diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 699dea7adc969ecce44d25c558450fc0f770d590..90a2e92dc309d71687c8d25cd2d104e14c6c9ee0 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,5 @@
Drupal x.x.x, xxxx-xx-xx
------------------------
-
- navigation:
* made it possible to add, delete, rename and move menu items.
* introduced tabs and subtabs for local tasks.
@@ -8,7 +7,9 @@ Drupal x.x.x, xxxx-xx-xx
- user management:
* added support for multiple roles per user.
* made it possible to add custom profile fields.
- * made it possible to browse the profiles by field.
+ * made it possible to browse user profiles by field.
+- node system:
+ * added support for node-level permissions.
- comment module:
* made it possible to comment without having to register.
- forum module:
@@ -17,7 +18,8 @@ Drupal x.x.x, xxxx-xx-xx
- syndication:
* added support for RSS ping-notifications of http://technorati.com/.
* refactored the categorization of syndicated news items.
- * added URL aliases for 'rss.xml' and 'index.rdf'.
+ * added an URL alias for 'rss.xml'.
+ * improved date parsing.
- database backend:
* added support for multiple database connections.
- theme system:
@@ -27,8 +29,6 @@ Drupal x.x.x, xxxx-xx-xx
* added 'categories' block.
- blogger API:
* added support for auto-discovery of blogger API via RSD.
-- news aggregator:
- * improved date parsing.
- performance:
* added support for sending gzip compressed pages.
- accessibility:
@@ -38,22 +38,16 @@ Drupal x.x.x, xxxx-xx-xx
- documentation:
* added PHPDoc/Doxygen comments.
-
Drupal 4.4.2, 2004-07-04
------------------------
-
- fixed bugs: no critical bugs were identified.
-
Drupal 4.4.1, 2004-05-01
------------------------
-
- fixed bugs: no critical bugs were identified.
-
Drupal 4.4.0, 2004-04-01
------------------------
-
- added support for the MetaWeblog API and MovableType extensions.
- added a file API: enables better document management.
- improved the watchdog and search module to log search keys.
@@ -92,22 +86,16 @@ Drupal 4.4.0, 2004-04-01
- documentation:
* added PHPDoc/Doxygen comments.
-
Drupal 4.3.2, 2004-01-01
------------------------
-
- fixed bugs: no critical bugs were identified.
-
Drupal 4.3.1, 2003-12-01
------------------------
-
- fixed bugs: no critical bugs were identified.
-
Drupal 4.3.0, 2003-11-01
------------------------
-
- added support for configurable URLs.
- added support for sortable table columns.
- database backend:
@@ -131,7 +119,6 @@ Drupal 4.3.0, 2003-11-01
Drupal 4.2.0, 2003-08-01
------------------------
-
- added support for clean URLs.
- added textarea hook and support for onload attributes: enables integration of WYSIWYG editors.
- rewrote the RSS/RDF parser:
@@ -159,7 +146,6 @@ Drupal 4.2.0, 2003-08-01
Drupal 4.1.0, 2003-02-01
------------------------
-
- collaboratively revised and expanded the Drupal documentation.
- rewrote comment.module:
* reintroduced comment rating/moderation.
@@ -214,12 +200,11 @@ Drupal 4.0.0, 2002-06-15
* blocks can be set to only show up on some pages.
* merged box module with block module.
- node system:
- * fixed node retrieval based on titles.
* blogs can be updated.
* teasers (abstracts) on all node types.
* improved error checking.
- * usability improvements.
* content versioning support.
+ * usability improvements.
- improved book module to support text, HTML and PHP pages.
- improved comment module to mark new comments.
- added a general outliner which will let any node type be linked to a book.
diff --git a/database/database.mysql b/database/database.mysql
index 003fb35d262aed42f4a58444d38b4a787ca1c046..30591c8ef4e8c8b9f255ba266f4881d134d60424 100644
--- a/database/database.mysql
+++ b/database/database.mysql
@@ -339,7 +339,21 @@ CREATE TABLE node (
KEY node_changed (changed)
) TYPE=MyISAM;
---
+#
+# Table structure for table `node_access`
+#
+
+CREATE TABLE node_access (
+ nid int(10) unsigned NOT NULL default '0',
+ gid int(10) unsigned NOT NULL default '0',
+ realm varchar(255) NOT NULL default '',
+ grant_view tinyint(1) unsigned NOT NULL default '0',
+ grant_update tinyint(1) unsigned NOT NULL default '0',
+ grant_delete tinyint(1) unsigned NOT NULL default '0',
+ PRIMARY KEY (nid,gid,realm)
+) TYPE=MyISAM;
+
+-
-- Table structure for table 'page'
--
@@ -682,3 +696,5 @@ REPLACE blocks SET module = 'user', delta = '0', status = '1';
REPLACE blocks SET module = 'user', delta = '1', status = '1';
INSERT INTO sequences (name, id) VALUES ('menu_mid', 1);
+
+INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);
diff --git a/database/updates.inc b/database/updates.inc
index ef1d869681f1fea931c0974c14382171107ee799..501f7cd157dad1d22cc5a79023a64117b2cb5903 100644
--- a/database/updates.inc
+++ b/database/updates.inc
@@ -65,7 +65,8 @@
"2004-06-30" => "update_91",
"2004-07-07" => "update_92",
"2004-07-11" => "update_93",
- "2004-07-22" => "update_94"
+ "2004-07-22" => "update_94",
+ "2004-07-30" => "update_95"
);
function update_32() {
@@ -1187,6 +1188,22 @@ function update_94() {
return $ret;
}
+function update_95() {
+ $ret = array();
+
+ $ret[] = update_sql("CREATE TABLE node_access (
+ nid int(10) unsigned NOT NULL default '0',
+ gid int(10) unsigned NOT NULL default '0',
+ realm varchar(255) NOT NULL default '',
+ grant_view tinyint(1) unsigned NOT NULL default '0',
+ grant_update tinyint(1) unsigned NOT NULL default '0',
+ grant_delete tinyint(1) unsigned NOT NULL default '0',
+ PRIMARY KEY (nid,gid,realm)
+ )");
+ $ret[] = update_sql("INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);");
+ return $ret;
+}
+
function update_sql($sql) {
$edit = $_POST["edit"];
$result = db_query($sql);
diff --git a/modules/archive.module b/modules/archive.module
index db1c8e5f778e7b6b9d8a83e29aaa19e33e0b5a1b..359d9e189647d22a5b62bcb1429e5ce9a0570a7d 100644
--- a/modules/archive.module
+++ b/modules/archive.module
@@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) {
if ($year && $month && $day) {
// Fetch nodes for the selected date, if one was specified.
- $result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20);
+ $result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20);
while ($nid = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $nid->nid)), 1);
diff --git a/modules/archive/archive.module b/modules/archive/archive.module
index db1c8e5f778e7b6b9d8a83e29aaa19e33e0b5a1b..359d9e189647d22a5b62bcb1429e5ce9a0570a7d 100644
--- a/modules/archive/archive.module
+++ b/modules/archive/archive.module
@@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) {
if ($year && $month && $day) {
// Fetch nodes for the selected date, if one was specified.
- $result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20);
+ $result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20);
while ($nid = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $nid->nid)), 1);
diff --git a/modules/blog.module b/modules/blog.module
index 6d64a5713c7aaaa42a937d7ff7ec361c67597e89..0401a98fc2d3976d3da7fbe1f2a67bd9e4c27c30 100644
--- a/modules/blog.module
+++ b/modules/blog.module
@@ -30,22 +30,15 @@ function blog_perm() {
function blog_access($op, $node) {
global $user;
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('edit own blog') && $user->uid;
}
- if ($op == 'update') {
- return user_access('edit own blog') && ($user->uid == $node->uid);
- }
-
- if ($op == 'delete') {
- return user_access('edit own blog') && ($user->uid == $node->uid);
+ if ($op == 'update' || $op == 'delete') {
+ if (user_access('edit own blog') && ($user->uid == $node->uid)) {
+ return TRUE;
+ }
}
-
}
/**
@@ -143,7 +136,7 @@ function blog_page_user($uid) {
$title = t("%name's blog", array('%name' => $account->name));
$output = '';
- $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
+ $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
}
@@ -162,7 +155,7 @@ function blog_page_last() {
$output = '';
- $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10));
+ $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
@@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
- $block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10));
+ $block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10));
$block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>';
$block['subject'] = t('Recent blog posts');
}
diff --git a/modules/blog/blog.module b/modules/blog/blog.module
index 6d64a5713c7aaaa42a937d7ff7ec361c67597e89..0401a98fc2d3976d3da7fbe1f2a67bd9e4c27c30 100644
--- a/modules/blog/blog.module
+++ b/modules/blog/blog.module
@@ -30,22 +30,15 @@ function blog_perm() {
function blog_access($op, $node) {
global $user;
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('edit own blog') && $user->uid;
}
- if ($op == 'update') {
- return user_access('edit own blog') && ($user->uid == $node->uid);
- }
-
- if ($op == 'delete') {
- return user_access('edit own blog') && ($user->uid == $node->uid);
+ if ($op == 'update' || $op == 'delete') {
+ if (user_access('edit own blog') && ($user->uid == $node->uid)) {
+ return TRUE;
+ }
}
-
}
/**
@@ -143,7 +136,7 @@ function blog_page_user($uid) {
$title = t("%name's blog", array('%name' => $account->name));
$output = '';
- $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
+ $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
}
@@ -162,7 +155,7 @@ function blog_page_last() {
$output = '';
- $result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10));
+ $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
@@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
- $block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10));
+ $block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10));
$block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>';
$block['subject'] = t('Recent blog posts');
}
diff --git a/modules/book.module b/modules/book.module
index a378d73c5720edc8d6a64958cd3708df2665cee8..216c535771431b94bd840ebaafa9cf89fc162615 100644
--- a/modules/book.module
+++ b/modules/book.module
@@ -371,7 +371,7 @@ function book_prev($node) {
*/
function book_next($node) {
// get first direct child
- $child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
+ $child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
if ($child) {
return $child;
}
@@ -380,7 +380,7 @@ function book_next($node) {
array_push($path = book_location($node), $node); // Path to top-level node including this one.
while (($leaf = array_pop($path)) && count($path)) {
- $next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
+ $next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
if ($next) {
return $next;
}
@@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) {
}
function book_toc($parent = 0, $indent = '', $toc = array()) {
- $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title');
+ $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
if (!$children[$node->parent]) {
@@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) {
}
function book_tree($parent = 0, $depth = 3, $unfold = array()) {
- $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title');
+ $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
$list = $children[$node->parent] ? $children[$node->parent] : array();
@@ -630,7 +630,7 @@ function book_render() {
*/
function book_print($nid = 0, $depth = 1) {
global $base_url;
- $result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
+ $result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
while ($page = db_fetch_object($result)) {
// load the node:
@@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) {
}
function book_print_recurse($parent = '', $depth = 1) {
- $result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
+ $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
while ($page = db_fetch_object($result)) {
// Load the node:
diff --git a/modules/book/book.module b/modules/book/book.module
index a378d73c5720edc8d6a64958cd3708df2665cee8..216c535771431b94bd840ebaafa9cf89fc162615 100644
--- a/modules/book/book.module
+++ b/modules/book/book.module
@@ -371,7 +371,7 @@ function book_prev($node) {
*/
function book_next($node) {
// get first direct child
- $child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
+ $child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
if ($child) {
return $child;
}
@@ -380,7 +380,7 @@ function book_next($node) {
array_push($path = book_location($node), $node); // Path to top-level node including this one.
while (($leaf = array_pop($path)) && count($path)) {
- $next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
+ $next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
if ($next) {
return $next;
}
@@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) {
}
function book_toc($parent = 0, $indent = '', $toc = array()) {
- $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title');
+ $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
if (!$children[$node->parent]) {
@@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) {
}
function book_tree($parent = 0, $depth = 3, $unfold = array()) {
- $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title');
+ $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
$list = $children[$node->parent] ? $children[$node->parent] : array();
@@ -630,7 +630,7 @@ function book_render() {
*/
function book_print($nid = 0, $depth = 1) {
global $base_url;
- $result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
+ $result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
while ($page = db_fetch_object($result)) {
// load the node:
@@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) {
}
function book_print_recurse($parent = '', $depth = 1) {
- $result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
+ $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
while ($page = db_fetch_object($result)) {
// Load the node:
diff --git a/modules/forum.module b/modules/forum.module
index 0843d0171c39f9a62c920bc4c2d7a4478c928d90..aaad68486d5fccafd833691e55bccc84f75d2c60 100644
--- a/modules/forum.module
+++ b/modules/forum.module
@@ -36,9 +36,6 @@ function forum_node_name($node) {
* Implementation of hook_access().
*/
function forum_access($op, $node) {
- if ($op == 'view') {
- return $node->status;
- }
if ($op == 'create') {
return user_access('create forum topics');
}
@@ -121,9 +118,9 @@ function forum_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
- $content = node_title_list(db_query_range("SELECT n.nid, n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
+ $content = node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n ". node_access_join_sql() ." LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
- $content .= node_title_list(db_query_range("SELECT nid, title FROM {node} WHERE type = 'forum' AND status = 1 ORDER BY nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
+ $content .= node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY n.nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
if ($content) {
$content .= '<div class="more-link">'. l(t('more'), 'forum', array('title' => t('Read the latest forum topics.'))) .'</div>';
@@ -152,7 +149,7 @@ function forum_link($type, $node = 0, $main = 0) {
if (!$main && $type == 'node' && $node->type == 'forum') {
// get previous and next topic
- $result = db_query('SELECT n.nid, n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
+ $result = db_query('SELECT DISTINCT(n.nid), n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
while ($topic = db_fetch_object($result)) {
if ($stop == 1) {
@@ -357,27 +354,27 @@ function forum_get_forums($tid = 0) {
}
function _forum_num_topics($term) {
- return db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid WHERE f.tid = %d AND n.status = 1 AND f.shadow = 0', $term));
+ return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND f.shadow = 0', $term));
}
function _forum_num_replies($term) {
- return db_result(db_query("SELECT COUNT(*) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND c.status = 0 AND n.type = 'forum'", $term));
+ return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND '. node_access_where_sql() ." AND c.status = 0 AND n.type = 'forum'", $term));
}
function _forum_topics_read($term, $uid) {
// Calculate the number of topics the user has read. Assume all entries older
// than NODE_NEW_LIMIT are read, and include the recent posts that user has
// read.
- $ancient = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid WHERE f.tid = %d AND n.status = 1 AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
- $recent = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
+ $ancient = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
+ $recent = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
return $ancient + $recent;
}
function _forum_last_post($term) {
- $topic = db_fetch_object(db_query_range("SELECT n.nid, n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 ORDER BY timestamp DESC", $term, 0, 1));
+ $topic = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY timestamp DESC", $term, 0, 1));
- $reply = db_fetch_object(db_query_range("SELECT n.nid, c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
+ $reply = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
$reply->name = $reply->uid ? $reply->name : $reply->anonymous_name;
$value = ($topic->timestamp > $reply->timestamp) ? $topic : $reply;
@@ -410,10 +407,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
// show topics with the correct tid, or in the forum but with shadow = 1
// @TODO: this is not ANSI SQL! ("user error: 'n.created' isn't in GROUP BY")
// @TODO: timestamp is a sql reserved word. are there more?
- $sql = "SELECT n.nid, n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
- $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum'";
+ $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum'";
$result = pager_query($sql, $forum_per_page, 0, $sql_count);
$topic_num = db_num_rows($result);
@@ -427,7 +424,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$topic->new = 0;
}
else {
- $topic->new_replies = db_result(db_query('SELECT COUNT(c.nid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
+ $topic->new_replies = db_result(db_query('SELECT COUNT(DISTINCT(c.nid)) FROM {node} n '. node_access_join_sql() .' INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
$topic->new = $topic->new_replies || ($topic->timestamp > $history);
}
}
@@ -446,12 +443,12 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
function _forum_new($tid) {
global $user;
- $result = db_query("SELECT n.nid FROM {node} n, {history} h, {forum} f WHERE n.type = 'forum' AND n.status = 1 AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
+ $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n, {history} h, {forum} f ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
while ($r = db_fetch_object($result)) {
$read[] = $r->nid;
}
- $nid = db_result(db_query_range("SELECT n.nid FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
+ $nid = db_result(db_query_range("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND ". node_access_where_sql() ." AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
return $nid ? $nid : 0;
}
diff --git a/modules/forum/forum.module b/modules/forum/forum.module
index 0843d0171c39f9a62c920bc4c2d7a4478c928d90..aaad68486d5fccafd833691e55bccc84f75d2c60 100644
--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -36,9 +36,6 @@ function forum_node_name($node) {
* Implementation of hook_access().
*/
function forum_access($op, $node) {
- if ($op == 'view') {
- return $node->status;
- }
if ($op == 'create') {
return user_access('create forum topics');
}
@@ -121,9 +118,9 @@ function forum_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
- $content = node_title_list(db_query_range("SELECT n.nid, n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
+ $content = node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n ". node_access_join_sql() ." LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
- $content .= node_title_list(db_query_range("SELECT nid, title FROM {node} WHERE type = 'forum' AND status = 1 ORDER BY nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
+ $content .= node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY n.nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
if ($content) {
$content .= '<div class="more-link">'. l(t('more'), 'forum', array('title' => t('Read the latest forum topics.'))) .'</div>';
@@ -152,7 +149,7 @@ function forum_link($type, $node = 0, $main = 0) {
if (!$main && $type == 'node' && $node->type == 'forum') {
// get previous and next topic
- $result = db_query('SELECT n.nid, n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
+ $result = db_query('SELECT DISTINCT(n.nid), n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
while ($topic = db_fetch_object($result)) {
if ($stop == 1) {
@@ -357,27 +354,27 @@ function forum_get_forums($tid = 0) {
}
function _forum_num_topics($term) {
- return db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid WHERE f.tid = %d AND n.status = 1 AND f.shadow = 0', $term));
+ return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND f.shadow = 0', $term));
}
function _forum_num_replies($term) {
- return db_result(db_query("SELECT COUNT(*) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND c.status = 0 AND n.type = 'forum'", $term));
+ return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND '. node_access_where_sql() ." AND c.status = 0 AND n.type = 'forum'", $term));
}
function _forum_topics_read($term, $uid) {
// Calculate the number of topics the user has read. Assume all entries older
// than NODE_NEW_LIMIT are read, and include the recent posts that user has
// read.
- $ancient = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid WHERE f.tid = %d AND n.status = 1 AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
- $recent = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
+ $ancient = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
+ $recent = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
return $ancient + $recent;
}
function _forum_last_post($term) {
- $topic = db_fetch_object(db_query_range("SELECT n.nid, n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 ORDER BY timestamp DESC", $term, 0, 1));
+ $topic = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY timestamp DESC", $term, 0, 1));
- $reply = db_fetch_object(db_query_range("SELECT n.nid, c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
+ $reply = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
$reply->name = $reply->uid ? $reply->name : $reply->anonymous_name;
$value = ($topic->timestamp > $reply->timestamp) ? $topic : $reply;
@@ -410,10 +407,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
// show topics with the correct tid, or in the forum but with shadow = 1
// @TODO: this is not ANSI SQL! ("user error: 'n.created' isn't in GROUP BY")
// @TODO: timestamp is a sql reserved word. are there more?
- $sql = "SELECT n.nid, n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
- $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum'";
+ $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum'";
$result = pager_query($sql, $forum_per_page, 0, $sql_count);
$topic_num = db_num_rows($result);
@@ -427,7 +424,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$topic->new = 0;
}
else {
- $topic->new_replies = db_result(db_query('SELECT COUNT(c.nid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
+ $topic->new_replies = db_result(db_query('SELECT COUNT(DISTINCT(c.nid)) FROM {node} n '. node_access_join_sql() .' INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
$topic->new = $topic->new_replies || ($topic->timestamp > $history);
}
}
@@ -446,12 +443,12 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
function _forum_new($tid) {
global $user;
- $result = db_query("SELECT n.nid FROM {node} n, {history} h, {forum} f WHERE n.type = 'forum' AND n.status = 1 AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
+ $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n, {history} h, {forum} f ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
while ($r = db_fetch_object($result)) {
$read[] = $r->nid;
}
- $nid = db_result(db_query_range("SELECT n.nid FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
+ $nid = db_result(db_query_range("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND ". node_access_where_sql() ." AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
return $nid ? $nid : 0;
}
diff --git a/modules/node.module b/modules/node.module
index e76437c739bc0556366e9540223b67f8fb876518..68fcaf2e9c348ee6c67f61ffefe5f7672e43ccdf 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) {
* Generate a page displaying a single node, along with its comments.
*/
function node_show($node, $cid) {
- if (node_access('view', $node)) {
- $output = node_view($node, FALSE, TRUE);
+ $output = node_view($node, FALSE, TRUE);
- if (function_exists('comment_render') && $node->comment) {
- $output .= comment_render($node, $cid);
- }
-
- // Update the history table, stating that this user viewed this node.
- node_tag_new($node->nid);
-
- return $output;
- }
- else {
- drupal_set_message(message_access());
- }
-}
-
-/**
- * Determine whether the current user may perform the given operation on the
- * specified node.
- */
-function node_access($op, $node = NULL) {
- if (user_access('administer nodes')) {
- return TRUE;
+ if (function_exists('comment_render') && $node->comment) {
+ $output .= comment_render($node, $cid);
}
- // Convert the node to an object if necessary:
- $node = array2object($node);
+ // Update the history table, stating that this user viewed this node.
+ node_tag_new($node->nid);
- // Can't use node_invoke(), because the access hook takes the $op parameter
- // before the $node parameter.
- return module_invoke(node_get_module_name($node), 'access', $op, $node);
+ return $output;
}
/**
@@ -585,7 +563,7 @@ function node_perm() {
* created, uid, name, and count.
*/
function node_search($keys) {
- $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "select s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1"));
+ $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "SELECT DISTINCT s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1 AND ". node_access_where_sql()));
return array(t('Matching nodes ranked in order of relevance'), $find);
}
@@ -678,7 +656,7 @@ function node_menu() {
$items[] = array('path' => 'node/'. arg(1), 'title' => t('view'),
'callback' => 'node_page',
- 'access' => user_access('access content'),
+ 'access' => node_access('view', $node),
'type' => MENU_CALLBACK);
$items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'),
'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
@@ -1281,12 +1259,7 @@ function node_edit($id) {
drupal_set_title($node->title);
- if (node_access('update', $node)) {
- $output = node_form($node);
- }
- else {
- $output = message_access();
- }
+ $output = node_form($node);
return $output;
}
@@ -1423,7 +1396,7 @@ function node_delete($edit) {
* Generate a listing of promoted nodes.
*/
function node_page_default() {
- $result = pager_query('SELECT nid, type FROM {node} WHERE promote = 1 AND status = 1 ORDER BY sticky DESC, created DESC', variable_get('default_nodes_main', 10));
+ $result = pager_query('SELECT DISTINCT(n.nid), n.type FROM {node} n '. node_access_join_sql() .' WHERE n.promote = 1 AND n.status = 1 AND '. node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10));
if (db_num_rows($result)) {
drupal_set_html_head('<link rel="alternate" type="application/rss+xml" title="RSS" href="'. url('node/feed', NULL, NULL, TRUE) .'" />');
@@ -1546,4 +1519,164 @@ function node_nodeapi(&$node, $op, $arg = 0) {
}
}
+/**
+ * @defgroup node_access Node access rights
+ * @{
+ * The node access system determines who can do what to which nodes.
+ *
+ * In determining access rights for a node, node_access() first checks
+ * whether the user has the "administer nodes" permission. Such users have
+ * unrestricted access to all nodes. Then the node module's hook_access()
+ * is called, and a TRUE or FALSE return value will grant or deny access.
+ * This allows, for example, the blog module to always grant access to the
+ * blog author, and for the book module to always deny editing access to
+ * PHP pages.
+ *
+ * If node module does not intervene (returns NULL), then the
+ * node_access table is used to determine access. All node access
+ * modules are queried using hook_node_grants() to assemble a list of
+ * "grant IDs" for the user. This list is compared against the table.
+ * If any row contains the node ID in question (or 0, which stands for "all
+ * nodes"), one of the grant IDs returned, and a value of TRUE for the
+ * operation in question, then access is granted. Note that this table is a
+ * list of grants; any matching row is sufficient to grant access to the
+ * node.
+ *
+ * In node listings, the process above is followed except that
+ * hook_access() is not called on each node for performance reasons and for
+ * proper functioning of the pager system. When adding a node listing to your
+ * module, be sure to use node_access_join_sql() and node_access_where_sql() to add
+ * the appropriate clauses to your query for access checks.
+ *
+ * To see how to write a node access module of your own, see
+ * node_access_example.module.
+ */
+
+/**
+ * Determine whether the current user may perform the given operation on the
+ * specified node.
+ *
+ * @param $op
+ * The operation to be performed on the node. Possible values are:
+ * - "view"
+ * - "update"
+ * - "delete"
+ * @param $node
+ * The node object (or node array) on which the operation is to be performed.
+ * @return
+ * TRUE if the operation may be performed.
+ */
+function node_access($op, $node = NULL) {
+ if (user_access('administer nodes')) {
+ return TRUE;
+ }
+
+ // Convert the node to an object if necessary:
+ $node = array2object($node);
+
+ // Can't use node_invoke(), because the access hook takes the $op parameter
+ // before the $node parameter.
+ $access = module_invoke(node_get_module_name($node), 'access', $op, $node);
+ if (!is_null($access)) {
+ return $access;
+ }
+
+ // If the module did not override the access rights, use those set in the
+ // node_access table.
+ if ($node->nid && $node->status) {
+ $sql = 'SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) AND CONCAT(realm, gid) IN (';
+ $grants = array();
+ foreach (node_access_grants($op, $uid) as $realm => $gids) {
+ foreach ($gids as $gid) {
+ $grants[] = "'". $realm . $gid ."'";
+ }
+ }
+ $sql .= implode(',', $grants) .') AND grant_'. $op .' = 1';
+ $result = db_query($sql, $nid);
+ return (db_result($result));
+ }
+ return FALSE;
+}
+
+/**
+ * Generate an SQL join clause for use in fetching a node listing.
+ *
+ * @param $node_alias
+ * If the node table has been given an SQL alias other than the default
+ * "n", that must be passed here.
+ * @param $node_access_alias
+ * If the node_access table has been given an SQL alias other than the default
+ * "na", that must be passed here.
+ * @return
+ * An SQL join clause.
+ */
+function node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
+ if (user_access('administer nodes')) {
+ return '';
+ }
+
+ $sql = 'INNER JOIN {node_access} '. $node_access_alias;
+ $sql .= ' ON ('. $node_access_alias .'.nid = 0 OR '. $node_access_alias .'.nid = '. $node_alias .'.nid)';
+ return $sql;
+}
+
+/**
+ * Generate an SQL where clause for use in fetching a node listing.
+ *
+ * @param $op
+ * The operation that must be allowed to return a node.
+ * @param $node_access_alias
+ * If the node_access table has been given an SQL alias other than the default
+ * "na", that must be passed here.
+ * @return
+ * An SQL where clause.
+ */
+function node_access_where_sql($op = 'view', $node_access_alias = 'na') {
+ if (user_access('administer nodes')) {
+ return '1';
+ }
+
+ $sql = $node_access_alias .'.grant_'. $op .' = 1 AND CONCAT('. $node_access_alias .'.realm, '. $node_access_alias .'.gid) IN (';
+ $grants = array();
+ foreach (node_access_grants($op) as $realm => $gids) {
+ foreach ($gids as $gid) {
+ $grants[] = "'". $realm . $gid ."'";
+ }
+ }
+ $sql .= implode(',', $grants) .')';
+ return $sql;
+}
+
+/**
+ * Fetch an array of permission IDs granted to the given user ID.
+ *
+ * The implementation here provides only the universal "all" grant. A node
+ * access module should implement hook_node_grants() to provide a grant
+ * list for the user.
+ *
+ * @param $op
+ * The operation that the user is trying to perform.
+ * @param $uid
+ * The user ID performing the operation. If omitted, the current user is used.
+ * @return
+ * An associative array in which the keys are realms, and the values are
+ * arrays of grants for those realms.
+ */
+function node_access_grants($op, $uid = NULL) {
+ global $user;
+
+ if (isset($uid)) {
+ $user_object = user_load(array('uid' => $uid));
+ }
+ else {
+ $user_object = $user;
+ }
+
+ return array_merge(array('all' => array(0)), module_invoke_all('node_grants', $user_object, $op));
+}
+
+/**
+ * @} end of defgroup node_access
+ */
+
?>
diff --git a/modules/node/node.module b/modules/node/node.module
index e76437c739bc0556366e9540223b67f8fb876518..68fcaf2e9c348ee6c67f61ffefe5f7672e43ccdf 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) {
* Generate a page displaying a single node, along with its comments.
*/
function node_show($node, $cid) {
- if (node_access('view', $node)) {
- $output = node_view($node, FALSE, TRUE);
+ $output = node_view($node, FALSE, TRUE);
- if (function_exists('comment_render') && $node->comment) {
- $output .= comment_render($node, $cid);
- }
-
- // Update the history table, stating that this user viewed this node.
- node_tag_new($node->nid);
-
- return $output;
- }
- else {
- drupal_set_message(message_access());
- }
-}
-
-/**
- * Determine whether the current user may perform the given operation on the
- * specified node.
- */
-function node_access($op, $node = NULL) {
- if (user_access('administer nodes')) {
- return TRUE;
+ if (function_exists('comment_render') && $node->comment) {
+ $output .= comment_render($node, $cid);
}
- // Convert the node to an object if necessary:
- $node = array2object($node);
+ // Update the history table, stating that this user viewed this node.
+ node_tag_new($node->nid);
- // Can't use node_invoke(), because the access hook takes the $op parameter
- // before the $node parameter.
- return module_invoke(node_get_module_name($node), 'access', $op, $node);
+ return $output;
}
/**
@@ -585,7 +563,7 @@ function node_perm() {
* created, uid, name, and count.
*/
function node_search($keys) {
- $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "select s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1"));
+ $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "SELECT DISTINCT s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1 AND ". node_access_where_sql()));
return array(t('Matching nodes ranked in order of relevance'), $find);
}
@@ -678,7 +656,7 @@ function node_menu() {
$items[] = array('path' => 'node/'. arg(1), 'title' => t('view'),
'callback' => 'node_page',
- 'access' => user_access('access content'),
+ 'access' => node_access('view', $node),
'type' => MENU_CALLBACK);
$items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'),
'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
@@ -1281,12 +1259,7 @@ function node_edit($id) {
drupal_set_title($node->title);
- if (node_access('update', $node)) {
- $output = node_form($node);
- }
- else {
- $output = message_access();
- }
+ $output = node_form($node);
return $output;
}
@@ -1423,7 +1396,7 @@ function node_delete($edit) {
* Generate a listing of promoted nodes.
*/
function node_page_default() {
- $result = pager_query('SELECT nid, type FROM {node} WHERE promote = 1 AND status = 1 ORDER BY sticky DESC, created DESC', variable_get('default_nodes_main', 10));
+ $result = pager_query('SELECT DISTINCT(n.nid), n.type FROM {node} n '. node_access_join_sql() .' WHERE n.promote = 1 AND n.status = 1 AND '. node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10));
if (db_num_rows($result)) {
drupal_set_html_head('<link rel="alternate" type="application/rss+xml" title="RSS" href="'. url('node/feed', NULL, NULL, TRUE) .'" />');
@@ -1546,4 +1519,164 @@ function node_nodeapi(&$node, $op, $arg = 0) {
}
}
+/**
+ * @defgroup node_access Node access rights
+ * @{
+ * The node access system determines who can do what to which nodes.
+ *
+ * In determining access rights for a node, node_access() first checks
+ * whether the user has the "administer nodes" permission. Such users have
+ * unrestricted access to all nodes. Then the node module's hook_access()
+ * is called, and a TRUE or FALSE return value will grant or deny access.
+ * This allows, for example, the blog module to always grant access to the
+ * blog author, and for the book module to always deny editing access to
+ * PHP pages.
+ *
+ * If node module does not intervene (returns NULL), then the
+ * node_access table is used to determine access. All node access
+ * modules are queried using hook_node_grants() to assemble a list of
+ * "grant IDs" for the user. This list is compared against the table.
+ * If any row contains the node ID in question (or 0, which stands for "all
+ * nodes"), one of the grant IDs returned, and a value of TRUE for the
+ * operation in question, then access is granted. Note that this table is a
+ * list of grants; any matching row is sufficient to grant access to the
+ * node.
+ *
+ * In node listings, the process above is followed except that
+ * hook_access() is not called on each node for performance reasons and for
+ * proper functioning of the pager system. When adding a node listing to your
+ * module, be sure to use node_access_join_sql() and node_access_where_sql() to add
+ * the appropriate clauses to your query for access checks.
+ *
+ * To see how to write a node access module of your own, see
+ * node_access_example.module.
+ */
+
+/**
+ * Determine whether the current user may perform the given operation on the
+ * specified node.
+ *
+ * @param $op
+ * The operation to be performed on the node. Possible values are:
+ * - "view"
+ * - "update"
+ * - "delete"
+ * @param $node
+ * The node object (or node array) on which the operation is to be performed.
+ * @return
+ * TRUE if the operation may be performed.
+ */
+function node_access($op, $node = NULL) {
+ if (user_access('administer nodes')) {
+ return TRUE;
+ }
+
+ // Convert the node to an object if necessary:
+ $node = array2object($node);
+
+ // Can't use node_invoke(), because the access hook takes the $op parameter
+ // before the $node parameter.
+ $access = module_invoke(node_get_module_name($node), 'access', $op, $node);
+ if (!is_null($access)) {
+ return $access;
+ }
+
+ // If the module did not override the access rights, use those set in the
+ // node_access table.
+ if ($node->nid && $node->status) {
+ $sql = 'SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) AND CONCAT(realm, gid) IN (';
+ $grants = array();
+ foreach (node_access_grants($op, $uid) as $realm => $gids) {
+ foreach ($gids as $gid) {
+ $grants[] = "'". $realm . $gid ."'";
+ }
+ }
+ $sql .= implode(',', $grants) .') AND grant_'. $op .' = 1';
+ $result = db_query($sql, $nid);
+ return (db_result($result));
+ }
+ return FALSE;
+}
+
+/**
+ * Generate an SQL join clause for use in fetching a node listing.
+ *
+ * @param $node_alias
+ * If the node table has been given an SQL alias other than the default
+ * "n", that must be passed here.
+ * @param $node_access_alias
+ * If the node_access table has been given an SQL alias other than the default
+ * "na", that must be passed here.
+ * @return
+ * An SQL join clause.
+ */
+function node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
+ if (user_access('administer nodes')) {
+ return '';
+ }
+
+ $sql = 'INNER JOIN {node_access} '. $node_access_alias;
+ $sql .= ' ON ('. $node_access_alias .'.nid = 0 OR '. $node_access_alias .'.nid = '. $node_alias .'.nid)';
+ return $sql;
+}
+
+/**
+ * Generate an SQL where clause for use in fetching a node listing.
+ *
+ * @param $op
+ * The operation that must be allowed to return a node.
+ * @param $node_access_alias
+ * If the node_access table has been given an SQL alias other than the default
+ * "na", that must be passed here.
+ * @return
+ * An SQL where clause.
+ */
+function node_access_where_sql($op = 'view', $node_access_alias = 'na') {
+ if (user_access('administer nodes')) {
+ return '1';
+ }
+
+ $sql = $node_access_alias .'.grant_'. $op .' = 1 AND CONCAT('. $node_access_alias .'.realm, '. $node_access_alias .'.gid) IN (';
+ $grants = array();
+ foreach (node_access_grants($op) as $realm => $gids) {
+ foreach ($gids as $gid) {
+ $grants[] = "'". $realm . $gid ."'";
+ }
+ }
+ $sql .= implode(',', $grants) .')';
+ return $sql;
+}
+
+/**
+ * Fetch an array of permission IDs granted to the given user ID.
+ *
+ * The implementation here provides only the universal "all" grant. A node
+ * access module should implement hook_node_grants() to provide a grant
+ * list for the user.
+ *
+ * @param $op
+ * The operation that the user is trying to perform.
+ * @param $uid
+ * The user ID performing the operation. If omitted, the current user is used.
+ * @return
+ * An associative array in which the keys are realms, and the values are
+ * arrays of grants for those realms.
+ */
+function node_access_grants($op, $uid = NULL) {
+ global $user;
+
+ if (isset($uid)) {
+ $user_object = user_load(array('uid' => $uid));
+ }
+ else {
+ $user_object = $user;
+ }
+
+ return array_merge(array('all' => array(0)), module_invoke_all('node_grants', $user_object, $op));
+}
+
+/**
+ * @} end of defgroup node_access
+ */
+
?>
diff --git a/modules/page.module b/modules/page.module
index 4e03a5451aad77e53de68979dd5fce66928bcc12..48621154e9ecbedd966568737f221d371d5f2f2c 100644
--- a/modules/page.module
+++ b/modules/page.module
@@ -41,20 +41,14 @@ function page_node_name($node) {
function page_access($op, $node) {
global $user;
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('create pages');
}
- if ($op == 'update') {
- return user_access('edit own pages') && ($user->uid == $node->uid);
- }
-
- if ($op == 'delete') {
- return user_access('edit own pages') && ($user->uid == $node->uid);
+ if ($op == 'update' || $op == 'delete') {
+ if (user_access('edit own pages') && ($user->uid == $node->uid)) {
+ return TRUE;
+ }
}
}
diff --git a/modules/page/page.module b/modules/page/page.module
index 4e03a5451aad77e53de68979dd5fce66928bcc12..48621154e9ecbedd966568737f221d371d5f2f2c 100644
--- a/modules/page/page.module
+++ b/modules/page/page.module
@@ -41,20 +41,14 @@ function page_node_name($node) {
function page_access($op, $node) {
global $user;
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('create pages');
}
- if ($op == 'update') {
- return user_access('edit own pages') && ($user->uid == $node->uid);
- }
-
- if ($op == 'delete') {
- return user_access('edit own pages') && ($user->uid == $node->uid);
+ if ($op == 'update' || $op == 'delete') {
+ if (user_access('edit own pages') && ($user->uid == $node->uid)) {
+ return TRUE;
+ }
}
}
diff --git a/modules/poll.module b/modules/poll.module
index 39f999543ed27facbb7d8e0444001fb96a5c8efa..214145848801f703a28b4e8c0bde9a6159810b5a 100644
--- a/modules/poll.module
+++ b/modules/poll.module
@@ -27,10 +27,6 @@ function poll_help($section) {
* Implementation of hook_access().
*/
function poll_access($op, $node) {
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('create polls');
}
@@ -49,7 +45,7 @@ function poll_block($op = 'list', $delta = 0) {
}
else {
// Retrieve the latest poll.
- $timestamp = db_result(db_query("SELECT MAX(created) FROM {node} WHERE type = 'poll' AND status = '1' AND moderate = '0'"));
+ $timestamp = db_result(db_query('SELECT MAX(n.created) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'poll' AND n.status = 1 AND ". node_access_where_sql() .' AND n.moderate = 0'));
if ($timestamp) {
$poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'moderate' => 0, 'status' => 1));
@@ -270,7 +266,7 @@ function poll_node_name($node) {
function poll_page() {
// List all polls
- $result = pager_query("SELECT n.nid, n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = '1' AND moderate = '0' GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
+ $result = pager_query("SELECT DISTINCT(n.nid), n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n ". node_access_join_sql() ." INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND ". node_access_where_sql() ." AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
$output = '<ul>';
while ($node = db_fetch_object($result)) {
$output .= '<li>'. l($node->title, "node/$node->nid") .' - '. format_plural($node->votes, '1 vote', '%count votes') .' - '. ($node->active ? t('open') : t('closed')) .'</li>';
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index 39f999543ed27facbb7d8e0444001fb96a5c8efa..214145848801f703a28b4e8c0bde9a6159810b5a 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -27,10 +27,6 @@ function poll_help($section) {
* Implementation of hook_access().
*/
function poll_access($op, $node) {
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('create polls');
}
@@ -49,7 +45,7 @@ function poll_block($op = 'list', $delta = 0) {
}
else {
// Retrieve the latest poll.
- $timestamp = db_result(db_query("SELECT MAX(created) FROM {node} WHERE type = 'poll' AND status = '1' AND moderate = '0'"));
+ $timestamp = db_result(db_query('SELECT MAX(n.created) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'poll' AND n.status = 1 AND ". node_access_where_sql() .' AND n.moderate = 0'));
if ($timestamp) {
$poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'moderate' => 0, 'status' => 1));
@@ -270,7 +266,7 @@ function poll_node_name($node) {
function poll_page() {
// List all polls
- $result = pager_query("SELECT n.nid, n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = '1' AND moderate = '0' GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
+ $result = pager_query("SELECT DISTINCT(n.nid), n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n ". node_access_join_sql() ." INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND ". node_access_where_sql() ." AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
$output = '<ul>';
while ($node = db_fetch_object($result)) {
$output .= '<li>'. l($node->title, "node/$node->nid") .' - '. format_plural($node->votes, '1 vote', '%count votes') .' - '. ($node->active ? t('open') : t('closed')) .'</li>';
diff --git a/modules/story.module b/modules/story.module
index fced1d35506cf804e1736cc0633ffdac1f212955..0efb933e383fcef1ca071a35e0cdcc48b3adcc2c 100644
--- a/modules/story.module
+++ b/modules/story.module
@@ -55,20 +55,14 @@ function story_perm() {
function story_access($op, $node) {
global $user;
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('create stories');
}
- if ($op == 'update') {
- return user_access('edit own stories') && ($user->uid == $node->uid);
- }
-
- if ($op == 'delete') {
- return user_access('edit own stories') && ($user->uid == $node->uid);
+ if ($op == 'update' || $op == 'delete') {
+ if (user_access('edit own stories') && ($user->uid == $node->uid)) {
+ return TRUE;
+ }
}
}
diff --git a/modules/story/story.module b/modules/story/story.module
index fced1d35506cf804e1736cc0633ffdac1f212955..0efb933e383fcef1ca071a35e0cdcc48b3adcc2c 100644
--- a/modules/story/story.module
+++ b/modules/story/story.module
@@ -55,20 +55,14 @@ function story_perm() {
function story_access($op, $node) {
global $user;
- if ($op == 'view') {
- return $node->status;
- }
-
if ($op == 'create') {
return user_access('create stories');
}
- if ($op == 'update') {
- return user_access('edit own stories') && ($user->uid == $node->uid);
- }
-
- if ($op == 'delete') {
- return user_access('edit own stories') && ($user->uid == $node->uid);
+ if ($op == 'update' || $op == 'delete') {
+ if (user_access('edit own stories') && ($user->uid == $node->uid)) {
+ return TRUE;
+ }
}
}
diff --git a/modules/taxonomy.module b/modules/taxonomy.module
index 5eae639faca4e87d6fd08e2ea83417aed56e1937..22b662ba3e5c73e6db1b9afb506ff9a011e9a652 100644
--- a/modules/taxonomy.module
+++ b/modules/taxonomy.module
@@ -771,14 +771,14 @@ function _prepare_insert($data, $stage) {
function taxonomy_select_nodes($taxonomy, $pager = TRUE) {
if ($taxonomy->str_tids) {
if ($taxonomy->operator == 'or') {
- $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 ORDER BY sticky DESC, created DESC";
- $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1";
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY sticky DESC, created DESC';
+ $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql();
}
else {
- $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
// Special trick as we could not find anything better:
- $count = db_num_rows(db_query("SELECT n.nid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
+ $count = db_num_rows(db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
$sql_count = "SELECT $count";
}
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index 5eae639faca4e87d6fd08e2ea83417aed56e1937..22b662ba3e5c73e6db1b9afb506ff9a011e9a652 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -771,14 +771,14 @@ function _prepare_insert($data, $stage) {
function taxonomy_select_nodes($taxonomy, $pager = TRUE) {
if ($taxonomy->str_tids) {
if ($taxonomy->operator == 'or') {
- $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 ORDER BY sticky DESC, created DESC";
- $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1";
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY sticky DESC, created DESC';
+ $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql();
}
else {
- $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
// Special trick as we could not find anything better:
- $count = db_num_rows(db_query("SELECT n.nid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
+ $count = db_num_rows(db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
$sql_count = "SELECT $count";
}
diff --git a/modules/tracker.module b/modules/tracker.module
index 9ef13b95b1a3c1c438bd7ed8147bd52a23e8f9a7..f5889ec9f09e023e769c5504a9aeb37e72ad17ac 100644
--- a/modules/tracker.module
+++ b/modules/tracker.module
@@ -44,11 +44,10 @@ function tracker_page($uid = 0) {
$output .= '';
if ($uid) {
- $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
-
+ $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
}
else {
- $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(nid) FROM {node} WHERE status = 1');
+ $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND '. node_access_where_sql());
}
while ($node = db_fetch_object($result)) {
diff --git a/modules/tracker/tracker.module b/modules/tracker/tracker.module
index 9ef13b95b1a3c1c438bd7ed8147bd52a23e8f9a7..f5889ec9f09e023e769c5504a9aeb37e72ad17ac 100644
--- a/modules/tracker/tracker.module
+++ b/modules/tracker/tracker.module
@@ -44,11 +44,10 @@ function tracker_page($uid = 0) {
$output .= '';
if ($uid) {
- $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
-
+ $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
}
else {
- $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(nid) FROM {node} WHERE status = 1');
+ $result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND '. node_access_where_sql());
}
while ($node = db_fetch_object($result)) {
diff --git a/modules/user.module b/modules/user.module
index ea10b2cd6a5a6508578f7e41522734ee6f258acf..9c9b0883c90ec23416657eb82822c39e8544e8cb 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -266,7 +266,7 @@ function user_access($string) {
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if ($perm === 0) {
- $result = db_query('SELECT DISTINCT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
+ $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
while ($row = db_fetch_object($result)) {
$perm .= "$row->perm, ";
@@ -520,8 +520,8 @@ function user_block($op = 'list', $delta = 0) {
$time_period = variable_get('user_block_seconds_online', 2700);
// Perform database queries to gather online user lists.
- $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
- $users = db_query('SELECT DISTINCT uid, MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
+ $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT(sid)) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
+ $users = db_query('SELECT DISTINCT(uid), MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
$total_users = db_num_rows($users);
// Format the output with proper grammar.
@@ -1423,7 +1423,7 @@ function user_admin_role($edit = array()) {
db_query('DELETE FROM {permission} WHERE rid = %d', $id);
// Update the users who have this role set:
- $result = db_query('SELECT DISTINCT ur1.uid FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
+ $result = db_query('SELECT DISTINCT(ur1.uid) FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
$uid = array();
while ($u = db_fetch_object($result)) {
diff --git a/modules/user/user.module b/modules/user/user.module
index ea10b2cd6a5a6508578f7e41522734ee6f258acf..9c9b0883c90ec23416657eb82822c39e8544e8cb 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -266,7 +266,7 @@ function user_access($string) {
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if ($perm === 0) {
- $result = db_query('SELECT DISTINCT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
+ $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
while ($row = db_fetch_object($result)) {
$perm .= "$row->perm, ";
@@ -520,8 +520,8 @@ function user_block($op = 'list', $delta = 0) {
$time_period = variable_get('user_block_seconds_online', 2700);
// Perform database queries to gather online user lists.
- $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
- $users = db_query('SELECT DISTINCT uid, MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
+ $guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT(sid)) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
+ $users = db_query('SELECT DISTINCT(uid), MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
$total_users = db_num_rows($users);
// Format the output with proper grammar.
@@ -1423,7 +1423,7 @@ function user_admin_role($edit = array()) {
db_query('DELETE FROM {permission} WHERE rid = %d', $id);
// Update the users who have this role set:
- $result = db_query('SELECT DISTINCT ur1.uid FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
+ $result = db_query('SELECT DISTINCT(ur1.uid) FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
$uid = array();
while ($u = db_fetch_object($result)) {