- Patch by James: made the blogapi module work again.
Dries Buytaert
parent
1362571d09
commit
07cdcb439b
|
|
@ -477,7 +477,7 @@ function blogapi_validate_user($username, $password) {
|
||||||
$user = user_authenticate($username, $password);
|
$user = user_authenticate($username, $password);
|
||||||
|
|
||||||
if ($user->uid) {
|
if ($user->uid) {
|
||||||
if (user_access('edit own blog')) {
|
if (user_access('edit own blog'), $user) {
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
||||||
|
|
@ -477,7 +477,7 @@ function blogapi_validate_user($username, $password) {
|
||||||
$user = user_authenticate($username, $password);
|
$user = user_authenticate($username, $password);
|
||||||
|
|
||||||
if ($user->uid) {
|
if ($user->uid) {
|
||||||
if (user_access('edit own blog')) {
|
if (user_access('edit own blog'), $user) {
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
||||||
|
|
@ -293,6 +293,8 @@ function user_password($length = 10) {
|
||||||
*
|
*
|
||||||
* @param $string
|
* @param $string
|
||||||
* The permission, such as "administer nodes", being checked for.
|
* The permission, such as "administer nodes", being checked for.
|
||||||
|
* @param $account
|
||||||
|
* (optional) The account to check, if not given use currently logged in user.
|
||||||
*
|
*
|
||||||
* @return
|
* @return
|
||||||
* TRUE iff the current user has the requested permission.
|
* TRUE iff the current user has the requested permission.
|
||||||
|
|
@ -301,26 +303,30 @@ function user_password($length = 10) {
|
||||||
* way, we guarantee consistent behavior, and ensure that the superuser
|
* way, we guarantee consistent behavior, and ensure that the superuser
|
||||||
* can perform all actions.
|
* can perform all actions.
|
||||||
*/
|
*/
|
||||||
function user_access($string) {
|
function user_access($string, $account = NULL) {
|
||||||
global $user;
|
global $user;
|
||||||
static $perm = 0;
|
static $perm = array();
|
||||||
|
|
||||||
// User #1 has all priveleges:
|
// User #1 has all priveleges:
|
||||||
if ($user->uid == 1) {
|
if ($user->uid == 1) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (is_null($account)) {
|
||||||
|
$account = $user;
|
||||||
|
}
|
||||||
|
|
||||||
// To reduce the number of SQL queries, we cache the user's permissions
|
// To reduce the number of SQL queries, we cache the user's permissions
|
||||||
// in a static variable.
|
// in a static variable.
|
||||||
if ($perm === 0) {
|
if (!isset($perm[$account->uid])) {
|
||||||
$result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
|
$result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid);
|
||||||
|
|
||||||
while ($row = db_fetch_object($result)) {
|
while ($row = db_fetch_object($result)) {
|
||||||
$perm .= "$row->perm, ";
|
$perm[$account->uid] .= "$row->perm, ";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return strstr($perm, "$string, ");
|
return strstr($perm[$account->uid], "$string, ");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -293,6 +293,8 @@ function user_password($length = 10) {
|
||||||
*
|
*
|
||||||
* @param $string
|
* @param $string
|
||||||
* The permission, such as "administer nodes", being checked for.
|
* The permission, such as "administer nodes", being checked for.
|
||||||
|
* @param $account
|
||||||
|
* (optional) The account to check, if not given use currently logged in user.
|
||||||
*
|
*
|
||||||
* @return
|
* @return
|
||||||
* TRUE iff the current user has the requested permission.
|
* TRUE iff the current user has the requested permission.
|
||||||
|
|
@ -301,26 +303,30 @@ function user_password($length = 10) {
|
||||||
* way, we guarantee consistent behavior, and ensure that the superuser
|
* way, we guarantee consistent behavior, and ensure that the superuser
|
||||||
* can perform all actions.
|
* can perform all actions.
|
||||||
*/
|
*/
|
||||||
function user_access($string) {
|
function user_access($string, $account = NULL) {
|
||||||
global $user;
|
global $user;
|
||||||
static $perm = 0;
|
static $perm = array();
|
||||||
|
|
||||||
// User #1 has all priveleges:
|
// User #1 has all priveleges:
|
||||||
if ($user->uid == 1) {
|
if ($user->uid == 1) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (is_null($account)) {
|
||||||
|
$account = $user;
|
||||||
|
}
|
||||||
|
|
||||||
// To reduce the number of SQL queries, we cache the user's permissions
|
// To reduce the number of SQL queries, we cache the user's permissions
|
||||||
// in a static variable.
|
// in a static variable.
|
||||||
if ($perm === 0) {
|
if (!isset($perm[$account->uid])) {
|
||||||
$result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
|
$result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid);
|
||||||
|
|
||||||
while ($row = db_fetch_object($result)) {
|
while ($row = db_fetch_object($result)) {
|
||||||
$perm .= "$row->perm, ";
|
$perm[$account->uid] .= "$row->perm, ";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return strstr($perm, "$string, ");
|
return strstr($perm[$account->uid], "$string, ");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue