Commit 02fa0d85 authored by Dries's avatar Dries

- Patch #18018 by dww, nedjo, tostinne, luke et al: block visibility by role.

parent be6b7b0f
......@@ -3,6 +3,8 @@ Drupal x.x.x, xxxx-xx-xx (development version)
- usability:
* added support for auto-complete forms (AJAX) to user profiles.
* improved configurability of the contact forms.
- block system:
* extended the block visibility settings with a role specific settings..
- distributed authentication:
* added default server option.
- fixed critical SQL issue, see SA-2006-005
......
......@@ -144,11 +144,11 @@ INSTALLATION
by the Drupal server process. You can change the name of this
subdirectory at "Administer > Settings > File system settings".
SECURITY NOTICE: Certain Apache configurations can be vulnerable
to a security exploit allowing arbitrary code execution. Drupal
will attempt to automatically create a .htaccess file in your
"files" directory to protect you. If you already have a .htaccess
file in that location, please add the following line:
SECURITY NOTICE: Certain Apache configurations can be vulnerable
to a security exploit allowing arbitrary code execution. Drupal
will attempt to automatically create a .htaccess file in your
"files" directory to protect you. If you already have a .htaccess
file in that location, please add the following line:
SetHandler This_is_a_Drupal_security_line_do_not_remove
You can now launch your browser and point it to your Drupal site.
......
......@@ -568,6 +568,17 @@ CREATE TABLE role (
UNIQUE KEY name (name)
);
--
-- Table structure for table 'blocks_roles'
--
CREATE TABLE blocks_roles (
module varchar(64) NOT NULL,
delta varchar(32) NOT NULL,
rid int(10) unsigned NOT NULL,
PRIMARY KEY (module, delta, rid)
)
/*!40100 DEFAULT CHARACTER SET utf8 */ ;
--
-- Table structure for table 'search_dataset'
--
......
......@@ -607,6 +607,17 @@ CREATE TABLE role (
)
DEFAULT CHARACTER SET utf8;
--
-- Table structure for table 'blocks_roles'
--
CREATE TABLE blocks_roles (
module varchar(64) NOT NULL,
delta varchar(32) NOT NULL,
rid int(10) unsigned NOT NULL,
PRIMARY KEY (module, delta, rid)
)
/*!40100 DEFAULT CHARACTER SET utf8 */ ;
--
-- Table structure for table 'search_dataset'
--
......
......@@ -571,6 +571,17 @@ CREATE TABLE role (
UNIQUE (name)
);
--
-- Table structure for table 'blocks_roles'
--
CREATE TABLE blocks_roles (
module varchar(64) NOT NULL,
delta varchar(32) NOT NULL,
rid integer NOT NULL,
PRIMARY KEY (module, delta, rid)
);
--
-- Table structure for table 'search_dataset'
--
......
......@@ -2014,3 +2014,29 @@ function system_update_182() {
return $ret;
}
function system_update_183() {
$ret = array();
switch ($GLOBALS['db_type']) {
case 'mysql':
case 'mysqli':
$ret[] = update_sql("CREATE TABLE blocks_roles (
module varchar(64) NOT NULL,
delta varchar(32) NOT NULL,
rid int(10) unsigned NOT NULL,
PRIMARY KEY (module, delta, rid)
) /*!40100 DEFAULT CHARACTER SET utf8 */;");
break;
case 'pgsql':
$ret[] = update_sql("CREATE TABLE blocks_roles (
module varchar(64) NOT NULL,
delta varchar(32) NOT NULL,
rid integer NOT NULL,
PRIMARY KEY (module, delta, rid)
);");
break;
}
return $ret;
}
......@@ -22,6 +22,7 @@ function block_help($section) {
<li>Its page visibility settings. Blocks can be configured to be visible/hidden on certain pages.</li>
<li>Its custom visibility settings. Blocks can be configured to be visible only when specific conditions are true.</li>
<li>Its user visibility settings. Administrators can choose to let users decide whether to show/hide certain blocks.</li>
<li>Its user-role visibility settings. Administrators can choose to let blocks be visible only for certain user roles.</li>
<li>Its function. Some dynamic blocks, such as those generated by modules, will be displayed only on certain pages.</li>
</ul>
');
......@@ -365,7 +366,7 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['block_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Block specific settings'),
'#collapsible' => true,
'#collapsible' => TRUE,
);
foreach ($settings as $k => $v) {
......@@ -382,19 +383,48 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['user_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('User specific visibility settings'),
'#collapsible' => true,
'#collapsible' => TRUE,
);
$form['user_vis_settings']['custom'] = array(
'#type' => 'radios',
'#title' => t('Custom visibility settings'),
'#options' => array(t('Users cannot control whether or not they see this block.'), t('Show this block by default, but let individual users hide it.'), t('Hide this block by default but let individual users show it.')),
'#options' => array(
t('Users cannot control whether or not they see this block.'),
t('Show this block by default, but let individual users hide it.'),
t('Hide this block by default but let individual users show it.')
),
'#description' => t('Allow individual users to customize the visibility of this block in their account settings.'),
'#default_value' => $edit['custom'],
);
// Role-based visibility settings
$default_role_options = array();
$result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
while ($role = db_fetch_object($result)) {
$default_role_options[] = $role->rid;
}
$result = db_query('SELECT rid, name FROM {role} ORDER BY name');
$role_options = array();
while ($role = db_fetch_object($result)) {
$role_options[$role->rid] = $role->name;
}
$form['role_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Role specific visibility settings'),
'#collapsible' => TRUE,
);
$form['role_vis_settings']['roles'] = array(
'#type' => 'checkboxes',
'#title' => t('Show block for specific roles'),
'#default_value' => $default_role_options,
'#options' => $role_options,
'#description' => t('Show this block only for the selected role(s). If you select no roles, the block will be visible to all users.'),
);
$form['page_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Page specific visibility settings'),
'#collapsible' => true,
'#collapsible' => TRUE,
);
$access = user_access('use PHP for block visibility');
......@@ -444,6 +474,10 @@ function block_admin_configure_validate($form_id, $form_values) {
function block_admin_configure_submit($form_id, $form_values) {
if (!form_get_errors()) {
db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d WHERE module = '%s' AND delta = '%s'", $form_values['visibility'], $form_values['pages'], $form_values['custom'], $form_values['module'], $form_values['delta']);
db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_values['module'], $form_values['delta']);
foreach (array_filter($form_values['roles']) as $rid) {
db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_values['module'], $form_values['delta']);
}
module_invoke($form_values['module'], 'block', 'save', $form_values['delta'], $form_values);
drupal_set_message(t('The block configuration has been saved.'));
cache_clear_all();
......@@ -540,7 +574,7 @@ function block_box_save($edit, $delta = NULL) {
else {
db_query("INSERT INTO {boxes} (title, body, info, format) VALUES ('%s', '%s', '%s', %d)", $edit['title'], $edit['body'], $edit['info'], $edit['format']);
}
return true;
return TRUE;
}
/**
......@@ -550,10 +584,11 @@ function block_box_save($edit, $delta = NULL) {
* the site.
*/
function block_user($type, $edit, &$user, $category = NULL) {
global $user;
switch ($type) {
case 'form':
if ($category == 'account') {
$result = db_query('SELECT * FROM {blocks} WHERE status = 1 AND custom != 0 ORDER BY weight, module, delta');
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles)));
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
while ($block = db_fetch_object($result)) {
$data = module_invoke($block->module, 'block', 'list');
......@@ -600,7 +635,7 @@ function block_list($region) {
static $blocks = array();
if (!count($blocks)) {
$result = db_query("SELECT * FROM {blocks} WHERE theme = '%s' AND status = 1 ORDER BY region, weight, module", $theme_key);
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", $theme_key, implode(',', array_keys($user->roles)));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
......@@ -656,5 +691,3 @@ function block_list($region) {
}
return $blocks[$region];
}
......@@ -22,6 +22,7 @@ function block_help($section) {
<li>Its page visibility settings. Blocks can be configured to be visible/hidden on certain pages.</li>
<li>Its custom visibility settings. Blocks can be configured to be visible only when specific conditions are true.</li>
<li>Its user visibility settings. Administrators can choose to let users decide whether to show/hide certain blocks.</li>
<li>Its user-role visibility settings. Administrators can choose to let blocks be visible only for certain user roles.</li>
<li>Its function. Some dynamic blocks, such as those generated by modules, will be displayed only on certain pages.</li>
</ul>
');
......@@ -365,7 +366,7 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['block_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Block specific settings'),
'#collapsible' => true,
'#collapsible' => TRUE,
);
foreach ($settings as $k => $v) {
......@@ -382,19 +383,48 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['user_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('User specific visibility settings'),
'#collapsible' => true,
'#collapsible' => TRUE,
);
$form['user_vis_settings']['custom'] = array(
'#type' => 'radios',
'#title' => t('Custom visibility settings'),
'#options' => array(t('Users cannot control whether or not they see this block.'), t('Show this block by default, but let individual users hide it.'), t('Hide this block by default but let individual users show it.')),
'#options' => array(
t('Users cannot control whether or not they see this block.'),
t('Show this block by default, but let individual users hide it.'),
t('Hide this block by default but let individual users show it.')
),
'#description' => t('Allow individual users to customize the visibility of this block in their account settings.'),
'#default_value' => $edit['custom'],
);
// Role-based visibility settings
$default_role_options = array();
$result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
while ($role = db_fetch_object($result)) {
$default_role_options[] = $role->rid;
}
$result = db_query('SELECT rid, name FROM {role} ORDER BY name');
$role_options = array();
while ($role = db_fetch_object($result)) {
$role_options[$role->rid] = $role->name;
}
$form['role_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Role specific visibility settings'),
'#collapsible' => TRUE,
);
$form['role_vis_settings']['roles'] = array(
'#type' => 'checkboxes',
'#title' => t('Show block for specific roles'),
'#default_value' => $default_role_options,
'#options' => $role_options,
'#description' => t('Show this block only for the selected role(s). If you select no roles, the block will be visible to all users.'),
);
$form['page_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Page specific visibility settings'),
'#collapsible' => true,
'#collapsible' => TRUE,
);
$access = user_access('use PHP for block visibility');
......@@ -444,6 +474,10 @@ function block_admin_configure_validate($form_id, $form_values) {
function block_admin_configure_submit($form_id, $form_values) {
if (!form_get_errors()) {
db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d WHERE module = '%s' AND delta = '%s'", $form_values['visibility'], $form_values['pages'], $form_values['custom'], $form_values['module'], $form_values['delta']);
db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_values['module'], $form_values['delta']);
foreach (array_filter($form_values['roles']) as $rid) {
db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_values['module'], $form_values['delta']);
}
module_invoke($form_values['module'], 'block', 'save', $form_values['delta'], $form_values);
drupal_set_message(t('The block configuration has been saved.'));
cache_clear_all();
......@@ -540,7 +574,7 @@ function block_box_save($edit, $delta = NULL) {
else {
db_query("INSERT INTO {boxes} (title, body, info, format) VALUES ('%s', '%s', '%s', %d)", $edit['title'], $edit['body'], $edit['info'], $edit['format']);
}
return true;
return TRUE;
}
/**
......@@ -550,10 +584,11 @@ function block_box_save($edit, $delta = NULL) {
* the site.
*/
function block_user($type, $edit, &$user, $category = NULL) {
global $user;
switch ($type) {
case 'form':
if ($category == 'account') {
$result = db_query('SELECT * FROM {blocks} WHERE status = 1 AND custom != 0 ORDER BY weight, module, delta');
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles)));
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
while ($block = db_fetch_object($result)) {
$data = module_invoke($block->module, 'block', 'list');
......@@ -600,7 +635,7 @@ function block_list($region) {
static $blocks = array();
if (!count($blocks)) {
$result = db_query("SELECT * FROM {blocks} WHERE theme = '%s' AND status = 1 ORDER BY region, weight, module", $theme_key);
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", $theme_key, implode(',', array_keys($user->roles)));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
......@@ -656,5 +691,3 @@ function block_list($region) {
}
return $blocks[$region];
}
......@@ -1147,7 +1147,7 @@ function taxonomy_render_nodes($result) {
$output .= theme('pager', NULL, variable_get('default_nodes_main', 10), 0);
}
else {
$output .= t('There are currently no posts in this category.');
$output .= '<p>'. t('There are currently no posts in this category.') .'</p>';
}
return $output;
}
......
......@@ -1147,7 +1147,7 @@ function taxonomy_render_nodes($result) {
$output .= theme('pager', NULL, variable_get('default_nodes_main', 10), 0);
}
else {
$output .= t('There are currently no posts in this category.');
$output .= '<p>'. t('There are currently no posts in this category.') .'</p>';
}
return $output;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment