diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module
index 0b7e5a420841cd296c295bc6c640ab3dcf13e991..b988e637b51e9f23cf3e32e8225aab810e0966b3 100644
--- a/modules/aggregator/aggregator.module
+++ b/modules/aggregator/aggregator.module
@@ -887,7 +887,7 @@ function theme_aggregator_block_item($item, $feed = 0) {
global $user;
$output = '';
- if ($user->uid && module_exists('blog') && user_access('edit own blog')) {
+ if ($user->uid && module_exists('blog') && user_access('create blog entries')) {
if ($image = theme('image', 'misc/blog.png', t('blog it'), t('blog it'))) {
$output .= '<div class="icon">'. l($image, 'node/add/blog', array('attributes' => array('title' => t('Comment on this news item in your personal blog.'), 'class' => 'blog-it'), 'query' => "iid=$item->iid", 'html' => TRUE)) .'</div>';
}
diff --git a/modules/blog/blog.module b/modules/blog/blog.module
index 0f2987781d5ae986a19d329611ec16da1a45ca32..4efb8c291464c209d045c6ccc088b3fd004875b8 100644
--- a/modules/blog/blog.module
+++ b/modules/blog/blog.module
@@ -23,21 +23,21 @@ function blog_node_info() {
* Implementation of hook_perm().
*/
function blog_perm() {
- return array('edit own blog');
+ return array('create blog entries', 'delete own blog entries', 'delete any blog entry', 'edit own blog entries', 'edit any blog entry');
}
/**
* Implementation of hook_access().
*/
function blog_access($op, $node, $account) {
- if ($op == 'create') {
- return user_access('edit own blog', $account) && $account->uid;
- }
-
- if ($op == 'update' || $op == 'delete') {
- if (user_access('edit own blog', $account) && ($node->uid == $account->uid)) {
- return TRUE;
- }
+ switch ($op) {
+ case 'create':
+ // Anonymous users cannot post even if they have the permission.
+ return user_access('create blog entries', $account) && $account->uid;
+ case 'update':
+ return user_access('edit any blog entry', $account) || (user_access('edit own blog entries', $account) && ($node->uid == $account->uid));
+ case 'delete':
+ return user_access('delete any blog entry', $account) || (user_access('delete own blog entries', $account) && ($node->uid == $account->uid));
}
}
@@ -45,7 +45,7 @@ function blog_access($op, $node, $account) {
* Implementation of hook_user().
*/
function blog_user($type, &$edit, &$user) {
- if ($type == 'view' && user_access('edit own blog', $user)) {
+ if ($type == 'view' && user_access('create blog entries', $user)) {
$user->content['summary']['blog'] = array(
'#type' => 'user_profile_item',
'#title' => t('Blog'),
@@ -145,7 +145,7 @@ function blog_menu() {
'page callback' => 'blog_page_user',
'page arguments' => array(1),
'access callback' => 'user_access',
- 'access arguments' => array('edit own blog', 1),
+ 'access arguments' => array('create blog entries', 1),
'file' => 'blog.pages.inc',
);
$items['blog/%user/feed'] = array(
diff --git a/modules/blog/blog.pages.inc b/modules/blog/blog.pages.inc
index 26f13ea905a0ed1e339922fb78c3a7c556edb361..ecbfb6b8c2c357acc88c29a26864f010c9a2b750 100644
--- a/modules/blog/blog.pages.inc
+++ b/modules/blog/blog.pages.inc
@@ -16,7 +16,7 @@ function blog_page_user($account) {
$items = array();
- if (($account->uid == $user->uid) && user_access('edit own blog')) {
+ if (($account->uid == $user->uid) && user_access('create blog entries')) {
$items[] = l(t('Post new blog entry.'), "node/add/blog");
}
else if ($account->uid == $user->uid) {
diff --git a/modules/blogapi/blogapi.install b/modules/blogapi/blogapi.install
new file mode 100644
index 0000000000000000000000000000000000000000..c7cc3e561e30960177cf54e529211d9af8f0a0f6
--- /dev/null
+++ b/modules/blogapi/blogapi.install
@@ -0,0 +1,20 @@
+<?php
+// $Id$
+
+/**
+ * @defgroup updates-5.x-to-6.x Blog API updates from 5.x to 6.x
+ * @{
+ */
+
+/**
+ * Inform users about the new permission.
+ */
+function blogapi_update_6000() {
+ drupal_set_message("Blog API module does not depend on blog module's permissions anymore, but provides its own 'administer content with blog api' permission instead. Until <a href=\"". url('admin/user/permissions', array('fragment' => 'module-blogapi')) .'">this permission is assigned</a> to at least one user role, only the site administrator will be able to use Blog API features.');
+ return array();
+}
+
+/**
+ * @} End of "defgroup updates-5.x-to-6.x"
+ * The next series of updates should start at 7000.
+ */
diff --git a/modules/blogapi/blogapi.module b/modules/blogapi/blogapi.module
index 821c35f9fef9bc0cc8bd4fe1558c8fd5569df425..a4090d4a23b7a79f6e8c21a7941e4e4555476302 100644
--- a/modules/blogapi/blogapi.module
+++ b/modules/blogapi/blogapi.module
@@ -20,6 +20,13 @@ function blogapi_help($path, $arg) {
}
}
+/**
+ * Implementation of hook_perm().
+ */
+function blogapi_perm() {
+ return array('administer content with blog api');
+}
+
/**
* Implementation of hook_xmlrpc().
*/
@@ -508,7 +515,7 @@ function blogapi_validate_user($username, $password) {
$user = user_authenticate(array('name' => $username, 'pass' => $password));
if ($user->uid) {
- if (user_access('edit own blog', $user)) {
+ if (user_access('administer content with blog api', $user)) {
return $user;
}
else {
diff --git a/modules/forum/forum.module b/modules/forum/forum.module
index 13ee02bd8061c1ab6be03775817200b3cc0cc90d..bfee9a9ce079a6762bad53a7ae98ee1207b17ade 100644
--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -305,14 +305,13 @@ function forum_node_info() {
* Implementation of hook_access().
*/
function forum_access($op, $node, $account) {
- if ($op == 'create') {
- return user_access('create forum topics', $account);
- }
-
- if ($op == 'update' || $op == 'delete') {
- if (user_access('edit any forum topic', $account) || (user_access('edit own forum topics', $account) && ($account->uid == $node->uid))) {
- return TRUE;
- }
+ switch ($op) {
+ case 'create':
+ return user_access('create forum topics', $account);
+ case 'update':
+ return user_access('edit any forum topic', $account) || (user_access('edit own forum topics', $account) && ($account->uid == $node->uid));
+ case 'delete':
+ return user_access('delete any forum topic', $account) || (user_access('delete own forum topics', $account) && ($account->uid == $node->uid));
}
}
@@ -320,7 +319,7 @@ function forum_access($op, $node, $account) {
* Implementation of hook_perm().
*/
function forum_perm() {
- return array('create forum topics', 'edit own forum topics', 'edit any forum topic', 'administer forums');
+ return array('create forum topics', 'delete own forum topics', 'delete any forum topic', 'edit own forum topics', 'edit any forum topic', 'administer forums');
}
/**
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index faafd5df299efc553bd5830ea28180aba765b80a..cd56777cf9825bc3a1745222ebdd0ba63ef2f450 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -54,7 +54,7 @@ function poll_theme() {
* Implementation of hook_perm().
*/
function poll_perm() {
- return array('create poll content', 'edit any poll content', 'edit own poll content', 'vote on polls', 'cancel own vote', 'inspect all votes');
+ return array('create poll content', 'delete own poll content', 'delete any poll content', 'edit any poll content', 'edit own poll content', 'vote on polls', 'cancel own vote', 'inspect all votes');
}
/**
@@ -66,6 +66,8 @@ function poll_access($op, $node, $account) {
return user_access('create poll content', $account);
case 'update':
return user_access('edit any poll content', $account) || (user_access('edit own poll content', $account) && ($node->uid == $account->uid));
+ case 'delete':
+ return user_access('delete any poll content', $account) || (user_access('delete own poll content', $account) && ($node->uid == $account->uid));
}
}
diff --git a/modules/system/system.install b/modules/system/system.install
index 0727026676814fa1852a620e18b85cd9405f526a..ecb0e401ecd1a3016123e338141551d91e6daed4 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -2414,6 +2414,40 @@ function system_update_6044() {
return $ret;
}
+/**
+ * Update blog, book and locale module permissions.
+ *
+ * Blog module got "edit own blog" replaced with the more granular "create
+ * blog entries", "edit own blog entries" and "delete own blog entries"
+ * permissions. We grant create and edit to previously privileged users, but
+ * delete is not granted to be in line with other permission changes in Drupal 6.
+ *
+ * Book module's "edit book pages" was upgraded to the bogus "edit book content"
+ * in Drupal 6 RC1 instead of "edit any book content", which would be correct.
+ *
+ * Locale module introduced "administer languages" and "translate interface"
+ * in place of "administer locales".
+ *
+ * Modeled after system_update_6039().
+ */
+function system_update_6045() {
+ $ret = array();
+ $result = db_query("SELECT rid, perm FROM {permission} ORDER BY rid");
+ while ($role = db_fetch_object($result)) {
+ $renamed_permission = preg_replace('/(?<=^|,\ )edit\ own\ blog(?=,|$)/', 'create blog entries, edit own blog entries', $role->perm);
+ $renamed_permission = preg_replace('/(?<=^|,\ )edit\ book\ content(?=,|$)/', 'edit any book content', $renamed_permission);
+ $renamed_permission = preg_replace('/(?<=^|,\ )administer\ locales(?=,|$)/', 'administer languages, translate interface', $renamed_permission);
+ if ($renamed_permission != $role->perm) {
+ $ret[] = update_sql("UPDATE {permission} SET perm = '$renamed_permission' WHERE rid = $role->rid");
+ }
+ }
+
+ // Notify user that delete permissions may have been changed. This was in
+ // effect since system_update_6039(), but there was no user notice.
+ drupal_set_message('Drupal now has separate edit and delete permissions. Previously, users who were able to edit content were automatically allowed to delete it. For added security, delete permissions for individual core content types have been <strong>removed</strong> from all roles on your site (only roles with the "administer nodes" permission can now delete these types of content). If you would like to reenable any individual delete permissions, you can do this at the <a href="'. url('admin/user/permissions', array('fragment' => 'module-node')) .'">permissions page</a>.');
+ return $ret;
+}
+
/**
* @} End of "defgroup updates-5.x-to-6.x"
* The next series of updates should start at 7000.