Commit 21576021 authored by Dries's avatar Dries
Browse files

- Patch #249546 by pwolanin: rip menu access inheritance -- was already committed to D6.

parent 63406e52
......@@ -2275,9 +2275,10 @@ function _menu_router_build($callbacks) {
if (!isset($item['tab_root']) && !$parent['_tab']) {
$item['tab_root'] = $parent_path;
}
// If a callback is not found, we try to find the first parent that
// has a callback.
if (!isset($item['access callback']) && isset($parent['access callback'])) {
// If an access callback is not found for a default local task we use
// the callback from the parent, since we expect them to be identical.
// In all other cases, the access parameters must be specified.
if (($item['type'] == MENU_DEFAULT_LOCAL_TASK) && !isset($item['access callback']) && isset($parent['access callback'])) {
$item['access callback'] = $parent['access callback'];
if (!isset($item['access arguments']) && isset($parent['access arguments'])) {
$item['access arguments'] = $parent['access arguments'];
......
......@@ -201,6 +201,7 @@ function aggregator_menu() {
$items['aggregator/sources/%aggregator_feed'] = array(
'page callback' => 'aggregator_page_source',
'page arguments' => array(2),
'access arguments' => array('access news feeds'),
'type' => MENU_CALLBACK,
'file' => 'aggregator.pages.inc',
);
......
......@@ -130,6 +130,7 @@ function block_menu() {
$items['admin/build/block/list/js'] = array(
'title' => 'JavaScript List Form',
'page callback' => 'block_admin_display_js',
'access arguments' => array('administer blocks'),
'type' => MENU_CALLBACK,
'file' => 'block.admin.inc',
);
......@@ -137,6 +138,7 @@ function block_menu() {
'title' => 'Configure block',
'page callback' => 'drupal_get_form',
'page arguments' => array('block_admin_configure'),
'access arguments' => array('administer blocks'),
'type' => MENU_CALLBACK,
'file' => 'block.admin.inc',
);
......@@ -144,6 +146,7 @@ function block_menu() {
'title' => 'Delete block',
'page callback' => 'drupal_get_form',
'page arguments' => array('block_box_delete'),
'access arguments' => array('administer blocks'),
'type' => MENU_CALLBACK,
'file' => 'block.admin.inc',
);
......@@ -151,6 +154,7 @@ function block_menu() {
'title' => 'Add block',
'page callback' => 'drupal_get_form',
'page arguments' => array('block_add_block_form'),
'access arguments' => array('administer blocks'),
'type' => MENU_LOCAL_TASK,
'file' => 'block.admin.inc',
);
......
......@@ -140,19 +140,20 @@ function blog_menu() {
'type' => MENU_SUGGESTED_ITEM,
'file' => 'blog.pages.inc',
);
$items['blog/%user_current'] = array(
$items['blog/%user_uid_optional'] = array(
'title' => 'My blog',
'page callback' => 'blog_page_user',
'page arguments' => array(1),
'access callback' => 'user_access',
'access arguments' => array('create blog content', 1),
'access callback' => 'blog_page_user_access',
'access arguments' => array(1),
'file' => 'blog.pages.inc',
);
$items['blog/%user/feed'] = array(
'title' => 'Blogs',
'page callback' => 'blog_feed_user',
'page arguments' => array(1),
'access arguments' => array('access content'),
'access callback' => 'blog_page_user_access',
'access arguments' => array(1),
'type' => MENU_CALLBACK,
'file' => 'blog.pages.inc',
);
......@@ -167,6 +168,23 @@ function blog_menu() {
return $items;
}
/**
* Access callback for user blog pages.
*/
function blog_page_user_access($account) {
// The visitor must be able to access the site's content.
// For a blog to 'exist' the user must either be able to
// create new blog entries, or it must have existing posts.
return $account->uid && user_access('access content') && (user_access('create blog entries', $account) || _blog_post_exists($account));
}
/**
* Helper function to determine if a user has blog posts already.
*/
function _blog_post_exists($account) {
return (bool)db_result(db_query_range(db_rewrite_sql("SELECT 1 FROM {node} n WHERE n.type = 'blog' AND n.uid = %d AND n.status = 1"), $account->uid, 0, 1));
}
/**
* Implementation of hook_block().
*
......
......@@ -188,6 +188,7 @@ function comment_menu() {
$items['admin/content/comment/approval'] = array(
'title' => 'Approval queue',
'page arguments' => array('approval'),
'access arguments' => array('administer comments'),
'type' => MENU_LOCAL_TASK,
'file' => 'comment.admin.inc',
);
......
......@@ -63,6 +63,7 @@ function contact_menu() {
'title' => 'Add category',
'page callback' => 'drupal_get_form',
'page arguments' => array('contact_admin_edit', 3),
'access arguments' => array('administer site-wide contact form'),
'type' => MENU_LOCAL_TASK,
'weight' => 1,
'file' => 'contact.admin.inc',
......@@ -71,6 +72,7 @@ function contact_menu() {
'title' => 'Edit contact category',
'page callback' => 'drupal_get_form',
'page arguments' => array('contact_admin_edit', 3, 4),
'access arguments' => array('administer site-wide contact form'),
'type' => MENU_CALLBACK,
'file' => 'contact.admin.inc',
);
......@@ -78,6 +80,7 @@ function contact_menu() {
'title' => 'Delete contact',
'page callback' => 'drupal_get_form',
'page arguments' => array('contact_admin_delete', 4),
'access arguments' => array('administer site-wide contact form'),
'type' => MENU_CALLBACK,
'file' => 'contact.admin.inc',
);
......@@ -85,6 +88,7 @@ function contact_menu() {
'title' => 'Settings',
'page callback' => 'drupal_get_form',
'page arguments' => array('contact_admin_settings'),
'access arguments' => array('administer site-wide contact form'),
'type' => MENU_LOCAL_TASK,
'weight' => 2,
'file' => 'contact.admin.inc',
......
......@@ -47,6 +47,7 @@ function dblog_menu() {
'description' => 'Settings for logging to the Drupal database logs. This is the most common method for small to medium sites on shared hosting. The logs are viewable from the admin pages.',
'page callback' => 'drupal_get_form',
'page arguments' => array('dblog_admin_settings'),
'access arguments' => array('administer site configuration'),
'file' => 'dblog.admin.inc',
);
......@@ -54,6 +55,7 @@ function dblog_menu() {
'title' => 'Recent log entries',
'description' => 'View events that have recently been logged.',
'page callback' => 'dblog_overview',
'access arguments' => array('access site reports'),
'weight' => -1,
'file' => 'dblog.admin.inc',
);
......@@ -62,6 +64,7 @@ function dblog_menu() {
'description' => "View 'page not found' errors (404s).",
'page callback' => 'dblog_top',
'page arguments' => array('page not found'),
'access arguments' => array('access site reports'),
'file' => 'dblog.admin.inc',
);
$items['admin/reports/access-denied'] = array(
......@@ -69,12 +72,14 @@ function dblog_menu() {
'description' => "View 'access denied' errors (403s).",
'page callback' => 'dblog_top',
'page arguments' => array('access denied'),
'access arguments' => array('access site reports'),
'file' => 'dblog.admin.inc',
);
$items['admin/reports/event/%'] = array(
'title' => 'Details',
'page callback' => 'dblog_event',
'page arguments' => array(3),
'access arguments' => array('access site reports'),
'type' => MENU_CALLBACK,
'file' => 'dblog.admin.inc',
);
......
......@@ -82,6 +82,7 @@ function filter_menu() {
$items['admin/settings/filters/add'] = array(
'title' => 'Add input format',
'page callback' => 'filter_admin_format_page',
'access arguments' => array('administer filters'),
'type' => MENU_LOCAL_TASK,
'weight' => 1,
'file' => 'filter.admin.inc',
......@@ -90,6 +91,7 @@ function filter_menu() {
'title' => 'Delete input format',
'page callback' => 'drupal_get_form',
'page arguments' => array('filter_admin_delete'),
'access arguments' => array('administer filters'),
'type' => MENU_CALLBACK,
'file' => 'filter.admin.inc',
);
......@@ -120,6 +122,7 @@ function filter_menu() {
'title' => 'Configure',
'page callback' => 'filter_admin_configure_page',
'page arguments' => array(3),
'access arguments' => array('administer filters'),
'type' => MENU_LOCAL_TASK,
'weight' => 1,
'file' => 'filter.admin.inc',
......@@ -128,6 +131,7 @@ function filter_menu() {
'title' => 'Rearrange',
'page callback' => 'filter_admin_order_page',
'page arguments' => array(3),
'access arguments' => array('administer filters'),
'type' => MENU_LOCAL_TASK,
'weight' => 2,
'file' => 'filter.admin.inc',
......
......@@ -106,6 +106,7 @@ function forum_menu() {
'title' => 'Add container',
'page callback' => 'forum_form_main',
'page arguments' => array('container'),
'access arguments' => array('administer forums'),
'type' => MENU_LOCAL_TASK,
'parent' => 'admin/content/forum',
'file' => 'forum.admin.inc',
......@@ -114,6 +115,7 @@ function forum_menu() {
'title' => 'Add forum',
'page callback' => 'forum_form_main',
'page arguments' => array('forum'),
'access arguments' => array('administer forums'),
'type' => MENU_LOCAL_TASK,
'parent' => 'admin/content/forum',
'file' => 'forum.admin.inc',
......@@ -122,6 +124,7 @@ function forum_menu() {
'title' => 'Settings',
'page callback' => 'drupal_get_form',
'page arguments' => array('forum_admin_settings'),
'access arguments' => array('administer forums'),
'weight' => 5,
'type' => MENU_LOCAL_TASK,
'parent' => 'admin/content/forum',
......@@ -129,6 +132,7 @@ function forum_menu() {
);
$items['admin/content/forum/edit/%forum_term'] = array(
'page callback' => 'forum_form_main',
'access arguments' => array('administer forums'),
'type' => MENU_CALLBACK,
'file' => 'forum.admin.inc',
);
......@@ -136,6 +140,7 @@ function forum_menu() {
'title' => 'Edit container',
'page callback' => 'forum_form_main',
'page arguments' => array('container', 5),
'access arguments' => array('administer forums'),
'type' => MENU_CALLBACK,
'file' => 'forum.admin.inc',
);
......@@ -143,6 +148,7 @@ function forum_menu() {
'title' => 'Edit forum',
'page callback' => 'forum_form_main',
'page arguments' => array('forum', 5),
'access arguments' => array('administer forums'),
'type' => MENU_CALLBACK,
'file' => 'forum.admin.inc',
);
......
......@@ -99,6 +99,7 @@ function locale_menu() {
'title' => 'Add language',
'page callback' => 'locale_inc_callback',
'page arguments' => array('locale_languages_add_screen'), // two forms concatenated
'access arguments' => array('administer languages'),
'weight' => 5,
'type' => MENU_LOCAL_TASK,
);
......@@ -106,6 +107,7 @@ function locale_menu() {
'title' => 'Configure',
'page callback' => 'locale_inc_callback',
'page arguments' => array('drupal_get_form', 'locale_languages_configure_form'),
'access arguments' => array('administer languages'),
'weight' => 10,
'type' => MENU_LOCAL_TASK,
);
......@@ -113,12 +115,14 @@ function locale_menu() {
'title' => 'Edit language',
'page callback' => 'locale_inc_callback',
'page arguments' => array('drupal_get_form', 'locale_languages_edit_form', 4),
'access arguments' => array('administer languages'),
'type' => MENU_CALLBACK,
);
$items['admin/settings/language/delete/%'] = array(
'title' => 'Confirm',
'page callback' => 'locale_inc_callback',
'page arguments' => array('drupal_get_form', 'locale_languages_delete_form', 4),
'access arguments' => array('administer languages'),
'type' => MENU_CALLBACK,
);
......@@ -141,11 +145,13 @@ function locale_menu() {
'type' => MENU_LOCAL_TASK,
'page callback' => 'locale_inc_callback',
'page arguments' => array('locale_translate_seek_screen'), // search results and form concatenated
'access arguments' => array('translate interface'),
);
$items['admin/build/translate/import'] = array(
'title' => 'Import',
'page callback' => 'locale_inc_callback',
'page arguments' => array('drupal_get_form', 'locale_translate_import_form'),
'access arguments' => array('translate interface'),
'weight' => 20,
'type' => MENU_LOCAL_TASK,
);
......@@ -153,6 +159,7 @@ function locale_menu() {
'title' => 'Export',
'page callback' => 'locale_inc_callback',
'page arguments' => array('locale_translate_export_screen'), // possibly multiple forms concatenated
'access arguments' => array('translate interface'),
'weight' => 30,
'type' => MENU_LOCAL_TASK,
);
......@@ -160,12 +167,14 @@ function locale_menu() {
'title' => 'Edit string',
'page callback' => 'locale_inc_callback',
'page arguments' => array('drupal_get_form', 'locale_translate_edit_form', 4),
'access arguments' => array('translate interface'),
'type' => MENU_CALLBACK,
);
$items['admin/build/translate/delete/%'] = array(
'title' => 'Delete string',
'page callback' => 'locale_inc_callback',
'page arguments' => array('locale_translate_delete', 4), // directly deletes, no confirmation
'access arguments' => array('translate interface'),
'type' => MENU_CALLBACK,
);
......
......@@ -65,6 +65,7 @@ function menu_menu() {
'title' => 'Add menu',
'page callback' => 'drupal_get_form',
'page arguments' => array('menu_edit_menu', 'add'),
'access arguments' => array('administer menu'),
'type' => MENU_LOCAL_TASK,
'file' => 'menu.admin.inc',
);
......@@ -72,6 +73,7 @@ function menu_menu() {
'title' => 'Settings',
'page callback' => 'drupal_get_form',
'page arguments' => array('menu_configure'),
'access arguments' => array('administer menu'),
'type' => MENU_LOCAL_TASK,
'weight' => 5,
'file' => 'menu.admin.inc',
......@@ -96,6 +98,7 @@ function menu_menu() {
'title' => 'Add item',
'page callback' => 'drupal_get_form',
'page arguments' => array('menu_edit_item', 'add', NULL, 3),
'access arguments' => array('administer menu'),
'type' => MENU_LOCAL_TASK,
'file' => 'menu.admin.inc',
);
......@@ -103,6 +106,7 @@ function menu_menu() {
'title' => 'Edit menu',
'page callback' => 'drupal_get_form',
'page arguments' => array('menu_edit_menu', 'edit', 3),
'access arguments' => array('administer menu'),
'type' => MENU_LOCAL_TASK,
'file' => 'menu.admin.inc',
);
......@@ -110,6 +114,7 @@ function menu_menu() {
'title' => 'Delete menu',
'page callback' => 'menu_delete_menu_page',
'page arguments' => array(3),
'access arguments' => array('administer menu'),
'type' => MENU_CALLBACK,
'file' => 'menu.admin.inc',
);
......@@ -117,6 +122,7 @@ function menu_menu() {
'title' => 'Edit menu item',
'page callback' => 'drupal_get_form',
'page arguments' => array('menu_edit_item', 'edit', 4, NULL),
'access arguments' => array('administer menu'),
'type' => MENU_CALLBACK,
'file' => 'menu.admin.inc',
);
......@@ -124,6 +130,7 @@ function menu_menu() {
'title' => 'Reset menu item',
'page callback' => 'drupal_get_form',
'page arguments' => array('menu_reset_item_confirm', 4),
'access arguments' => array('administer menu'),
'type' => MENU_CALLBACK,
'file' => 'menu.admin.inc',
);
......@@ -131,6 +138,7 @@ function menu_menu() {
'title' => 'Delete menu item',
'page callback' => 'menu_item_delete_page',
'page arguments' => array(4),
'access arguments' => array('administer menu'),
'type' => MENU_CALLBACK,
'file' => 'menu.admin.inc',
);
......
......@@ -1459,6 +1459,7 @@ function node_menu() {
'title' => 'Add content type',
'page callback' => 'drupal_get_form',
'page arguments' => array('node_type_form'),
'access arguments' => array('administer content types'),
'file' => 'content_types.inc',
'type' => MENU_LOCAL_TASK,
);
......@@ -1497,6 +1498,7 @@ function node_menu() {
'title' => $type->name,
'page callback' => 'drupal_get_form',
'page arguments' => array('node_type_form', $type),
'access arguments' => array('administer content types'),
'file' => 'content_types.inc',
'type' => MENU_CALLBACK,
);
......@@ -1507,6 +1509,7 @@ function node_menu() {
$items['admin/content/node-type/' . $type_url_str . '/delete'] = array(
'title' => 'Delete',
'page arguments' => array('node_type_delete_confirm', $type),
'access arguments' => array('administer content types'),
'file' => 'content_types.inc',
'type' => MENU_CALLBACK,
);
......@@ -1557,6 +1560,8 @@ function node_menu() {
'load arguments' => array(3),
'page callback' => 'node_show',
'page arguments' => array(1, NULL, TRUE),
'access callback' => '_node_revision_access',
'access arguments' => array(1),
'type' => MENU_CALLBACK,
);
$items['node/%node/revisions/%/revert'] = array(
......
......@@ -30,6 +30,8 @@ function openid_menu() {
'title' => 'Delete OpenID',
'page callback' => 'openid_user_delete',
'page arguments' => array(1),
'access callback' => 'user_edit_access',
'access arguments' => array(1),
'type' => MENU_CALLBACK,
'file' => 'openid.pages.inc',
);
......
......@@ -43,6 +43,7 @@ function path_menu() {
$items['admin/build/path/edit'] = array(
'title' => 'Edit alias',
'page callback' => 'path_admin_edit',
'access arguments' => array('administer url aliases'),
'type' => MENU_CALLBACK,
'file' => 'path.admin.inc',
);
......@@ -50,6 +51,7 @@ function path_menu() {
'title' => 'Delete alias',
'page callback' => 'drupal_get_form',
'page arguments' => array('path_admin_delete_confirm'),
'access arguments' => array('administer url aliases'),
'type' => MENU_CALLBACK,
'file' => 'path.admin.inc',
);
......
......@@ -95,12 +95,14 @@ function profile_menu() {
'title' => 'Add field',
'page callback' => 'drupal_get_form',
'page arguments' => array('profile_field_form'),
'access arguments' => array('administer users'),
'type' => MENU_CALLBACK,
'file' => 'profile.admin.inc',
);
$items['admin/user/profile/autocomplete'] = array(
'title' => 'Profile category autocomplete',
'page callback' => 'profile_admin_settings_autocomplete',
'access arguments' => array('administer users'),
'type' => MENU_CALLBACK,
'file' => 'profile.admin.inc',
);
......@@ -108,6 +110,7 @@ function profile_menu() {
'title' => 'Edit field',
'page callback' => 'drupal_get_form',
'page arguments' => array('profile_field_form'),
'access arguments' => array('administer users'),
'type' => MENU_CALLBACK,
'file' => 'profile.admin.inc',
);
......@@ -115,6 +118,7 @@ function profile_menu() {
'title' => 'Delete field',
'page callback' => 'drupal_get_form',
'page arguments' => array('profile_field_delete'),
'access arguments' => array('administer users'),
'type' => MENU_CALLBACK,
'file' => 'profile.admin.inc',
);
......@@ -454,7 +458,7 @@ function profile_categories() {
'title' => $category->category,
'weight' => 3,
'access callback' => 'profile_category_access',
'access arguments' => array($category->category)
'access arguments' => array(1, $category->category)
);
}
return $data;
......@@ -463,12 +467,12 @@ function profile_categories() {
/**
* Menu item access callback - check if a user has access to a profile category.
*/
function profile_category_access($category) {
if (user_access('administer users')) {
function profile_category_access($account, $category) {
if (user_access('administer users') && $account->uid > 0) {
return TRUE;
}
else {
return db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN));
return user_edit_access($account) && db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN));
}
}
......
......@@ -198,6 +198,7 @@ function search_menu() {
'description' => 'View most popular search phrases.',
'page callback' => 'dblog_top',
'page arguments' => array('search'),
'access arguments' => array('access site reports'),
'file' => 'dblog.admin.inc',
'file path' => drupal_get_path('module', 'dblog'),
);
......
......@@ -12,7 +12,7 @@ class SimpleTestCase {
var $_reporter;
var $_observers;
var $_should_skip = false;
/**
* Sets up the test with no display.
* @param string $label If no test name is given then
......@@ -24,7 +24,7 @@ function SimpleTestCase($label = false) {
$this->_label = $label;
}
}
/**
* Accessor for the test name for subclasses.
* @return string Name of the test.
......@@ -33,7 +33,7 @@ function SimpleTestCase($label = false) {
function getLabel() {
return $this->_label ? $this->_label : get_class($this);
}
/**
* This is a placeholder for skipping tests. In this
* method you place skipIf() and skipUnless() calls to
......@@ -41,12 +41,12 @@ function getLabel() {
* @access public
*/
function skip() {}
/**
* Will issue a message to the reporter and tell the test
* case to skip if the incoming flag is true.
* @param string $should_skip Condition causing the tests to be skipped.
* @param string $message Text of skip condition.
* @param string $message Text of skip condition.
* @access public
*/
function skipIf($should_skip, $message = '%s') {
......@@ -56,18 +56,18 @@ function skipIf($should_skip, $message = '%s') {
$this->_reporter->paintSkip($message . $this->getAssertionLine());
}
}
/**
* Will issue a message to the reporter and tell the test
* case to skip if the incoming flag is false.
* @param string $shouldnt_skip Condition causing the tests to be run.
* @param string $message Text of skip condition.
* @param string $message Text of skip condition.
* @access public
*/
function skipUnless($shouldnt_skip, $message = false) {
$this->skipIf(!$shouldnt_skip, $message);
}
/**
* Used to invoke the single tests.
* @return SimpleInvoker Individual test runner.
......@@ -80,7 +80,7 @@ function & createInvoker() {
}
return $invoker;
}
/**
* Uses reflection to run every method within itself
* starting with the string "test" unless a method
......@@ -117,7 +117,7 @@ function run(&$reporter) {
unset($this->_reporter);
return $reporter->getStatus();
}
/**
* Gets a list of test names. Normally that will
* be all internal methods that start with the
......@@ -135,7 +135,7 @@ function getTests() {
}
return $methods;
}
/**
* Tests to see if the method is a test that should
* be run. Currently any method that starts with 'test'
......@@ -150,7 +150,7 @@ function _isTest($method) {
}
return false;
}
/**
* Announces the start of the test.
* @param string $method Test method just started.
......@@ -160,7 +160,7 @@ function before($method) {
$this->_reporter->paintMethodStart($method);
$this->_observers = array();
}
/**
* Sets up unit test wide variables at the start
* of each test method. To be overridden in
......@@ -168,14 +168,14 @@ function before($method) {
* @access public
*/
function setUp() {}
/**
* Clears the data set in the setUp() method call.
* To be overridden by the user in actual user test cases.
* @access public
*/
function tearDown() {}
/**
* Announces the end of the test. Includes private clean up.
* @param string $method Test method just finished.
......@@ -187,7 +187,7 @@ function after($method) {
}
$this->_reporter->paintMethodEnd($method);
}