Commit 7c34f8f4 authored by Dries's avatar Dries

- Added a brand-new access.module which allows you to manage 'roles'

  (groups) and 'permissions' ... (inspired by Zope's system).

    + Once installed, click the help-link for more information.

    + See updates/2.00-to-x.xx.sql for the SQL updates.

- Modified loads of code to use our new access.module.  The system
  still has to mature though: new permissions have to be added and
  existing permissions need stream-lining.  Awaiting suggestions.

- As a direct result of the new access system, I had to rewrite the
  way the top-level links in admin.php are rendered and displayed,
  and xhtml-ified admin.php while I was at it.

TODO

- Home-brewed modules need updating, home-brewed themes not.
  (Examples: file.module, trip_link.module)

- As soon we *finished* the refactoring of the user system (KJ has
  been working on this refactoring already) we should consider to
  embed this role and permission code into account.module ...
parent 72065fb8
<?php
function access_help() {
?>
<H3>Roles</H3>
<P>Users have roles that define what kinds of actions they can take. Roles define classes of users such as <I>anonymous user</I>, <I>authenticated user</I>, <I>moderator</I>, <I>administrator</I> and so on. Every user can have one role.</P>
<P>Roles make it easier for you to manage security. Instead of defining what every single user can do, you can simply set a couple different permissions for different user roles.</P>
<P>Drupal comes with three built-in roles:</P>
<UL>
<LI>Anonymous user: this role is used for users that don't have a user account or that are not authenticated.</LI>
<LI>Registered user: this role is assigned automatically to authenticated users. Most users will belong to this user role unless specified otherwise.</LI>
</UL>
<P>For basic Drupal sites you can get by with <I>anonymous user</I> and <I>authenticated user</I> but for more complex sites where you want other users to be able to perform maintainance or administrative duties, you may want to create your own roles to classify your users into different groups.</P>
<H3>Permissions</H3>
<P>Each Drupal's permission describes a fine-grained logical operation such as <I>access administration pages</I> or <I>add and modify user accounts</I>. You could say a permission represents access granted to a user to perform a set of operations.</P>
<H3>Access control</H3>
<P>Roles tie users to permissions. The combination of roles and permissions represent a way to tie user authorization to the performance of actions, which is how Drupal can determine what users can do.</P>
<?php
}
function access_perm() {
return array("access administration pages", "view content", "search content", "post content", "edit roles and permissions");
}
function access_get_role($rid) {
return db_fetch_array(db_query("SELECT * FROM role WHERE rid = '". check_input($rid) ."'"));
}
function access_get_roles() {
$result = db_query("SELECT * FROM role ORDER BY name");
while ($role = db_fetch_object($result)) {
$roles[$role->name] = $role->name;
}
return $roles;
}
function access_role_form($edit = array()) {
global $REQUEST_URI;
$form .= form_textfield("Role name", "name", $edit[name], 50, 64, "The name for this role. Example: 'moderator', 'editorial board', 'site architect'.");
$form .= form_submit("Submit");
if ($edit[rid]) {
$form .= form_submit(t("Delete"));
$form .= form_hidden("rid", $edit[rid]);
}
return form($REQUEST_URI, $form);
}
function access_role_save($edit) {
if ($edit[rid] && $edit[name]) {
db_query("UPDATE role SET name = '". check_input($edit[name]) ."' WHERE rid = '$edit[rid]'");
}
else if ($edit[rid]) {
db_query("DELETE FROM role WHERE rid = '". check_input($edit[rid]) ."'");
}
else {
db_query("INSERT INTO role (name) VALUES ('". check_input($edit[name]) ."')");
}
}
function access_role_view() {
$result = db_query("SELECT * FROM role ORDER BY name");
$output .= "<TABLE BORDER=\"1\" CELLSPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR><TH>name</TH><TH>operations</TH></TR>\n";
while ($role = db_fetch_object($result)) {
$output .= "<TR><TD>". check_output($role->name) ."</TD><TD><A HREF=\"admin.php?mod=access&op=edit&id=$role->rid\">edit role</A></TD></TR>\n";
}
$output .= "</TABLE>\n";
return $output;
}
function access_perm_form() {
global $REQUEST_URI;
// Compile permission array:
foreach (module_list() as $name) {
if (module_hook($name, "perm")) {
$perms = array_merge($perms, module_invoke($name, "perm"));
}
}
asort($perms);
// Compile role array:
$result = db_query("SELECT * FROM role ORDER BY name");
while ($role = db_fetch_object($result)) $roles[$role->name] = $role->perm;
// Render roles / permission table:
$output .= "<TABLE BORDER=\"1\" CELLSPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR><TH>&nbsp;</TH><TH>". implode("</TH><TH>", array_keys($roles)) ."</TH></TR>\n";
foreach ($perms as $perm) {
$output .= " <TR>\n";
$output .= " <TD>". check_output($perm) ."</TD>\n";
foreach ($roles as $name => $value) {
$output .= " <TD ALIGN=\"center\"><INPUT TYPE=\"checkbox\" NAME=\"edit[$name][$perm]\"". (strstr($value, $perm) ? " CHECKED" : "") ."></TD>\n";
}
$output .= " </TR>\n";
}
$output .= "</TABLE>\n";
$output .= form_submit("Save permissions");
return form($REQUEST_URI, $output);
}
function access_perm_save($edit) {
$result = db_query("SELECT * FROM role");
while ($role = db_fetch_object($result)) {
$perm = $edit[$role->name] ? implode(", ", array_keys($edit[$role->name])) : "";
db_query("UPDATE role SET perm = '$perm' WHERE name = '$role->name'");
}
return "permissions have been saved.";
}
function access_default() {
$role = db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user'"));
if (!$role) db_query("INSERT INTO role (name) VALUES ('anonymous user')");
$role = db_fetch_object(db_query("SELECT * FROM role WHERE name = 'authenticated user'"));
if (!$role) db_query("INSERT INTO role (name) VALUES ('authenticated user')");
}
function access_admin() {
global $user, $edit, $op, $id;
if (user_access($user, "edit roles and permissions")) {
print "<SMALL><A HREF=\"admin.php?mod=access&op=add\">add new role</A> | <A HREF=\"admin.php?mod=access&op=role\">role overview</A> | <A HREF=\"admin.php?mod=access&op=perm\">permission overview</A> | <A HREF=\"admin.php?mod=access&op=help\">help</A></SMALL><HR>\n";
access_default();
switch ($op) {
case "add":
print access_role_form();
break;
case "edit":
print access_role_form(access_get_role($id));
break;
case "help":
print access_help();
break;
case "Delete":
$edit[name] = 0;
// fall through:
case "Submit":
print status(access_role_save($edit));
// fall through:
case "role":
print access_role_view();
break;
case "Save permissions":
print status(access_perm_save($edit));
// fall through:
default:
print access_perm_form();
}
}
else {
print message_access();
}
}
?>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment