Commit 72065fb8 authored by Dries's avatar Dries

- Added a brand-new access.module which allows you to manage 'roles'

  (groups) and 'permissions' ... (inspired by Zope's system).

    + Once installed, click the help-link for more information.

    + See updates/2.00-to-x.xx.sql for the SQL updates.

- Modified loads of code to use our new access.module.  The system
  still has to mature though: new permissions have to be added and
  existing permissions need stream-lining.  Awaiting suggestions.

- As a direct result of the new access system, I had to rewrite the
  way the top-level links in admin.php are rendered and displayed,
  and xhtml-ified admin.php while I was at it.

TODO

- Home-brewed modules need updating, home-brewed themes not.
  (Examples: file.module, trip_link.module)

- As soon we *finished* the refactoring of the user system (KJ has
  been working on this refactoring already) we should consider to
  embed this role and permission code into account.module ...
parent 7752dc4c
......@@ -269,7 +269,7 @@ function account_create_submit($userid, $email) {
$new[passwd] = user_password();
$new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
$user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
$user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "role" => "authenticated user", "status" => 1, "hash" => $new[hash]));
$link = path_uri() ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
......
......@@ -2,9 +2,6 @@
include_once "includes/common.inc";
// validate user access:
if (!user_access($user)) exit();
function status($message) {
if ($message) return "<B>Status:</B> $message<HR>\n";
}
......@@ -14,33 +11,43 @@ function admin_page($mod) {
function module($name) {
global $menu, $user;
if (function_exists($name. "_admin") && user_access($user, $name)) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
if (module_hook($name, "admin")) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
$menu .= $output;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE><?php echo variable_get(site_name, "drupal"); ?> administration</TITLE></HEAD>
<STYLE>
<html>
<head>
<title><?php echo variable_get(site_name, "drupal"); ?> administration pages</title>
</head>
<style>
body { font-family: helvetica, arial; }
h1 { font-famile: helvetica, arial; font-size: 18pt; font-weight: bold; color: #660000; }
h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; color: #000066; }
h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; color: #006600; }
th { font-family: helvetica, arial; text-align: center; vertical-align: top; background-color: #CCCCCC; color: #995555; }
td { font-family: helvetica, arial; }
</STYLE>
<BODY BGCOLOR="#FFFFFF" LINK="#005599" VLINK="#004499" ALINK="#FF0000">
<H1>Administration</H1>
<?php module_iterate("module"); ?>
<HR><?php echo $menu; ?><A HREF="index.php">home</A><HR>
<?php if (user_access($user, $mod)) module_invoke($mod, "admin"); ?>
</BODY>
</HTML>
</style>
<body bgcolor="#FFFFFF" link="#005599" vlink="#004499" alink="#FF0000">
<h1>Administration</h1>
<?php
foreach (module_list() as $name) {
if (module_hook($name, "admin")) $links[] = "<a href=\"admin.php?mod=$name\">$name</a>";
}
$links[] = "<a href=\"index.php\">home</a>";
print implode(" | ", $links) ."<hr />";
if ($mod) module_invoke($mod, "admin");
?>
</body>
</html>
<?php
}
user_rehash();
admin_page($mod);
if (user_access($user, "access administration pages")) {
user_rehash();
admin_page($mod);
}
?>
\ No newline at end of file
......@@ -50,16 +50,16 @@ function comment_settings($mode, $order, $threshold) {
function comment_form($edit) {
global $REQUEST_URI, $user;
// Name field:
// name field:
$form .= form_item(t("Your name"), format_username($user->userid));
// Subject field:
// subject field:
$form .= form_textfield(t("Subject"), "subject", check_input($edit[subject]), 50, 60);
// Comment field:
// comment field:
$form .= form_textarea(t("Comment"), "comment", check_input($edit[comment]), 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
// Preview button:
// preview button:
$form .= form_hidden("pid", check_input($edit[pid]));
$form .= form_hidden("id", check_input($edit[id]));
......@@ -87,7 +87,12 @@ function comment_reply($pid, $id) {
$pid = 0;
}
$theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
if (user_access($user, "post comments")) {
$theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
}
else {
$theme->box(t("Reply"), t("You are not authorized to post comments."));
}
}
function comment_preview($edit) {
......@@ -102,24 +107,26 @@ function comment_preview($edit) {
function comment_post($edit) {
global $theme, $user;
// check comment submission rate:
throttle("post comment", variable_get(max_comment_rate, 60));
if (user_access($user, "post comments")) {
// check comment submission rate:
throttle("post comment", variable_get(max_comment_rate, 60));
// check for duplicate comments:
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
// check for duplicate comments:
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '$subject'");
}
else {
// validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '$subject'");
}
else {
// validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
// add watchdog entry:
watchdog("special", "comment: added '$subject'");
// add watchdog entry:
watchdog("special", "comment: added '$subject'");
// add comment to database:
db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
// add comment to database:
db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
}
}
}
......@@ -250,68 +257,71 @@ function comment_thread_max($cid, $mode, $threshold, $level = 0, $dummy = 0) {
}
function comment_render($lid, $cid) {
global $theme, $REQUEST_URI, $user;
global $user, $theme, $REQUEST_URI;
// Pre-process variables:
$lid = empty($lid) ? 0 : $lid;
$cid = empty($cid) ? 0 : $cid;
$mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
$order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
$threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
if (user_access($user, "view comments")) {
if ($user->id) {
// Comment control:
$theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
// Pre-process variables:
$lid = empty($lid) ? 0 : $lid;
$cid = empty($cid) ? 0 : $cid;
$mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
$order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
$threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
// Print moderation form:
print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
}
if ($user->id) {
// Comment control:
$theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
if ($cid > 0) {
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_link($comment));
// Print moderation form:
print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
}
}
else {
if ($mode == 1) {
$result = comment_query($lid, $order);
print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
while ($comment = db_fetch_object($result)) {
if (comment_visible($comment, $threshold)) {
print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
}
if ($cid > 0) {
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_link($comment));
}
print "</TABLE>\n";
}
else if ($mode == 2) {
$result = comment_query($lid, $order);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
else {
if ($mode == 1) {
$result = comment_query($lid, $order);
print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
while ($comment = db_fetch_object($result)) {
if (comment_visible($comment, $threshold)) {
print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
}
}
print "</TABLE>\n";
}
}
else if ($mode == 3) {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment);
comment_thread_min($comment->cid, $threshold);
else if ($mode == 2) {
$result = comment_query($lid, $order);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
}
}
}
else {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
else if ($mode == 3) {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment);
comment_thread_min($comment->cid, $threshold);
}
}
else {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
}
}
}
}
if ($user->id) {
// Print moderation form:
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
print "</FORM>\n";
if ($user->id) {
// Print moderation form:
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
print "</FORM>\n";
}
}
}
......
......@@ -25,7 +25,7 @@ function watchdog($type, $message) {
function throttle($type, $rate) {
global $user;
if (!user_access($user)) {
if (!user_access($user, "access administration pages")) {
if ($throttle = db_fetch_object(db_query("SELECT * FROM watchdog WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
die(message_throttle());
......@@ -46,8 +46,8 @@ function path_img() {
return "./images/";
}
function message_account() {
return t("This page requires a valid user account. Please <A HREF=\"account.php\">create a user account</A> and <A HREF=\"account.php\">login</A> prior to accessing it.");
function message_access() {
return t("You are not authorized to access to this page.");
}
function message_throttle() {
......@@ -136,7 +136,7 @@ function format_date($timestamp, $type = "medium", $format = "") {
function format_username($username) {
global $user;
if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
if ($username) return (user_access($user, "add and edit user accounts") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
else return variable_get(anonymous, "Anonymous");
}
......
......@@ -236,7 +236,7 @@ function node_index($node) {
function node_visible($node) {
global $user, $status;
return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "node");
return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "add and edit nodes");
}
function node_access($account, $node) {
......
......@@ -59,9 +59,9 @@ function theme_account($theme) {
$content .= "<A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A><BR>\n";
$content .= "<P>\n";
if (user_access($user)) {
if (user_access($user, "access administration pages")) {
$content .= "<A HREF=\"admin.php\">". strtr(t("administer %a"), array("%a" => variable_get("site_name", "drupal"))) ."</A><BR>\n";
$content .= "<P>\n";
$content .= "<P>\n";
}
foreach (module_list() as $name) {
......
......@@ -3,14 +3,14 @@
class User {
function User($userid, $passwd = 0) {
if ($passwd) {
$result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2");
$result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') AND status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
}
}
else {
$result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2");
$result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE u.userid = '$userid' AND u.status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
......@@ -52,10 +52,16 @@ function user_save($account, $array) {
return user_load(($account->userid ? $account->userid : $array[userid]));
}
function user_access($account, $section = 0) {
global $user;
if ($section) return (field_get($account->access, $section) || $account->id == 1);
else return ($account->access || $account->id == 1);
function user_access($account, $perm) {
if ($account->id == 1) {
return 1;
}
else if ($account->perm) {
return strstr($account->perm, $perm);
}
else {
return db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user' AND perm LIKE '%$perm%'"));
}
}
function user_ban($mask, $type) {
......
......@@ -4,12 +4,19 @@
page_header();
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
$theme->header();
while ($node = db_fetch_object($result)) {
node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
if (user_access($user, "view content")) {
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
while ($node = db_fetch_object($result)) {
node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
}
}
else {
$theme->box("Access denied", message_access());
}
$theme->footer();
page_footer();
......
This diff is collapsed.
......@@ -6,6 +6,10 @@ function import_help() {
<?php
}
function import_perm() {
return array("add and edit news feeds");
}
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
......@@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
global $op, $id, $type, $edit;
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
global $user, $op, $id, $type, $edit;
if (user_access($user, "add and edit news feeds")) {
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print import_view_feed();
}
}
else {
print message_access();
}
}
......
......@@ -6,6 +6,10 @@ function import_help() {
<?php
}
function import_perm() {
return array("add and edit news feeds");
}
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
......@@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
global $op, $id, $type, $edit;
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
global $user, $op, $id, $type, $edit;
if (user_access($user, "add and edit news feeds")) {
print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
switch($op) {
case "help":
print import_help();
break;
case "add":
if ($type == "bundle")
print import_form_bundle();
else
print import_form_feed();
break;
case "edit":
if ($type == "bundle")
print import_form_bundle(import_get_bundle($id));
else
print import_form_feed(import_get_feed($id));
break;
case "remove":
print status(import_remove(import_get_feed($id)));
print import_view_feed();
break;
case "update":
print status(import_update(import_get_feed($id)));
print import_view_feed();
break;
case "Save attributes":
print status(import_save_attributes($edit));
print import_view_item();
break;
case "Delete":
$edit[title] = 0;
// fall through:
case "Submit":
if ($type == "bundle")
print status(import_save_bundle($edit));
else
print status(import_save_feed($edit));
// fall through:
default:
if ($type == "bundle")
print import_view_bundle();
else if ($type == "item")
print import_view_item();
else
print import_view_feed();
}
}
else {
print message_access();
}
}
......
......@@ -9,6 +9,10 @@ function block_help() {
<?php
}
function block_perm() {
return array("add and edit blocks");
}
function block_admin_save($edit) {
foreach ($edit as $key=>$value) {
db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'");
......@@ -99,24 +103,28 @@ function block_admin_preview() {
}
function block_admin() {
global $op, $edit;
print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
block_help();
break;
case "preview":
block_admin_preview();
break;
case "Save blocks":
block_admin_save($edit);
// fall through
default:
block_admin_display();
global $user, $op, $edit;
if (user_access($user, "add and edit blocks")) {
print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "help":
block_help();
break;
case "preview":
block_admin_preview();
break;
case "Save blocks":
block_admin_save($edit);
// fall through
default:
block_admin_display();
}
}
else {
print message_access();
}
}
?>
......@@ -9,6 +9,10 @@ function block_help() {
<?php
}
function block_perm() {
return array("add and edit blocks");
}
function block_admin_save($edit) {