Commit 202eee42 authored by Dries's avatar Dries

- Patch #9543 by JonBob: added node-level access control!
parent aed1b0ca
Drupal x.x.x, xxxx-xx-xx Drupal x.x.x, xxxx-xx-xx
------------------------ ------------------------
- navigation: - navigation:
* made it possible to add, delete, rename and move menu items. * made it possible to add, delete, rename and move menu items.
* introduced tabs and subtabs for local tasks. * introduced tabs and subtabs for local tasks.
...@@ -8,7 +7,9 @@ Drupal x.x.x, xxxx-xx-xx ...@@ -8,7 +7,9 @@ Drupal x.x.x, xxxx-xx-xx
- user management: - user management:
* added support for multiple roles per user. * added support for multiple roles per user.
* made it possible to add custom profile fields. * made it possible to add custom profile fields.
* made it possible to browse the profiles by field. * made it possible to browse user profiles by field.
- node system:
* added support for node-level permissions.
- comment module: - comment module:
* made it possible to comment without having to register. * made it possible to comment without having to register.
- forum module: - forum module:
...@@ -17,7 +18,8 @@ Drupal x.x.x, xxxx-xx-xx ...@@ -17,7 +18,8 @@ Drupal x.x.x, xxxx-xx-xx
- syndication: - syndication:
* added support for RSS ping-notifications of http://technorati.com/. * added support for RSS ping-notifications of http://technorati.com/.
* refactored the categorization of syndicated news items. * refactored the categorization of syndicated news items.
* added URL aliases for 'rss.xml' and 'index.rdf'. * added an URL alias for 'rss.xml'.
* improved date parsing.
- database backend: - database backend:
* added support for multiple database connections. * added support for multiple database connections.
- theme system: - theme system:
...@@ -27,8 +29,6 @@ Drupal x.x.x, xxxx-xx-xx ...@@ -27,8 +29,6 @@ Drupal x.x.x, xxxx-xx-xx
* added 'categories' block. * added 'categories' block.
- blogger API: - blogger API:
* added support for auto-discovery of blogger API via RSD. * added support for auto-discovery of blogger API via RSD.
- news aggregator:
* improved date parsing.
- performance: - performance:
* added support for sending gzip compressed pages. * added support for sending gzip compressed pages.
- accessibility: - accessibility:
...@@ -38,22 +38,16 @@ Drupal x.x.x, xxxx-xx-xx ...@@ -38,22 +38,16 @@ Drupal x.x.x, xxxx-xx-xx
- documentation: - documentation:
* added PHPDoc/Doxygen comments. * added PHPDoc/Doxygen comments.
Drupal 4.4.2, 2004-07-04 Drupal 4.4.2, 2004-07-04
------------------------ ------------------------
- fixed bugs: no critical bugs were identified. - fixed bugs: no critical bugs were identified.
Drupal 4.4.1, 2004-05-01 Drupal 4.4.1, 2004-05-01
------------------------ ------------------------
- fixed bugs: no critical bugs were identified. - fixed bugs: no critical bugs were identified.
Drupal 4.4.0, 2004-04-01 Drupal 4.4.0, 2004-04-01
------------------------ ------------------------
- added support for the MetaWeblog API and MovableType extensions. - added support for the MetaWeblog API and MovableType extensions.
- added a file API: enables better document management. - added a file API: enables better document management.
- improved the watchdog and search module to log search keys. - improved the watchdog and search module to log search keys.
...@@ -92,22 +86,16 @@ Drupal 4.4.0, 2004-04-01 ...@@ -92,22 +86,16 @@ Drupal 4.4.0, 2004-04-01
- documentation: - documentation:
* added PHPDoc/Doxygen comments. * added PHPDoc/Doxygen comments.
Drupal 4.3.2, 2004-01-01 Drupal 4.3.2, 2004-01-01
------------------------ ------------------------
- fixed bugs: no critical bugs were identified. - fixed bugs: no critical bugs were identified.
Drupal 4.3.1, 2003-12-01 Drupal 4.3.1, 2003-12-01
------------------------ ------------------------
- fixed bugs: no critical bugs were identified. - fixed bugs: no critical bugs were identified.
Drupal 4.3.0, 2003-11-01 Drupal 4.3.0, 2003-11-01
------------------------ ------------------------
- added support for configurable URLs. - added support for configurable URLs.
- added support for sortable table columns. - added support for sortable table columns.
- database backend: - database backend:
...@@ -131,7 +119,6 @@ Drupal 4.3.0, 2003-11-01 ...@@ -131,7 +119,6 @@ Drupal 4.3.0, 2003-11-01
Drupal 4.2.0, 2003-08-01 Drupal 4.2.0, 2003-08-01
------------------------ ------------------------
- added support for clean URLs. - added support for clean URLs.
- added textarea hook and support for onload attributes: enables integration of WYSIWYG editors. - added textarea hook and support for onload attributes: enables integration of WYSIWYG editors.
- rewrote the RSS/RDF parser: - rewrote the RSS/RDF parser:
...@@ -159,7 +146,6 @@ Drupal 4.2.0, 2003-08-01 ...@@ -159,7 +146,6 @@ Drupal 4.2.0, 2003-08-01
Drupal 4.1.0, 2003-02-01 Drupal 4.1.0, 2003-02-01
------------------------ ------------------------
- collaboratively revised and expanded the Drupal documentation. - collaboratively revised and expanded the Drupal documentation.
- rewrote comment.module: - rewrote comment.module:
* reintroduced comment rating/moderation. * reintroduced comment rating/moderation.
...@@ -214,12 +200,11 @@ Drupal 4.0.0, 2002-06-15 ...@@ -214,12 +200,11 @@ Drupal 4.0.0, 2002-06-15
* blocks can be set to only show up on some pages. * blocks can be set to only show up on some pages.
* merged box module with block module. * merged box module with block module.
- node system: - node system:
* fixed node retrieval based on titles.
* blogs can be updated. * blogs can be updated.
* teasers (abstracts) on all node types. * teasers (abstracts) on all node types.
* improved error checking. * improved error checking.
* usability improvements.
* content versioning support. * content versioning support.
* usability improvements.
- improved book module to support text, HTML and PHP pages. - improved book module to support text, HTML and PHP pages.
- improved comment module to mark new comments. - improved comment module to mark new comments.
- added a general outliner which will let any node type be linked to a book. - added a general outliner which will let any node type be linked to a book.
......
...@@ -339,7 +339,21 @@ CREATE TABLE node ( ...@@ -339,7 +339,21 @@ CREATE TABLE node (
KEY node_changed (changed) KEY node_changed (changed)
) TYPE=MyISAM; ) TYPE=MyISAM;
-- #
# Table structure for table `node_access`
#
CREATE TABLE node_access (
nid int(10) unsigned NOT NULL default '0',
gid int(10) unsigned NOT NULL default '0',
realm varchar(255) NOT NULL default '',
grant_view tinyint(1) unsigned NOT NULL default '0',
grant_update tinyint(1) unsigned NOT NULL default '0',
grant_delete tinyint(1) unsigned NOT NULL default '0',
PRIMARY KEY (nid,gid,realm)
) TYPE=MyISAM;
-
-- Table structure for table 'page' -- Table structure for table 'page'
-- --
...@@ -682,3 +696,5 @@ REPLACE blocks SET module = 'user', delta = '0', status = '1'; ...@@ -682,3 +696,5 @@ REPLACE blocks SET module = 'user', delta = '0', status = '1';
REPLACE blocks SET module = 'user', delta = '1', status = '1'; REPLACE blocks SET module = 'user', delta = '1', status = '1';
INSERT INTO sequences (name, id) VALUES ('menu_mid', 1); INSERT INTO sequences (name, id) VALUES ('menu_mid', 1);
INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);
...@@ -65,7 +65,8 @@ ...@@ -65,7 +65,8 @@
"2004-06-30" => "update_91", "2004-06-30" => "update_91",
"2004-07-07" => "update_92", "2004-07-07" => "update_92",
"2004-07-11" => "update_93", "2004-07-11" => "update_93",
"2004-07-22" => "update_94" "2004-07-22" => "update_94",
"2004-07-30" => "update_95"
); );
function update_32() { function update_32() {
...@@ -1187,6 +1188,22 @@ function update_94() { ...@@ -1187,6 +1188,22 @@ function update_94() {
return $ret; return $ret;
} }
function update_95() {
$ret = array();
$ret[] = update_sql("CREATE TABLE node_access (
nid int(10) unsigned NOT NULL default '0',
gid int(10) unsigned NOT NULL default '0',
realm varchar(255) NOT NULL default '',
grant_view tinyint(1) unsigned NOT NULL default '0',
grant_update tinyint(1) unsigned NOT NULL default '0',
grant_delete tinyint(1) unsigned NOT NULL default '0',
PRIMARY KEY (nid,gid,realm)
)");
$ret[] = update_sql("INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);");
return $ret;
}
function update_sql($sql) { function update_sql($sql) {
$edit = $_POST["edit"]; $edit = $_POST["edit"];
$result = db_query($sql); $result = db_query($sql);
......
...@@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) { ...@@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) {
if ($year && $month && $day) { if ($year && $month && $day) {
// Fetch nodes for the selected date, if one was specified. // Fetch nodes for the selected date, if one was specified.
$result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20); $result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20);
while ($nid = db_fetch_object($result)) { while ($nid = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $nid->nid)), 1); $output .= node_view(node_load(array('nid' => $nid->nid)), 1);
......
...@@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) { ...@@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) {
if ($year && $month && $day) { if ($year && $month && $day) {
// Fetch nodes for the selected date, if one was specified. // Fetch nodes for the selected date, if one was specified.
$result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20); $result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20);
while ($nid = db_fetch_object($result)) { while ($nid = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $nid->nid)), 1); $output .= node_view(node_load(array('nid' => $nid->nid)), 1);
......
...@@ -30,22 +30,15 @@ function blog_perm() { ...@@ -30,22 +30,15 @@ function blog_perm() {
function blog_access($op, $node) { function blog_access($op, $node) {
global $user; global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') { if ($op == 'create') {
return user_access('edit own blog') && $user->uid; return user_access('edit own blog') && $user->uid;
} }
if ($op == 'update') { if ($op == 'update' || $op == 'delete') {
return user_access('edit own blog') && ($user->uid == $node->uid); if (user_access('edit own blog') && ($user->uid == $node->uid)) {
} return TRUE;
}
if ($op == 'delete') {
return user_access('edit own blog') && ($user->uid == $node->uid);
} }
} }
/** /**
...@@ -143,7 +136,7 @@ function blog_page_user($uid) { ...@@ -143,7 +136,7 @@ function blog_page_user($uid) {
$title = t("%name's blog", array('%name' => $account->name)); $title = t("%name's blog", array('%name' => $account->name));
$output = ''; $output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid); $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1); $output .= node_view(node_load(array('nid' => $node->nid)), 1);
} }
...@@ -162,7 +155,7 @@ function blog_page_last() { ...@@ -162,7 +155,7 @@ function blog_page_last() {
$output = ''; $output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10)); $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1); $output .= node_view(node_load(array('nid' => $node->nid)), 1);
...@@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) { ...@@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) {
} }
else { else {
if (user_access('access content')) { if (user_access('access content')) {
$block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10)); $block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10));
$block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>'; $block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>';
$block['subject'] = t('Recent blog posts'); $block['subject'] = t('Recent blog posts');
} }
......
...@@ -30,22 +30,15 @@ function blog_perm() { ...@@ -30,22 +30,15 @@ function blog_perm() {
function blog_access($op, $node) { function blog_access($op, $node) {
global $user; global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') { if ($op == 'create') {
return user_access('edit own blog') && $user->uid; return user_access('edit own blog') && $user->uid;
} }
if ($op == 'update') { if ($op == 'update' || $op == 'delete') {
return user_access('edit own blog') && ($user->uid == $node->uid); if (user_access('edit own blog') && ($user->uid == $node->uid)) {
} return TRUE;
}
if ($op == 'delete') {
return user_access('edit own blog') && ($user->uid == $node->uid);
} }
} }
/** /**
...@@ -143,7 +136,7 @@ function blog_page_user($uid) { ...@@ -143,7 +136,7 @@ function blog_page_user($uid) {
$title = t("%name's blog", array('%name' => $account->name)); $title = t("%name's blog", array('%name' => $account->name));
$output = ''; $output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid); $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1); $output .= node_view(node_load(array('nid' => $node->nid)), 1);
} }
...@@ -162,7 +155,7 @@ function blog_page_last() { ...@@ -162,7 +155,7 @@ function blog_page_last() {
$output = ''; $output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10)); $result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1); $output .= node_view(node_load(array('nid' => $node->nid)), 1);
...@@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) { ...@@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) {
} }
else { else {
if (user_access('access content')) { if (user_access('access content')) {
$block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10)); $block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10));
$block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>'; $block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>';
$block['subject'] = t('Recent blog posts'); $block['subject'] = t('Recent blog posts');
} }
......
...@@ -371,7 +371,7 @@ function book_prev($node) { ...@@ -371,7 +371,7 @@ function book_prev($node) {
*/ */
function book_next($node) { function book_next($node) {
// get first direct child // get first direct child
$child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid)); $child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
if ($child) { if ($child) {
return $child; return $child;
} }
...@@ -380,7 +380,7 @@ function book_next($node) { ...@@ -380,7 +380,7 @@ function book_next($node) {
array_push($path = book_location($node), $node); // Path to top-level node including this one. array_push($path = book_location($node), $node); // Path to top-level node including this one.
while (($leaf = array_pop($path)) && count($path)) { while (($leaf = array_pop($path)) && count($path)) {
$next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title)); $next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
if ($next) { if ($next) {
return $next; return $next;
} }
...@@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) { ...@@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) {
} }
function book_toc($parent = 0, $indent = '', $toc = array()) { function book_toc($parent = 0, $indent = '', $toc = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title'); $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
if (!$children[$node->parent]) { if (!$children[$node->parent]) {
...@@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) { ...@@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) {
} }
function book_tree($parent = 0, $depth = 3, $unfold = array()) { function book_tree($parent = 0, $depth = 3, $unfold = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title'); $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$list = $children[$node->parent] ? $children[$node->parent] : array(); $list = $children[$node->parent] ? $children[$node->parent] : array();
...@@ -630,7 +630,7 @@ function book_render() { ...@@ -630,7 +630,7 @@ function book_render() {
*/ */
function book_print($nid = 0, $depth = 1) { function book_print($nid = 0, $depth = 1) {
global $base_url; global $base_url;
$result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid); $result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
while ($page = db_fetch_object($result)) { while ($page = db_fetch_object($result)) {
// load the node: // load the node:
...@@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) { ...@@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) {
} }
function book_print_recurse($parent = '', $depth = 1) { function book_print_recurse($parent = '', $depth = 1) {
$result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title"); $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
while ($page = db_fetch_object($result)) { while ($page = db_fetch_object($result)) {
// Load the node: // Load the node:
......
...@@ -371,7 +371,7 @@ function book_prev($node) { ...@@ -371,7 +371,7 @@ function book_prev($node) {
*/ */
function book_next($node) { function book_next($node) {
// get first direct child // get first direct child
$child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid)); $child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
if ($child) { if ($child) {
return $child; return $child;
} }
...@@ -380,7 +380,7 @@ function book_next($node) { ...@@ -380,7 +380,7 @@ function book_next($node) {
array_push($path = book_location($node), $node); // Path to top-level node including this one. array_push($path = book_location($node), $node); // Path to top-level node including this one.
while (($leaf = array_pop($path)) && count($path)) { while (($leaf = array_pop($path)) && count($path)) {
$next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title)); $next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
if ($next) { if ($next) {
return $next; return $next;
} }
...@@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) { ...@@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) {
} }
function book_toc($parent = 0, $indent = '', $toc = array()) { function book_toc($parent = 0, $indent = '', $toc = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title'); $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
if (!$children[$node->parent]) { if (!$children[$node->parent]) {
...@@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) { ...@@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) {
} }
function book_tree($parent = 0, $depth = 3, $unfold = array()) { function book_tree($parent = 0, $depth = 3, $unfold = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title'); $result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$list = $children[$node->parent] ? $children[$node->parent] : array(); $list = $children[$node->parent] ? $children[$node->parent] : array();
...@@ -630,7 +630,7 @@ function book_render() { ...@@ -630,7 +630,7 @@ function book_render() {
*/ */
function book_print($nid = 0, $depth = 1) { function book_print($nid = 0, $depth = 1) {
global $base_url; global $base_url;
$result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid); $result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
while ($page = db_fetch_object($result)) { while ($page = db_fetch_object($result)) {
// load the node: // load the node:
...@@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) { ...@@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) {
} }
function book_print_recurse($parent = '', $depth = 1) { function book_print_recurse($parent = '', $depth = 1) {
$result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title"); $result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
while ($page = db_fetch_object($result)) { while ($page = db_fetch_object($result)) {
// Load the node: // Load the node:
......
This diff is collapsed.
This diff is collapsed.
...@@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) { ...@@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) {
* Generate a page displaying a single node, along with its comments. * Generate a page displaying a single node, along with its comments.
*/ */
function node_show($node, $cid) { function node_show($node, $cid) {
if (node_access('view', $node)) { $output = node_view($node, FALSE, TRUE);
$output = node_view($node, FALSE, TRUE);
if (function_exists('comment_render') && $node->comment) { if (function_exists('comment_render') && $node->comment) {
$output .= comment_render($node, $cid); $output .= comment_render($node, $cid);
}
// Update the history table, stating that this user viewed this node.
node_tag_new($node->nid);
return $output;
}
else {
drupal_set_message(message_access());
}
}
/**
* Determine whether the current user may perform the given operation on the
* specified node.
*/
function node_access($op, $node = NULL) {
if (user_access('administer nodes')) {
return TRUE;
} }
// Convert the node to an object if necessary: // Update the history table, stating that this user viewed this node.
$node = array2object($node); node_tag_new($node->nid);
// Can't use node_invoke(), because the access hook takes the $op parameter return $output;
// before the $node parameter.
return module_invoke(node_get_module_name($node), 'access', $op, $node);
} }
/** /**
...@@ -585,7 +563,7 @@ function node_perm() { ...@@ -585,7 +563,7 @@ function node_perm() {
* created, uid, name, and count. * created, uid, name, and count.
*/ */
function node_search($keys) { function node_search($keys) {
$find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "select s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1")); $find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "SELECT DISTINCT s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1 AND ". node_access_where_sql()));
return array(t('Matching nodes ranked in order of relevance'), $find); return array(t('Matching nodes ranked in order of relevance'), $find);
} }
...@@ -678,7 +656,7 @@ function node_menu() { ...@@ -678,7 +656,7 @@ function node_menu() {
$items[] = array('path' => 'node/'. arg(1), 'title' => t('view'), $items[] = array('path' => 'node/'. arg(1), 'title' => t('view'),
'callback' => 'node_page', 'callback' => 'node_page',
'access' => user_access('access content'), 'access' => node_access('view', $node),
'type' => MENU_CALLBACK); 'type' => MENU_CALLBACK);
$items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'), $items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'),
'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
...@@ -1281,12 +1259,7 @@ function node_edit($id) { ...@@ -1281,12 +1259,7 @@ function node_edit($id) {
drupal_set_title($node->title); drupal_set_title($node->title);