Commit c4f1e4ba authored by Dries's avatar Dries

- Patch #76444 by chx, moshe, eaton, angie et al: make it possible to control...

- Patch #76444 by chx, moshe, eaton, angie et al: make it possible to control access to form elements.
parent a8de1e92
......@@ -1692,9 +1692,10 @@ function drupal_cron_run() {
* The rendered HTML.
*/
function drupal_render(&$elements) {
if (!isset($elements)) {
if (!isset($elements) || (isset($elements['#access']) && !$elements['#access'])) {
return NULL;
}
$content = '';
uasort($elements, "_element_sort");
if (!isset($elements['#children'])) {
......@@ -1792,4 +1793,4 @@ function element_child($key) {
*/
function element_children($element) {
return array_filter(array_keys((array) $element), 'element_child');
}
\ No newline at end of file
}
......@@ -496,7 +496,7 @@ function form_builder($form_id, $form) {
$form['#id'] = 'edit-' . implode('-', $form['#parents']);
}
$posted = (($form['#programmed']) || (isset($_POST['edit']) && ($_POST['edit']['form_id'] == $form_id)));
$posted = (($form['#programmed']) || ((!isset($form['#access']) || $form['#access']) && isset($_POST['edit']) && ($_POST['edit']['form_id'] == $form_id)));
$edit = $posted ? $form['#post']['edit'] : array();
foreach ($form['#parents'] as $parent) {
$edit = isset($edit[$parent]) ? $edit[$parent] : NULL;
......@@ -585,13 +585,18 @@ function form_builder($form_id, $form) {
$form[$key]['#tree'] = $form['#tree'];
}
// deny access to child elements if parent is denied
if (isset($form['#access']) && !$form['#access']) {
$form[$key]['#access'] = FALSE;
}
// don't squash existing parents value
if (!isset($form[$key]['#parents'])) {
// Check to see if a tree of child elements is present. If so, continue down the tree if required.
$form[$key]['#parents'] = $form[$key]['#tree'] && $form['#tree'] ? array_merge($form['#parents'], array($key)) : array($key);
}
# Assign a decimal placeholder weight to preserve original array order
// Assign a decimal placeholder weight to preserve original array order
if (!isset($form[$key]['#weight'])) {
$form[$key]['#weight'] = $count/1000;
}
......
......@@ -281,27 +281,20 @@ function comment_form_alter($form_id, &$form) {
elseif (isset($form['type'])) {
if ($form['type']['#value'] .'_node_form' == $form_id) {
$node = $form['#node'];
if (user_access('administer comments')) {
$form['comment_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Comment settings'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#weight' => 30,
);
$form['comment_settings']['comment'] = array(
'#type' => 'radios',
'#parents' => array('comment'),
'#default_value' => $node->comment,
'#options' => array(t('Disabled'), t('Read only'), t('Read/Write')),
);
}
else {
$form['comment_settings']['comment'] = array(
'#type' => 'value',
'#value' => $node->comment,
);
}
$form['comment_settings'] = array(
'#type' => 'fieldset',
'#access' => user_access('administer comments'),
'#title' => t('Comment settings'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#weight' => 30,
);
$form['comment_settings']['comment'] = array(
'#type' => 'radios',
'#parents' => array('comment'),
'#default_value' => $node->comment,
'#options' => array(t('Disabled'), t('Read only'), t('Read/Write')),
);
}
}
}
......
......@@ -187,7 +187,7 @@ function menu_perm() {
* Add menu item fields to the node form.
*/
function menu_form_alter($form_id, &$form) {
if (user_access('administer menu') && isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
$edit = isset($_POST['edit']) ? $_POST['edit'] : '';
$edit['nid'] = $form['nid']['#value'];
......@@ -201,6 +201,7 @@ function menu_form_alter($form_id, &$form) {
$form['menu'] = array('#type' => 'fieldset',
'#title' => t('Menu settings'),
'#access' => user_access('administer menu'),
'#collapsible' => TRUE,
'#collapsed' => empty($item['title']),
'#tree' => TRUE,
......
......@@ -1899,28 +1899,38 @@ function node_form($node) {
}
$form['#node'] = $node;
if (user_access('administer nodes')) {
// Node author information
$form['author'] = array('#type' => 'fieldset', '#title' => t('Authoring information'), '#collapsible' => TRUE, '#collapsed' => TRUE, '#weight' => 20);
$form['author']['name'] = array('#type' => 'textfield', '#title' => t('Authored by'), '#maxlength' => 60, '#autocomplete_path' => 'user/autocomplete', '#default_value' => $node->name ? $node->name : '', '#weight' => -1, '#description' => t('Leave blank for %anonymous.', array('%anonymous' => variable_get('anonymous', 'Anonymous'))));
$form['author']['date'] = array('#type' => 'textfield', '#title' => t('Authored on'), '#maxlength' => 25, '#description' => t('Format: %time. Leave blank to use the time of form submission.', array('%time' => $node->date)));
if (isset($node->nid)) {
$form['author']['date']['#default_value'] = $node->date;
}
// Node author information for administrators
$form['author'] = array(
'#type' => 'fieldset',
'#access' => user_access('administer nodes'),
'#title' => t('Authoring information'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#weight' => 20,
);
$form['author']['name'] = array('#type' => 'textfield', '#title' => t('Authored by'), '#maxlength' => 60, '#autocomplete_path' => 'user/autocomplete', '#default_value' => $node->name ? $node->name : '', '#weight' => -1, '#description' => t('Leave blank for %anonymous.', array('%anonymous' => variable_get('anonymous', 'Anonymous'))));
$form['author']['date'] = array('#type' => 'textfield', '#title' => t('Authored on'), '#maxlength' => 25, '#description' => t('Format: %time. Leave blank to use the time of form submission.', array('%time' => $node->date)));
// Node options for administrators
$form['options'] = array('#type' => 'fieldset', '#title' => t('Publishing options'), '#collapsible' => TRUE, '#collapsed' => TRUE, '#weight' => 25);
$form['options']['status'] = array('#type' => 'checkbox', '#title' => t('Published'), '#default_value' => $node->status);
$form['options']['promote'] = array('#type' => 'checkbox', '#title' => t('Promoted to front page'), '#default_value' => $node->promote);
$form['options']['sticky'] = array('#type' => 'checkbox', '#title' => t('Sticky at top of lists'), '#default_value' => $node->sticky);
$form['options']['revision'] = array('#type' => 'checkbox', '#title' => t('Create new revision'), '#default_value' => $node->revision);
if (isset($node->nid)) {
$form['author']['date']['#default_value'] = $node->date;
}
else {
// Put all of these through as values if the user doesn't have access to them.
foreach (array('uid', 'created') as $key) {
$form[$key] = array('#type' => 'value', '#value' => $node->$key);
}
// Node options for administrators
$form['options'] = array(
'#type' => 'fieldset',
'#access' => user_access('administer nodes'),
'#title' => t('Publishing options'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#weight' => 25,
);
$form['options']['status'] = array('#type' => 'checkbox', '#title' => t('Published'), '#default_value' => $node->status);
$form['options']['promote'] = array('#type' => 'checkbox', '#title' => t('Promoted to front page'), '#default_value' => $node->promote);
$form['options']['sticky'] = array('#type' => 'checkbox', '#title' => t('Sticky at top of lists'), '#default_value' => $node->sticky);
$form['options']['revision'] = array('#type' => 'checkbox', '#title' => t('Create new revision'), '#default_value' => $node->revision);
// These values are used when the user has no administrator accesss.
foreach (array('uid', 'created') as $key) {
$form[$key] = array('#type' => 'value', '#value' => $node->$key);
}
// Add the buttons.
......
......@@ -255,13 +255,14 @@ function path_nodeapi(&$node, $op, $arg) {
* Implementation of hook_form_alter().
*/
function path_form_alter($form_id, &$form) {
if (user_access('create url aliases') && isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
$path = $form['#node']->path;
$form['path'] = array(
'#type' => 'fieldset',
'#title' => t('URL path settings'),
'#collapsible' => TRUE,
'#collapsed' => empty($path),
'#access' => user_access('create url aliases'),
'#weight' => 30,
);
$form['path']['path'] = array(
......
......@@ -360,13 +360,14 @@ function upload_form_alter($form_id, &$form) {
if (isset($form['type'])) {
$node = $form['#node'];
if ($form['type']['#value'] .'_node_form' == $form_id && variable_get("upload_$node->type", TRUE) && user_access('upload files')) {
if ($form['type']['#value'] .'_node_form' == $form_id && variable_get("upload_$node->type", TRUE)) {
drupal_add_js('misc/progress.js');
drupal_add_js('misc/upload.js');
// Attachments fieldset
$form['attachments'] = array(
'#type' => 'fieldset',
'#access' => user_access('upload files'),
'#title' => t('File attachments'),
'#collapsible' => TRUE,
'#collapsed' => empty($node->files),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment