Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
1238ccd6
Commit
1238ccd6
authored
Oct 15, 2006
by
Dries Buytaert
Browse files
- Patch
#89323
by hunmonk: control access to mass operations.
parent
d692d438
Changes
1
Hide whitespace changes
Inline
Side-by-side
modules/user/user.module
View file @
1238ccd6
...
...
@@ -2090,19 +2090,6 @@ function user_admin_account_validate($form_id, $form_values) {
function
user_user_operations
()
{
global
$form_values
;
$roles
=
user_roles
(
1
);
unset
(
$roles
[
DRUPAL_AUTHENTICATED_RID
]);
// Can't edit authenticated role.
$add_roles
=
array
();
foreach
(
$roles
as
$key
=>
$value
)
{
$add_roles
[
'add_role-'
.
$key
]
=
$value
;
}
$remove_roles
=
array
();
foreach
(
$roles
as
$key
=>
$value
)
{
$remove_roles
[
'remove_role-'
.
$key
]
=
$value
;
}
$operations
=
array
(
'unblock'
=>
array
(
'label'
=>
t
(
'Unblock the selected users'
),
...
...
@@ -2112,27 +2099,53 @@ function user_user_operations() {
'label'
=>
t
(
'Block the selected users'
),
'callback'
=>
'user_user_operations_block'
,
),
t
(
'Add a role to the selected users'
)
=>
array
(
'label'
=>
$add_roles
,
),
t
(
'Remove a role from the selected users'
)
=>
array
(
'label'
=>
$remove_roles
,
),
'delete'
=>
array
(
'label'
=>
t
(
'Delete the selected users'
),
),
);
if
(
user_access
(
'administer access control'
))
{
$roles
=
user_roles
(
1
);
unset
(
$roles
[
DRUPAL_AUTHENTICATED_RID
]);
// Can't edit authenticated role.
$add_roles
=
array
();
foreach
(
$roles
as
$key
=>
$value
)
{
$add_roles
[
'add_role-'
.
$key
]
=
$value
;
}
$remove_roles
=
array
();
foreach
(
$roles
as
$key
=>
$value
)
{
$remove_roles
[
'remove_role-'
.
$key
]
=
$value
;
}
$role_operations
=
array
(
t
(
'Add a role to the selected users'
)
=>
array
(
'label'
=>
$add_roles
,
),
t
(
'Remove a role from the selected users'
)
=>
array
(
'label'
=>
$remove_roles
,
),
);
$operations
+=
$role_operations
;
}
// If the form has been posted, we need to insert the proper data for role editing if necessary.
if
(
$form_values
)
{
$operation_rid
=
explode
(
'-'
,
$form_values
[
'operation'
]);
$operation
=
$operation_rid
[
0
];
$rid
=
$operation_rid
[
1
];
if
(
$operation
==
'add_role'
||
$operation
==
'remove_role'
)
{
$operations
[
$form_values
[
'operation'
]]
=
array
(
'callback'
=>
'user_multiple_role_edit'
,
'callback arguments'
=>
array
(
$operation
,
$rid
),
);
if
(
user_access
(
'administer access control'
))
{
$operations
[
$form_values
[
'operation'
]]
=
array
(
'callback'
=>
'user_multiple_role_edit'
,
'callback arguments'
=>
array
(
$operation
,
$rid
),
);
}
else
{
watchdog
(
'security'
,
t
(
'Detected malicious attempt to alter protected user fields.'
),
WATCHDOG_WARNING
);
return
;
}
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment