Commit 89b0570d authored by webchick's avatar webchick

#305566 by agentrickard and moshe weitzman: Split 'bypass node access' from 'administer nodes'.

parent 5dde02bb
......@@ -1176,12 +1176,16 @@ function node_perm() {
),
'administer nodes' => array(
'title' => t('Administer nodes'),
'description' => t('Manage all website content, and bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
'description' => t('Manage all information associated with site content, such as author, publication date and current revision. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
),
'access content' => array(
'title' => t('Access content'),
'description' => t('View published content.'),
),
'bypass node access' => array(
'title' => t('Bypass node access'),
'description' => t('View, edit and delete all site content. Users with this permission will bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
),
'view revisions' => array(
'title' => t('View revisions'),
'description' => t('View content revisions.'),
......@@ -2100,7 +2104,7 @@ function node_access($op, $node, $account = NULL) {
return FALSE;
}
if (user_access('administer nodes', $account)) {
if (user_access('bypass node access', $account)) {
return TRUE;
}
......@@ -2157,7 +2161,7 @@ function node_access($op, $node, $account = NULL) {
* An SQL join clause.
*/
function _node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
if (user_access('administer nodes')) {
if (user_access('bypass node access')) {
return '';
}
......@@ -2179,7 +2183,7 @@ function _node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
* An SQL where clause.
*/
function _node_access_where_sql($op = 'view', $node_access_alias = 'na', $account = NULL) {
if (user_access('administer nodes')) {
if (user_access('bypass node access')) {
return;
}
......
......@@ -417,7 +417,7 @@ class PageViewTestCase extends DrupalWebTestCase {
$this->assertResponse(403);
// Create user with permission to edit node.
$web_user = $this->drupalCreateUser(array('administer nodes'));
$web_user = $this->drupalCreateUser(array('bypass node access'));
$this->drupalLogin($web_user);
// Attempt to access edit page.
......
......@@ -3047,6 +3047,29 @@ function system_update_7010() {
return $ret;
}
/**
* Split the 'bypass node access' permission from 'administer nodes'.
*/
function system_update_7011() {
$ret = array();
// Get existing roles that can 'administer nodes'.
$rids = array();
$rids = db_query("SELECT rid FROM {role_permission} WHERE permission = :perm", array(':perm' => 'administer nodes'))->fetchCol();
// None found.
if (empty($rids)) {
return $ret;
}
$insert = db_insert('role_permission')->fields(array('rid', 'permission'));
foreach ($rids as $rid) {
$insert->values(array(
'rid' => $rid,
'permission' => 'bypass node access',
));
}
$insert->execute();
return $ret;
}
/**
* @} End of "defgroup updates-6.x-to-7.x"
* The next series of updates should start at 8000.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment