); - db_query('DELETE FROM {permission} WHERE rid = %d', $id); - // Update the users who have this role set: - db_query('DELETE FROM {users_roles} WHERE rid = %d', $id); - - drupal_set_message(t('The role has been deleted.')); - drupal_goto('admin/user/roles'); - } - else if ($op == t('Add role')) { - if ($edit['name']) { - db_query("INSERT INTO {role} (name) VALUES ('%s')", $edit['name']); - drupal_set_message(t('The role has been added.')); - drupal_goto('admin/user/roles'); - } - else { - form_set_error('name', t('You must specify a valid role name.')); - } - } if ($id) { if (DRUPAL_ANONYMOUS_RID == $id || DRUPAL_AUTHENTICATED_RID == $id) { drupal_goto('admin/user/roles'); @@ -1919,6 +1887,10 @@ function user_admin_role() { '#maxlength' => 64, '#description' => t('The name for this role. Example: "moderator", "editorial board", "site architect".'), ); + $form['rid'] = array( + '#type' => 'value', + '#value' => $id, + ); $form['submit'] = array( '#type' => 'submit', '#value' => t('Save role'), @@ -1938,10 +1910,49 @@ function user_admin_role() { '#type' => 'submit', '#value' => t('Add role'), ); + $form['#base'] = 'user_admin_role'; } return $form; } +function user_admin_role_validate($form_id, $form_values) { + if ($form_values['name']) { + if ($form_values['op'] == t('Save role')) { + if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s' AND rid != %d", $form_values['name'], $form_values['rid']))) { + form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_values['name']))); + } + } + else if ($form_values['op'] == t('Add role')) { + if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s'", $form_values['name']))) { + form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_values['name']))); + } + } + } + else { + form_set_error('name', t('You must specify a valid role name.')); + } +} + +function user_admin_role_submit($form_id, $form_values) { + if ($form_values['op'] == t('Save role')) { + db_query("UPDATE {role} SET name = '%s' WHERE rid = %d", $form_values['name'], $form_values['rid']); + drupal_set_message(t('The role has been renamed.')); + } + else if ($form_values['op'] == t('Delete role')) { + db_query('DELETE FROM {role} WHERE rid = %d', $form_values['rid']); + db_query('DELETE FROM {permission} WHERE rid = %d', $form_values['rid']); + // Update the users who have this role set: + db_query('DELETE FROM {users_roles} WHERE rid = %d', $form_values['rid']); + + drupal_set_message(t('The role has been deleted.')); + } + else if ($form_values['op'] == t('Add role')) { + db_query("INSERT INTO {role} (name) VALUES ('%s')", $form_values['name']); + drupal_set_message(t('The role has been added.')); + } + return 'admin/user/roles'; +} + function theme_user_admin_new_role($form) { $header = array(t('Name'), array('data' => t('Operations'), 'colspan' => 2)); foreach (user_roles() as $rid => $name) { @@ -1954,7 +1965,10 @@ function theme_user_admin_new_role($form) { } $rows[] = array(drupal_render($form['name']), array('data' => drupal_render($form['submit']), colspan => 2)); - return theme('table', $header, $rows); + $output = drupal_render($form); + $output .= theme('table', $header, $rows); + + return $output; } function user_admin_account() { -- cgit v1.2.3