Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #89323 by hunmonk: control access to mass operations.

5.x
Dries Buytaert 2006-10-15 20:09:18 +00:00
parent d692d438a3
commit 1238ccd6d0
1 changed files with 36 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
modules/user/user.module
View File

@ -2090,19 +2090,6 @@ function user_admin_account_validate($form_id, $form_values) {
function user_user_operations() { function user_user_operations() {
global $form_values; global $form_values;
$roles = user_roles(1);
unset($roles[DRUPAL_AUTHENTICATED_RID]); // Can't edit authenticated role.
$add_roles = array();
foreach ($roles as $key => $value) {
$add_roles['add_role-'. $key] = $value;
}
$remove_roles = array();
foreach ($roles as $key => $value) {
$remove_roles['remove_role-'. $key] = $value;
}
$operations = array( $operations = array(
'unblock' => array( 'unblock' => array(
'label' => t('Unblock the selected users'), 'label' => t('Unblock the selected users'),
@ -2112,27 +2099,53 @@ function user_user_operations() {
'label' => t('Block the selected users'), 'label' => t('Block the selected users'),
'callback' => 'user_user_operations_block', 'callback' => 'user_user_operations_block',
), ),
t('Add a role to the selected users') => array(
'label' => $add_roles,
),
t('Remove a role from the selected users') => array(
'label' => $remove_roles,
),
'delete' => array( 'delete' => array(
'label' => t('Delete the selected users'), 'label' => t('Delete the selected users'),
), ),
); );
if (user_access('administer access control')) {
$roles = user_roles(1);
unset($roles[DRUPAL_AUTHENTICATED_RID]); // Can't edit authenticated role.
$add_roles = array();
foreach ($roles as $key => $value) {
$add_roles['add_role-'. $key] = $value;
}
$remove_roles = array();
foreach ($roles as $key => $value) {
$remove_roles['remove_role-'. $key] = $value;
}
$role_operations = array(
t('Add a role to the selected users') => array(
'label' => $add_roles,
),
t('Remove a role from the selected users') => array(
'label' => $remove_roles,
),
);
$operations += $role_operations;
}
// If the form has been posted, we need to insert the proper data for role editing if necessary. // If the form has been posted, we need to insert the proper data for role editing if necessary.
if ($form_values) { if ($form_values) {
$operation_rid = explode('-', $form_values['operation']); $operation_rid = explode('-', $form_values['operation']);
$operation = $operation_rid[0]; $operation = $operation_rid[0];
$rid = $operation_rid[1]; $rid = $operation_rid[1];
if ($operation == 'add_role' || $operation == 'remove_role') { if ($operation == 'add_role' || $operation == 'remove_role') {
$operations[$form_values['operation']] = array( if (user_access('administer access control')) {
'callback' => 'user_multiple_role_edit', $operations[$form_values['operation']] = array(
'callback arguments' => array($operation, $rid), 'callback' => 'user_multiple_role_edit',
); 'callback arguments' => array($operation, $rid),
);
}
else {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
return;
}
} }
} }