- Rewrote role management, splitting the table in two. There are no

improvements right now, but this patch will help me adding support for taxonomy-based permissions. Contributed by Marco.

- Rewrote role management, splitting the table in two. There are no
improvements right now, but this patch will help me adding support for taxonomy-based permissions. Contributed by Marco.
ae263bf6 · Dries Buytaert · 2749c6f0 · ae263bf6 · ae263bf6 · ae263bf6
Commit ae263bf6 authored Apr 28, 2002 by Dries Buytaert
--- a/modules/user.module
+++ b/modules/user.module
@@ -69,7 +69,7 @@ function user_load($array = array()) {
      $query .= "u.$key = '". addslashes($value) ."' AND ";
    }
  }
-  $result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE $query u.status < 3 LIMIT 1");
+  $result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");

  $user = db_fetch_object($result);
  if ($data = unserialize($user->data)) {
@@ -220,10 +220,10 @@ function user_access($string) {

  if (!$perm) {
    if ($user->uid) {
-      $perm = db_result(db_query("SELECT perm FROM role WHERE name = '$user->role'"), 0);
+      $perm = db_result(db_query("SELECT perm FROM role r, permission p WHERE r.rid = p.rid AND name = '$user->role'"), 0);
    }
    else {
-      $perm = db_result(db_query("SELECT perm FROM role WHERE name = 'anonymous user'"), 0);
+      $perm = db_result(db_query("SELECT perm FROM role r, permission p WHERE r.rid = p.rid AND name = 'anonymous user'"), 0);
    }
  }

@@ -716,7 +716,7 @@ function user_login($edit = array()) {
          if (module_invoke($module, "auth", $name, $pass, $server)) {
            if (variable_get("user_register", 1) == 1 && !user_load(array("name" => "$name@$server"))) { //register this new user
              watchdog("user", "new user: $name@$server ($module ID)");
-              $user = user_save("", array("name" => "$name@$server", "pass" => user_password(), "init" => "$name@$server", "role" => "authenticated user", "status" => 1, "authname_$module" => "$name@$server"));
+              $user = user_save("", array("name" => "$name@$server", "pass" => user_password(), "init" => "$name@$server", "rid" => _user_authenticated_id(), "status" => 1, "authname_$module" => "$name@$server"));
              break;
            }
          }
@@ -788,6 +788,10 @@ function user_login($edit = array()) {
  return form($output);
 }

+function _user_authenticated_id() {
+  return db_result(db_query("SELECT rid FROM role WHERE name = 'authenticated user'"));
+}
+
 function user_logout() {
  global $user;

@@ -929,10 +933,10 @@ function user_register($edit = array()) {

    // create new user account, noting whether administrator approval is required
    if (variable_get("user_register", 1) == 1) {
-      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "role" => "authenticated user", "status" => 1), $data));
+      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "status" => 1), $data));
    }
    else {
-      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "role" => "authenticated user", "status" => 0), $data));
+      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "status" => 0), $data));
    }

    $variables = array("%username" => $edit["name"], "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => path_uri(), "%uri_brief" => $HTTP_HOST, "%mailto" => $edit["mail"]);
@@ -1265,7 +1269,7 @@ function user_admin_create($edit = array()) {

    watchdog("user", "new user: '". $edit["name"] ."' &lt;". $edit["mail"] ."&gt;");

-    user_save("", array("name" => $edit["name"], "pass" => $edit["pass"], "init" => $edit["mail"], "mail" => $edit["mail"], "role" => "authenticated user", "status" => 1));
+    user_save("", array("name" => $edit["name"], "pass" => $edit["pass"], "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "status" => 1));

    return "Created a new user '". $edit["name"] ."'.  No e-mail has been sent.";
  }
@@ -1348,13 +1352,14 @@ function user_roles($membersonly = 0) {
  $result = db_query("SELECT * FROM role ORDER BY name");
  while ($role = db_fetch_object($result)) {
    if (!$membersonly || ($membersonly && $role->name != "anonymous user")) {
-      $roles[$role->name] = $role->name;
+      $roles[$role->rid] = $role->name;
    }
  }
  return $roles;
 }

 function user_admin_perm($edit = array()) {
+  global $tid;

  if ($edit) {

@@ -1362,10 +1367,18 @@ function user_admin_perm($edit = array()) {
    ** Save permissions:
    */

+    $tid = check_input($edit["tid"]);
+
    $result = db_query("SELECT * FROM role");
    while ($role = db_fetch_object($result)) {
-      $perm = $edit[$role->name] ? implode(", ", array_keys($edit[$role->name])) : "";
-      db_query("UPDATE role SET perm = '%s' WHERE name = '$role->name'", $perm);
+      // delete, so if we clear every checkbox we reset that role;
+      // otherwise permissions are active and denied everywhere
+      db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
+      $perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
+      if ($perm) {
+        db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
+      }
+
    }
  }

@@ -1384,10 +1397,16 @@ function user_admin_perm($edit = array()) {
  ** Compile role array:
  */

-  $result = db_query("SELECT * FROM role ORDER BY name");
-  $roles = array ();
+  $result = db_query("SELECT r.rid, p.perm FROM role r LEFT JOIN permission p ON r.rid = p.rid WHERE tid = '%s' ORDER BY name", $tid);
+  $roles = array();
+  while ($role = db_fetch_object($result)) {
+    $role_perms[$role->rid] = $role->perm;
+  }
+
+  $result = db_query("SELECT rid, name FROM role ORDER BY name");
+  $role_names = array ();
  while ($role = db_fetch_object($result)) {
-    $roles[$role->name] = $role->perm;
+    $role_names[$role->rid] = $role->name;
  }

  /*
@@ -1395,16 +1414,17 @@ function user_admin_perm($edit = array()) {
  */

  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
-  $output .= " <tr><th>&nbsp;</th><th>". implode("</th><th>", array_keys($roles)) ."</th></tr>";
+  $output .= " <tr><th>&nbsp;</th><th>". implode("</th><th>", array_values($role_names)) ."</th></tr>";
  foreach ($perms as $perm) {
    $output .= " <tr>";
    $output .= "  <td>". check_output($perm) ."</td>";
-    foreach ($roles as $name => $value) {
-      $output .= "  <td align=\"center\"><input type=\"checkbox\" name=\"edit[$name][$perm]\"". (strstr($value, $perm) ? " checked=\"checked\"" : "") ." /></td>";
+    foreach ($role_names as $rid => $name) {
+      $output .= "  <td align=\"center\"><input type=\"checkbox\" name=\"edit[$rid][$perm]\"". (strstr($role_perms[$rid], $perm) ? " checked=\"checked\"" : "") ." /></td>";
    }
    $output .= " </tr>";
  }
  $output .= "</table>";
+  $output .= form_hidden("tid", $tid);
  $output .= form_submit("Save permissions");

  return form($output);
@@ -1419,6 +1439,7 @@ function user_admin_role($edit = array()) {
  }
  else if ($op == "Delete role") {
    db_query("DELETE FROM role WHERE rid = '%s'", $id);
+    db_query("DELETE FROM permission WHERE rid = '%s'", $id);
  }
  else if ($op == "Add role") {
    db_query("INSERT INTO role (name) VALUES ('%s')", $edit["name"]);
@@ -1534,7 +1555,7 @@ function user_admin_edit($edit = array()) {
  $output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));

  $output .= form_select("Status", "status", $account->status, array("blocked", "active"));
-  $output .= form_select("Role", "role", $account->role, user_roles(1));
+  $output .= form_select("Role", "rid", $account->rid, user_roles(1));

  $output .= form_submit("Save account");
  $output .= form_submit("Delete account");

--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -69,7 +69,7 @@ function user_load($array = array()) {
      $query .= "u.$key = '". addslashes($value) ."' AND ";
    }
  }
-  $result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE $query u.status < 3 LIMIT 1");
+  $result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");

  $user = db_fetch_object($result);
  if ($data = unserialize($user->data)) {
@@ -220,10 +220,10 @@ function user_access($string) {

  if (!$perm) {
    if ($user->uid) {
-      $perm = db_result(db_query("SELECT perm FROM role WHERE name = '$user->role'"), 0);
+      $perm = db_result(db_query("SELECT perm FROM role r, permission p WHERE r.rid = p.rid AND name = '$user->role'"), 0);
    }
    else {
-      $perm = db_result(db_query("SELECT perm FROM role WHERE name = 'anonymous user'"), 0);
+      $perm = db_result(db_query("SELECT perm FROM role r, permission p WHERE r.rid = p.rid AND name = 'anonymous user'"), 0);
    }
  }

@@ -716,7 +716,7 @@ function user_login($edit = array()) {
          if (module_invoke($module, "auth", $name, $pass, $server)) {
            if (variable_get("user_register", 1) == 1 && !user_load(array("name" => "$name@$server"))) { //register this new user
              watchdog("user", "new user: $name@$server ($module ID)");
-              $user = user_save("", array("name" => "$name@$server", "pass" => user_password(), "init" => "$name@$server", "role" => "authenticated user", "status" => 1, "authname_$module" => "$name@$server"));
+              $user = user_save("", array("name" => "$name@$server", "pass" => user_password(), "init" => "$name@$server", "rid" => _user_authenticated_id(), "status" => 1, "authname_$module" => "$name@$server"));
              break;
            }
          }
@@ -788,6 +788,10 @@ function user_login($edit = array()) {
  return form($output);
 }

+function _user_authenticated_id() {
+  return db_result(db_query("SELECT rid FROM role WHERE name = 'authenticated user'"));
+}
+
 function user_logout() {
  global $user;

@@ -929,10 +933,10 @@ function user_register($edit = array()) {

    // create new user account, noting whether administrator approval is required
    if (variable_get("user_register", 1) == 1) {
-      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "role" => "authenticated user", "status" => 1), $data));
+      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "status" => 1), $data));
    }
    else {
-      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "role" => "authenticated user", "status" => 0), $data));
+      $user = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "status" => 0), $data));
    }

    $variables = array("%username" => $edit["name"], "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => path_uri(), "%uri_brief" => $HTTP_HOST, "%mailto" => $edit["mail"]);
@@ -1265,7 +1269,7 @@ function user_admin_create($edit = array()) {

    watchdog("user", "new user: '". $edit["name"] ."' &lt;". $edit["mail"] ."&gt;");

-    user_save("", array("name" => $edit["name"], "pass" => $edit["pass"], "init" => $edit["mail"], "mail" => $edit["mail"], "role" => "authenticated user", "status" => 1));
+    user_save("", array("name" => $edit["name"], "pass" => $edit["pass"], "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "status" => 1));

    return "Created a new user '". $edit["name"] ."'.  No e-mail has been sent.";
  }
@@ -1348,13 +1352,14 @@ function user_roles($membersonly = 0) {
  $result = db_query("SELECT * FROM role ORDER BY name");
  while ($role = db_fetch_object($result)) {
    if (!$membersonly || ($membersonly && $role->name != "anonymous user")) {
-      $roles[$role->name] = $role->name;
+      $roles[$role->rid] = $role->name;
    }
  }
  return $roles;
 }

 function user_admin_perm($edit = array()) {
+  global $tid;

  if ($edit) {

@@ -1362,10 +1367,18 @@ function user_admin_perm($edit = array()) {
    ** Save permissions:
    */

+    $tid = check_input($edit["tid"]);
+
    $result = db_query("SELECT * FROM role");
    while ($role = db_fetch_object($result)) {
-      $perm = $edit[$role->name] ? implode(", ", array_keys($edit[$role->name])) : "";
-      db_query("UPDATE role SET perm = '%s' WHERE name = '$role->name'", $perm);
+      // delete, so if we clear every checkbox we reset that role;
+      // otherwise permissions are active and denied everywhere
+      db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
+      $perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
+      if ($perm) {
+        db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
+      }
+
    }
  }

@@ -1384,10 +1397,16 @@ function user_admin_perm($edit = array()) {
  ** Compile role array:
  */

-  $result = db_query("SELECT * FROM role ORDER BY name");
-  $roles = array ();
+  $result = db_query("SELECT r.rid, p.perm FROM role r LEFT JOIN permission p ON r.rid = p.rid WHERE tid = '%s' ORDER BY name", $tid);
+  $roles = array();
+  while ($role = db_fetch_object($result)) {
+    $role_perms[$role->rid] = $role->perm;
+  }
+
+  $result = db_query("SELECT rid, name FROM role ORDER BY name");
+  $role_names = array ();
  while ($role = db_fetch_object($result)) {
-    $roles[$role->name] = $role->perm;
+    $role_names[$role->rid] = $role->name;
  }

  /*
@@ -1395,16 +1414,17 @@ function user_admin_perm($edit = array()) {
  */

  $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
-  $output .= " <tr><th>&nbsp;</th><th>". implode("</th><th>", array_keys($roles)) ."</th></tr>";
+  $output .= " <tr><th>&nbsp;</th><th>". implode("</th><th>", array_values($role_names)) ."</th></tr>";
  foreach ($perms as $perm) {
    $output .= " <tr>";
    $output .= "  <td>". check_output($perm) ."</td>";
-    foreach ($roles as $name => $value) {
-      $output .= "  <td align=\"center\"><input type=\"checkbox\" name=\"edit[$name][$perm]\"". (strstr($value, $perm) ? " checked=\"checked\"" : "") ." /></td>";
+    foreach ($role_names as $rid => $name) {
+      $output .= "  <td align=\"center\"><input type=\"checkbox\" name=\"edit[$rid][$perm]\"". (strstr($role_perms[$rid], $perm) ? " checked=\"checked\"" : "") ." /></td>";
    }
    $output .= " </tr>";
  }
  $output .= "</table>";
+  $output .= form_hidden("tid", $tid);
  $output .= form_submit("Save permissions");

  return form($output);
@@ -1419,6 +1439,7 @@ function user_admin_role($edit = array()) {
  }
  else if ($op == "Delete role") {
    db_query("DELETE FROM role WHERE rid = '%s'", $id);
+    db_query("DELETE FROM permission WHERE rid = '%s'", $id);
  }
  else if ($op == "Add role") {
    db_query("INSERT INTO role (name) VALUES ('%s')", $edit["name"]);
@@ -1534,7 +1555,7 @@ function user_admin_edit($edit = array()) {
  $output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));

  $output .= form_select("Status", "status", $account->status, array("blocked", "active"));
-  $output .= form_select("Role", "role", $account->role, user_roles(1));
+  $output .= form_select("Role", "rid", $account->rid, user_roles(1));

  $output .= form_submit("Save account");
  $output .= form_submit("Delete account");

--- a/update.php
+++ b/update.php
@@ -53,7 +53,8 @@
  "2002-04-14 : modules/themes web config" => "update_25",
  "2002-04-14 : new taxonomy system" => "update_26",
  "2002-04-16" => "update_27",
-  "2002-04-20" => "update_28"
+  "2002-04-20" => "update_28",
+  "2002-04-23 : roles cleanup" => "update_29"
 );

 // Update functions
@@ -413,6 +414,26 @@ function update_28() {
  update_sql("ALTER TABLE poll DROP lid;");
 }

+function update_29() {
+  update_sql("CREATE TABLE permission (
+    rid INT UNSIGNED NOT NULL,
+    perm TEXT,
+    tid INT UNSIGNED NOT NULL,
+    KEY (rid)
+  )");
+
+  update_sql("INSERT INTO permission (rid, perm) SELECT rid, perm FROM role");
+  update_sql("ALTER TABLE users ADD rid INT UNSIGNED NOT NULL");
+
+  $result = db_query("SELECT rid, name FROM role");
+  while ($role = db_fetch_object($result)) {
+    db_query("UPDATE users SET rid = ".$role->rid." WHERE role = '".$role->name."'");
+  }
+
+  update_sql("ALTER TABLE users DROP role");
+  update_sql("ALTER TABLE role DROP perm");
+}
+
 /*
 ** System functions
 */