Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #9543 by JonBob: added node-level access control!

4.5.x
Dries Buytaert 2004-07-31 09:30:09 +00:00
parent aed1b0ca9e
commit 202eee42a9
25 changed files with 477 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CHANGELOG.txt
View File

@ -1,6 +1,5 @@
Drupal x.x.x, xxxx-xx-xx
------------------------
- navigation:
* made it possible to add, delete, rename and move menu items.
* introduced tabs and subtabs for local tasks.
@ -8,7 +7,9 @@ Drupal x.x.x, xxxx-xx-xx
- user management:
* added support for multiple roles per user.
* made it possible to add custom profile fields.
* made it possible to browse the profiles by field.
* made it possible to browse user profiles by field.
- node system:
* added support for node-level permissions.
- comment module:
* made it possible to comment without having to register.
- forum module:
@ -17,7 +18,8 @@ Drupal x.x.x, xxxx-xx-xx
- syndication:
* added support for RSS ping-notifications of http://technorati.com/.
* refactored the categorization of syndicated news items.
* added URL aliases for 'rss.xml' and 'index.rdf'.
* added an URL alias for 'rss.xml'.
* improved date parsing.
- database backend:
* added support for multiple database connections.
- theme system:
@ -27,8 +29,6 @@ Drupal x.x.x, xxxx-xx-xx
* added 'categories' block.
- blogger API:
* added support for auto-discovery of blogger API via RSD.
- news aggregator:
* improved date parsing.
- performance:
* added support for sending gzip compressed pages.
- accessibility:
@ -38,22 +38,16 @@ Drupal x.x.x, xxxx-xx-xx
- documentation:
* added PHPDoc/Doxygen comments.
Drupal 4.4.2, 2004-07-04
------------------------
- fixed bugs: no critical bugs were identified.
Drupal 4.4.1, 2004-05-01
------------------------
- fixed bugs: no critical bugs were identified.
Drupal 4.4.0, 2004-04-01
------------------------
- added support for the MetaWeblog API and MovableType extensions.
- added a file API: enables better document management.
- improved the watchdog and search module to log search keys.
@ -92,22 +86,16 @@ Drupal 4.4.0, 2004-04-01
- documentation:
* added PHPDoc/Doxygen comments.
Drupal 4.3.2, 2004-01-01
------------------------
- fixed bugs: no critical bugs were identified.
Drupal 4.3.1, 2003-12-01
------------------------
- fixed bugs: no critical bugs were identified.
Drupal 4.3.0, 2003-11-01
------------------------
- added support for configurable URLs.
- added support for sortable table columns.
- database backend:
@ -131,7 +119,6 @@ Drupal 4.3.0, 2003-11-01
Drupal 4.2.0, 2003-08-01
------------------------
- added support for clean URLs.
- added textarea hook and support for onload attributes: enables integration of WYSIWYG editors.
- rewrote the RSS/RDF parser:
@ -159,7 +146,6 @@ Drupal 4.2.0, 2003-08-01
Drupal 4.1.0, 2003-02-01
------------------------
- collaboratively revised and expanded the Drupal documentation.
- rewrote comment.module:
* reintroduced comment rating/moderation.
@ -214,12 +200,11 @@ Drupal 4.0.0, 2002-06-15
* blocks can be set to only show up on some pages.
* merged box module with block module.
- node system:
* fixed node retrieval based on titles.
* blogs can be updated.
* teasers (abstracts) on all node types.
* improved error checking.
* usability improvements.
* content versioning support.
* usability improvements.
- improved book module to support text, HTML and PHP pages.
- improved comment module to mark new comments.
- added a general outliner which will let any node type be linked to a book.

18
database/database.mysql
View File

@ -339,7 +339,21 @@ CREATE TABLE node (
KEY node_changed (changed)
) TYPE=MyISAM;
--
#
# Table structure for table `node_access`
#
CREATE TABLE node_access (
nid int(10) unsigned NOT NULL default '0',
gid int(10) unsigned NOT NULL default '0',
realm varchar(255) NOT NULL default '',
grant_view tinyint(1) unsigned NOT NULL default '0',
grant_update tinyint(1) unsigned NOT NULL default '0',
grant_delete tinyint(1) unsigned NOT NULL default '0',
PRIMARY KEY (nid,gid,realm)
) TYPE=MyISAM;
-
-- Table structure for table 'page'
--
@ -682,3 +696,5 @@ REPLACE blocks SET module = 'user', delta = '0', status = '1';
REPLACE blocks SET module = 'user', delta = '1', status = '1';
INSERT INTO sequences (name, id) VALUES ('menu_mid', 1);
INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);

19
database/updates.inc
View File

@ -65,7 +65,8 @@ $sql_updates = array(
"2004-06-30" => "update_91",
"2004-07-07" => "update_92",
"2004-07-11" => "update_93",
"2004-07-22" => "update_94"
"2004-07-22" => "update_94",
"2004-07-30" => "update_95"
);
function update_32() {
@ -1187,6 +1188,22 @@ function update_94() {
return $ret;
}
function update_95() {
$ret = array();
$ret[] = update_sql("CREATE TABLE node_access (
nid int(10) unsigned NOT NULL default '0',
gid int(10) unsigned NOT NULL default '0',
realm varchar(255) NOT NULL default '',
grant_view tinyint(1) unsigned NOT NULL default '0',
grant_update tinyint(1) unsigned NOT NULL default '0',
grant_delete tinyint(1) unsigned NOT NULL default '0',
PRIMARY KEY (nid,gid,realm)
)");
$ret[] = update_sql("INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);");
return $ret;
}
function update_sql($sql) {
$edit = $_POST["edit"];
$result = db_query($sql);

2
modules/archive.module
View File

@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) {
if ($year && $month && $day) {
// Fetch nodes for the selected date, if one was specified.
$result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20);
$result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20);
while ($nid = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $nid->nid)), 1);

2
modules/archive/archive.module
View File

@ -248,7 +248,7 @@ function archive_page($year = 0, $month = 0, $day = 0) {
if ($year && $month && $day) {
// Fetch nodes for the selected date, if one was specified.
$result = db_query_range('SELECT nid FROM {node} WHERE status = 1 AND created > %d AND created < %d ORDER BY created', $date, $date_end, 0, 20);
$result = db_query_range('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND n.created > %d AND n.created < %d AND '. node_access_where_sql() .' ORDER BY n.created', $date, $date_end, 0, 20);
while ($nid = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $nid->nid)), 1);

21
modules/blog.module
View File

@ -30,22 +30,15 @@ function blog_perm() {
function blog_access($op, $node) {
global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('edit own blog') && $user->uid;
}
if ($op == 'update') {
return user_access('edit own blog') && ($user->uid == $node->uid);
if ($op == 'update' || $op == 'delete') {
if (user_access('edit own blog') && ($user->uid == $node->uid)) {
return TRUE;
}
}
if ($op == 'delete') {
return user_access('edit own blog') && ($user->uid == $node->uid);
}
}
/**
@ -143,7 +136,7 @@ function blog_page_user($uid) {
$title = t("%name's blog", array('%name' => $account->name));
$output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
$result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
}
@ -162,7 +155,7 @@ function blog_page_last() {
$output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10));
$result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
$block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10));
$block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10));
$block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>';
$block['subject'] = t('Recent blog posts');
}

21
modules/blog/blog.module
View File

@ -30,22 +30,15 @@ function blog_perm() {
function blog_access($op, $node) {
global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('edit own blog') && $user->uid;
}
if ($op == 'update') {
return user_access('edit own blog') && ($user->uid == $node->uid);
if ($op == 'update' || $op == 'delete') {
if (user_access('edit own blog') && ($user->uid == $node->uid)) {
return TRUE;
}
}
if ($op == 'delete') {
return user_access('edit own blog') && ($user->uid == $node->uid);
}
}
/**
@ -143,7 +136,7 @@ function blog_page_user($uid) {
$title = t("%name's blog", array('%name' => $account->name));
$output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND uid = %d AND status = 1 ORDER BY sticky DESC, created DESC", variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
$result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE type = 'blog' AND n.uid = %d AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10), 0, NULL, $account->uid);
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
}
@ -162,7 +155,7 @@ function blog_page_last() {
$output = '';
$result = pager_query("SELECT nid FROM {node} WHERE type = 'blog' AND status = 1 ORDER BY created DESC", variable_get('default_nodes_main', 10));
$result = pager_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', variable_get('default_nodes_main', 10));
while ($node = db_fetch_object($result)) {
$output .= node_view(node_load(array('nid' => $node->nid)), 1);
@ -294,7 +287,7 @@ function blog_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
$block['content'] = node_title_list(db_query_range("SELECT n.title, n.nid FROM {node} n WHERE n.type = 'blog' AND n.status = 1 ORDER BY n.created DESC", 0, 10));
$block['content'] = node_title_list(db_query_range('SELECT DISTINCT(n.nid), n.title FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'blog' AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY n.created DESC', 0, 10));
$block['content'] .= '<div class="more-link">'. l(t('more'), 'blog', array('title' => t('Read the latest blog entries.'))) .'</div>';
$block['subject'] = t('Recent blog posts');
}

12
modules/book.module
View File

@ -371,7 +371,7 @@ function book_prev($node) {
*/
function book_next($node) {
// get first direct child
$child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
$child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
if ($child) {
return $child;
}
@ -380,7 +380,7 @@ function book_next($node) {
array_push($path = book_location($node), $node); // Path to top-level node including this one.
while (($leaf = array_pop($path)) && count($path)) {
$next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
$next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
if ($next) {
return $next;
}
@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) {
}
function book_toc($parent = 0, $indent = '', $toc = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title');
$result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
if (!$children[$node->parent]) {
@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) {
}
function book_tree($parent = 0, $depth = 3, $unfold = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title');
$result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
$list = $children[$node->parent] ? $children[$node->parent] : array();
@ -630,7 +630,7 @@ function book_render() {
*/
function book_print($nid = 0, $depth = 1) {
global $base_url;
$result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
$result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
while ($page = db_fetch_object($result)) {
// load the node:
@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) {
}
function book_print_recurse($parent = '', $depth = 1) {
$result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
$result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
while ($page = db_fetch_object($result)) {
// Load the node:

12
modules/book/book.module
View File

@ -371,7 +371,7 @@ function book_prev($node) {
*/
function book_next($node) {
// get first direct child
$child = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
$child = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') ORDER BY b.weight ASC, n.title ASC", $node->nid));
if ($child) {
return $child;
}
@ -380,7 +380,7 @@ function book_next($node) {
array_push($path = book_location($node), $node); // Path to top-level node including this one.
while (($leaf = array_pop($path)) && count($path)) {
$next = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
$next = db_fetch_object(db_query("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND ". node_access_where_sql() ." AND (n.moderate = 0 OR n.revisions != '') AND (b.weight > %d OR (b.weight = %d AND n.title > '%s')) ORDER BY b.weight ASC, n.title ASC", $leaf->parent, $leaf->weight, $leaf->weight, $leaf->title));
if ($next) {
return $next;
}
@ -536,7 +536,7 @@ function book_toc_recurse($nid, $indent, $toc, $children) {
}
function book_toc($parent = 0, $indent = '', $toc = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 ORDER BY b.weight, n.title');
$result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
if (!$children[$node->parent]) {
@ -587,7 +587,7 @@ function book_tree_recurse($nid, $depth, $children, $unfold = array()) {
}
function book_tree($parent = 0, $depth = 3, $unfold = array()) {
$result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.moderate = 0 ORDER BY b.weight, n.title');
$result = db_query('SELECT DISTINCT(n.nid), n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.moderate = 0 ORDER BY b.weight, n.title');
while ($node = db_fetch_object($result)) {
$list = $children[$node->parent] ? $children[$node->parent] : array();
@ -630,7 +630,7 @@ function book_render() {
*/
function book_print($nid = 0, $depth = 1) {
global $base_url;
$result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
$result = db_query('SELECT DISTINCT(n.nid) FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND n.nid = %d AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title', $nid);
while ($page = db_fetch_object($result)) {
// load the node:
@ -660,7 +660,7 @@ function book_print($nid = 0, $depth = 1) {
}
function book_print_recurse($parent = '', $depth = 1) {
$result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
$result = db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {book} b ON n.nid = b.nid WHERE n.status = 1 AND ". node_access_where_sql() ." AND b.parent = '$parent' AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title");
while ($page = db_fetch_object($result)) {
// Load the node:

31
modules/forum.module
View File

@ -36,9 +36,6 @@ function forum_node_name($node) {
* Implementation of hook_access().
*/
function forum_access($op, $node) {
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create forum topics');
}
@ -121,9 +118,9 @@ function forum_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
$content = node_title_list(db_query_range("SELECT n.nid, n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
$content = node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n ". node_access_join_sql() ." LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
$content .= node_title_list(db_query_range("SELECT nid, title FROM {node} WHERE type = 'forum' AND status = 1 ORDER BY nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
$content .= node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY n.nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
if ($content) {
$content .= '<div class="more-link">'. l(t('more'), 'forum', array('title' => t('Read the latest forum topics.'))) .'</div>';
@ -152,7 +149,7 @@ function forum_link($type, $node = 0, $main = 0) {
if (!$main && $type == 'node' && $node->type == 'forum') {
// get previous and next topic
$result = db_query('SELECT n.nid, n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
$result = db_query('SELECT DISTINCT(n.nid), n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
while ($topic = db_fetch_object($result)) {
if ($stop == 1) {
@ -357,27 +354,27 @@ function forum_get_forums($tid = 0) {
}
function _forum_num_topics($term) {
return db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid WHERE f.tid = %d AND n.status = 1 AND f.shadow = 0', $term));
return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND f.shadow = 0', $term));
}
function _forum_num_replies($term) {
return db_result(db_query("SELECT COUNT(*) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND c.status = 0 AND n.type = 'forum'", $term));
return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND '. node_access_where_sql() ." AND c.status = 0 AND n.type = 'forum'", $term));
}
function _forum_topics_read($term, $uid) {
// Calculate the number of topics the user has read. Assume all entries older
// than NODE_NEW_LIMIT are read, and include the recent posts that user has
// read.
$ancient = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid WHERE f.tid = %d AND n.status = 1 AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
$recent = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
$ancient = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
$recent = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
return $ancient + $recent;
}
function _forum_last_post($term) {
$topic = db_fetch_object(db_query_range("SELECT n.nid, n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 ORDER BY timestamp DESC", $term, 0, 1));
$topic = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY timestamp DESC", $term, 0, 1));
$reply = db_fetch_object(db_query_range("SELECT n.nid, c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
$reply = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
$reply->name = $reply->uid ? $reply->name : $reply->anonymous_name;
$value = ($topic->timestamp > $reply->timestamp) ? $topic : $reply;
@ -410,10 +407,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
// show topics with the correct tid, or in the forum but with shadow = 1
// @TODO: this is not ANSI SQL! ("user error: 'n.created' isn't in GROUP BY")
// @TODO: timestamp is a sql reserved word. are there more?
$sql = "SELECT n.nid, n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
$sql = "SELECT DISTINCT(n.nid), n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum'";
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum'";
$result = pager_query($sql, $forum_per_page, 0, $sql_count);
$topic_num = db_num_rows($result);
@ -427,7 +424,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$topic->new = 0;
}
else {
$topic->new_replies = db_result(db_query('SELECT COUNT(c.nid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
$topic->new_replies = db_result(db_query('SELECT COUNT(DISTINCT(c.nid)) FROM {node} n '. node_access_join_sql() .' INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
$topic->new = $topic->new_replies || ($topic->timestamp > $history);
}
}
@ -446,12 +443,12 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
function _forum_new($tid) {
global $user;
$result = db_query("SELECT n.nid FROM {node} n, {history} h, {forum} f WHERE n.type = 'forum' AND n.status = 1 AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
$result = db_query("SELECT DISTINCT(n.nid) FROM {node} n, {history} h, {forum} f ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
while ($r = db_fetch_object($result)) {
$read[] = $r->nid;
}
$nid = db_result(db_query_range("SELECT n.nid FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
$nid = db_result(db_query_range("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND ". node_access_where_sql() ." AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
return $nid ? $nid : 0;
}

31
modules/forum/forum.module
View File

@ -36,9 +36,6 @@ function forum_node_name($node) {
* Implementation of hook_access().
*/
function forum_access($op, $node) {
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create forum topics');
}
@ -121,9 +118,9 @@ function forum_block($op = 'list', $delta = 0) {
}
else {
if (user_access('access content')) {
$content = node_title_list(db_query_range("SELECT n.nid, n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
$content = node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title, GREATEST(n.created, MAX(c.timestamp)) AS sort FROM {node} n ". node_access_join_sql() ." LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.created ORDER BY sort DESC", 0, variable_get('forum_block_num', '5')), t('Active forum topics:'));
$content .= node_title_list(db_query_range("SELECT nid, title FROM {node} WHERE type = 'forum' AND status = 1 ORDER BY nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
$content .= node_title_list(db_query_range("SELECT DISTINCT(n.nid), n.title FROM {node} n ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY n.nid DESC", 0, variable_get('forum_block_num', '5')), t('New forum topics:'));
if ($content) {
$content .= '<div class="more-link">'. l(t('more'), 'forum', array('title' => t('Read the latest forum topics.'))) .'</div>';
@ -152,7 +149,7 @@ function forum_link($type, $node = 0, $main = 0) {
if (!$main && $type == 'node' && $node->type == 'forum') {
// get previous and next topic
$result = db_query('SELECT n.nid, n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
$result = db_query('SELECT DISTINCT(n.nid), n.title, n.sticky, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments FROM {node} n '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = f.nid AND f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.created ORDER BY n.sticky DESC, '. _forum_get_topic_order(isset($user->sortby) ? $user->sortby : variable_get('forum_order', 1)), $node->tid);
while ($topic = db_fetch_object($result)) {
if ($stop == 1) {
@ -357,27 +354,27 @@ function forum_get_forums($tid = 0) {
}
function _forum_num_topics($term) {
return db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid WHERE f.tid = %d AND n.status = 1 AND f.shadow = 0', $term));
return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND f.shadow = 0', $term));
}
function _forum_num_replies($term) {
return db_result(db_query("SELECT COUNT(*) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND c.status = 0 AND n.type = 'forum'", $term));
return db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) AS count FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid '. node_access_join_sql() .' INNER JOIN {forum} f ON n.nid = f.nid WHERE f.tid = %d AND n.nid = f.nid AND n.nid = c.nid AND n.status = 1 AND '. node_access_where_sql() ." AND c.status = 0 AND n.type = 'forum'", $term));
}
function _forum_topics_read($term, $uid) {
// Calculate the number of topics the user has read. Assume all entries older
// than NODE_NEW_LIMIT are read, and include the recent posts that user has
// read.
$ancient = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid WHERE f.tid = %d AND n.status = 1 AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
$recent = db_result(db_query('SELECT COUNT(*) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
$ancient = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' WHERE f.tid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND n.created <= %d AND f.shadow = 0', $term, NODE_NEW_LIMIT));
$recent = db_result(db_query('SELECT COUNT(DISTINCT(n.nid)) FROM {forum} f INNER JOIN {node} n ON f.nid = n.nid '. node_access_join_sql() .' INNER JOIN {history} h ON n.nid = h.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND f.tid = %d AND h.uid = %d AND n.created > %d AND f.shadow = 0', $term, $uid, NODE_NEW_LIMIT));
return $ancient + $recent;
}
function _forum_last_post($term) {
$topic = db_fetch_object(db_query_range("SELECT n.nid, n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 ORDER BY timestamp DESC", $term, 0, 1));
$topic = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), n.created AS timestamp, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." ORDER BY timestamp DESC", $term, 0, 1));
$reply = db_fetch_object(db_query_range("SELECT n.nid, c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
$reply = db_fetch_object(db_query_range("SELECT DISTINCT(n.nid), c.timestamp, c.name AS anonymous_name, u.name AS name, u.uid AS uid FROM {forum} f INNER JOIN {node} n ON n.nid = f.nid ". node_access_join_sql() ." INNER JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON c.uid = u.uid WHERE f.tid = %d AND n.nid = f.nid AND n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND c.status = 0 ORDER BY c.timestamp DESC", $term, 0, 1));
$reply->name = $reply->uid ? $reply->name : $reply->anonymous_name;
$value = ($topic->timestamp > $reply->timestamp) ? $topic : $reply;
@ -410,10 +407,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
// show topics with the correct tid, or in the forum but with shadow = 1
// @TODO: this is not ANSI SQL! ("user error: 'n.created' isn't in GROUP BY")
// @TODO: timestamp is a sql reserved word. are there more?
$sql = "SELECT n.nid, n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
$sql = "SELECT DISTINCT(n.nid), n.title, n.sticky, u.name AS name, u.uid AS uid, n.created AS timestamp, GREATEST(n.created, MAX(c.timestamp)) AS date_sort, COUNT(c.nid) AS num_comments, n.comment AS comment_mode, f.tid FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {forum} f ON n.nid = f.nid WHERE n.nid = r.nid AND ((r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum' GROUP BY n.nid, n.title, u.name, u.uid, n.created, n.comment, f.tid";
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND n.type = 'forum'";
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid INNER JOIN {term_node} r ON n.nid = r.nid WHERE n.nid = r.nid AND ( (r.tid = $check_tid AND f.shadow = 1) OR f.tid = $check_tid) AND n.status = 1 AND ". node_access_where_sql() ." AND n.type = 'forum'";
$result = pager_query($sql, $forum_per_page, 0, $sql_count);
$topic_num = db_num_rows($result);
@ -427,7 +424,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$topic->new = 0;
}
else {
$topic->new_replies = db_result(db_query('SELECT COUNT(c.nid) FROM {node} n INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
$topic->new_replies = db_result(db_query('SELECT COUNT(DISTINCT(c.nid)) FROM {node} n '. node_access_join_sql() .' INNER JOIN {comments} c ON n.nid = c.nid WHERE n.nid = %d AND n.status = 1 AND '. node_access_where_sql() .' AND c.status = 0 AND c.timestamp > %d', $topic->nid, $history));
$topic->new = $topic->new_replies || ($topic->timestamp > $history);
}
}
@ -446,12 +443,12 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
function _forum_new($tid) {
global $user;
$result = db_query("SELECT n.nid FROM {node} n, {history} h, {forum} f WHERE n.type = 'forum' AND n.status = 1 AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
$result = db_query("SELECT DISTINCT(n.nid) FROM {node} n, {history} h, {forum} f ". node_access_join_sql() ." WHERE n.type = 'forum' AND n.status = 1 AND ". node_access_where_sql() ." AND h.nid = n.nid AND f.nid = h.nid AND f.tid = %d AND h.uid = %d", $tid, $user->uid);
while ($r = db_fetch_object($result)) {
$read[] = $r->nid;
}
$nid = db_result(db_query_range("SELECT n.nid FROM {node} n INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
$nid = db_result(db_query_range("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {forum} f ON n.nid = f.nid WHERE n.type = 'forum' AND f.nid = n.nid AND n.status = 1 AND ". node_access_where_sql() ." AND f.tid = %d ". ($read ? 'AND NOT (n.nid IN ('. implode(',', $read) .')) ' : '') .'ORDER BY created', $tid, 0, 1));
return $nid ? $nid : 0;
}

207
modules/node.module
View File

@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) {
* Generate a page displaying a single node, along with its comments.
*/
function node_show($node, $cid) {
if (node_access('view', $node)) {
$output = node_view($node, FALSE, TRUE);
$output = node_view($node, FALSE, TRUE);
if (function_exists('comment_render') && $node->comment) {
$output .= comment_render($node, $cid);
}
// Update the history table, stating that this user viewed this node.
node_tag_new($node->nid);
return $output;
}
else {
drupal_set_message(message_access());
}
}
/**
* Determine whether the current user may perform the given operation on the
* specified node.
*/
function node_access($op, $node = NULL) {
if (user_access('administer nodes')) {
return TRUE;
if (function_exists('comment_render') && $node->comment) {
$output .= comment_render($node, $cid);
}
// Convert the node to an object if necessary:
$node = array2object($node);
// Update the history table, stating that this user viewed this node.
node_tag_new($node->nid);
// Can't use node_invoke(), because the access hook takes the $op parameter
// before the $node parameter.
return module_invoke(node_get_module_name($node), 'access', $op, $node);
return $output;
}
/**
@ -585,7 +563,7 @@ function node_perm() {
* created, uid, name, and count.
*/
function node_search($keys) {
$find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "select s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1"));
$find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "SELECT DISTINCT s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1 AND ". node_access_where_sql()));
return array(t('Matching nodes ranked in order of relevance'), $find);
}
@ -678,7 +656,7 @@ function node_menu() {
$items[] = array('path' => 'node/'. arg(1), 'title' => t('view'),
'callback' => 'node_page',
'access' => user_access('access content'),
'access' => node_access('view', $node),
'type' => MENU_CALLBACK);
$items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'),
'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
@ -1281,12 +1259,7 @@ function node_edit($id) {
drupal_set_title($node->title);
if (node_access('update', $node)) {
$output = node_form($node);
}
else {
$output = message_access();
}
$output = node_form($node);
return $output;
}
@ -1423,7 +1396,7 @@ function node_delete($edit) {
* Generate a listing of promoted nodes.
*/
function node_page_default() {
$result = pager_query('SELECT nid, type FROM {node} WHERE promote = 1 AND status = 1 ORDER BY sticky DESC, created DESC', variable_get('default_nodes_main', 10));
$result = pager_query('SELECT DISTINCT(n.nid), n.type FROM {node} n '. node_access_join_sql() .' WHERE n.promote = 1 AND n.status = 1 AND '. node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10));
if (db_num_rows($result)) {
drupal_set_html_head('<link rel="alternate" type="application/rss+xml" title="RSS" href="'. url('node/feed', NULL, NULL, TRUE) .'" />');
@ -1546,4 +1519,164 @@ function node_nodeapi(&$node, $op, $arg = 0) {
}
}
/**
* @defgroup node_access Node access rights
* @{
* The node access system determines who can do what to which nodes.
*
* In determining access rights for a node, node_access() first checks
* whether the user has the "administer nodes" permission. Such users have
* unrestricted access to all nodes. Then the node module's hook_access()
* is called, and a TRUE or FALSE return value will grant or deny access.
* This allows, for example, the blog module to always grant access to the
* blog author, and for the book module to always deny editing access to
* PHP pages.
*
* If node module does not intervene (returns NULL), then the
* node_access table is used to determine access. All node access
* modules are queried using hook_node_grants() to assemble a list of
* "grant IDs" for the user. This list is compared against the table.
* If any row contains the node ID in question (or 0, which stands for "all
* nodes"), one of the grant IDs returned, and a value of TRUE for the
* operation in question, then access is granted. Note that this table is a
* list of grants; any matching row is sufficient to grant access to the
* node.
*
* In node listings, the process above is followed except that
* hook_access() is not called on each node for performance reasons and for
* proper functioning of the pager system. When adding a node listing to your
* module, be sure to use node_access_join_sql() and node_access_where_sql() to add
* the appropriate clauses to your query for access checks.
*
* To see how to write a node access module of your own, see
* node_access_example.module.
*/
/**
* Determine whether the current user may perform the given operation on the
* specified node.
*
* @param $op
* The operation to be performed on the node. Possible values are:
* - "view"
* - "update"
* - "delete"
* @param $node
* The node object (or node array) on which the operation is to be performed.
* @return
* TRUE if the operation may be performed.
*/
function node_access($op, $node = NULL) {
if (user_access('administer nodes')) {
return TRUE;
}
// Convert the node to an object if necessary:
$node = array2object($node);
// Can't use node_invoke(), because the access hook takes the $op parameter
// before the $node parameter.
$access = module_invoke(node_get_module_name($node), 'access', $op, $node);
if (!is_null($access)) {
return $access;
}
// If the module did not override the access rights, use those set in the
// node_access table.
if ($node->nid && $node->status) {
$sql = 'SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) AND CONCAT(realm, gid) IN (';
$grants = array();
foreach (node_access_grants($op, $uid) as $realm => $gids) {
foreach ($gids as $gid) {
$grants[] = "'". $realm . $gid ."'";
}
}
$sql .= implode(',', $grants) .') AND grant_'. $op .' = 1';
$result = db_query($sql, $nid);
return (db_result($result));
}
return FALSE;
}
/**
* Generate an SQL join clause for use in fetching a node listing.
*
* @param $node_alias
* If the node table has been given an SQL alias other than the default
* "n", that must be passed here.
* @param $node_access_alias
* If the node_access table has been given an SQL alias other than the default
* "na", that must be passed here.
* @return
* An SQL join clause.
*/
function node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
if (user_access('administer nodes')) {
return '';
}
$sql = 'INNER JOIN {node_access} '. $node_access_alias;
$sql .= ' ON ('. $node_access_alias .'.nid = 0 OR '. $node_access_alias .'.nid = '. $node_alias .'.nid)';
return $sql;
}
/**
* Generate an SQL where clause for use in fetching a node listing.
*
* @param $op
* The operation that must be allowed to return a node.
* @param $node_access_alias
* If the node_access table has been given an SQL alias other than the default
* "na", that must be passed here.
* @return
* An SQL where clause.
*/
function node_access_where_sql($op = 'view', $node_access_alias = 'na') {
if (user_access('administer nodes')) {
return '1';
}
$sql = $node_access_alias .'.grant_'. $op .' = 1 AND CONCAT('. $node_access_alias .'.realm, '. $node_access_alias .'.gid) IN (';
$grants = array();
foreach (node_access_grants($op) as $realm => $gids) {
foreach ($gids as $gid) {
$grants[] = "'". $realm . $gid ."'";
}
}
$sql .= implode(',', $grants) .')';
return $sql;
}
/**
* Fetch an array of permission IDs granted to the given user ID.
*
* The implementation here provides only the universal "all" grant. A node
* access module should implement hook_node_grants() to provide a grant
* list for the user.
*
* @param $op
* The operation that the user is trying to perform.
* @param $uid
* The user ID performing the operation. If omitted, the current user is used.
* @return
* An associative array in which the keys are realms, and the values are
* arrays of grants for those realms.
*/
function node_access_grants($op, $uid = NULL) {
global $user;
if (isset($uid)) {
$user_object = user_load(array('uid' => $uid));
}
else {
$user_object = $user;
}
return array_merge(array('all' => array(0)), module_invoke_all('node_grants', $user_object, $op));
}
/**
* @} end of defgroup node_access
*/
?>

207
modules/node/node.module
View File

@ -522,38 +522,16 @@ function node_prepare($node, $teaser = FALSE) {
* Generate a page displaying a single node, along with its comments.
*/
function node_show($node, $cid) {
if (node_access('view', $node)) {
$output = node_view($node, FALSE, TRUE);
$output = node_view($node, FALSE, TRUE);
if (function_exists('comment_render') && $node->comment) {
$output .= comment_render($node, $cid);
}
// Update the history table, stating that this user viewed this node.
node_tag_new($node->nid);
return $output;
}
else {
drupal_set_message(message_access());
}
}
/**
* Determine whether the current user may perform the given operation on the
* specified node.
*/
function node_access($op, $node = NULL) {
if (user_access('administer nodes')) {
return TRUE;
if (function_exists('comment_render') && $node->comment) {
$output .= comment_render($node, $cid);
}
// Convert the node to an object if necessary:
$node = array2object($node);
// Update the history table, stating that this user viewed this node.
node_tag_new($node->nid);
// Can't use node_invoke(), because the access hook takes the $op parameter
// before the $node parameter.
return module_invoke(node_get_module_name($node), 'access', $op, $node);
return $output;
}
/**
@ -585,7 +563,7 @@ function node_perm() {
* created, uid, name, and count.
*/
function node_search($keys) {
$find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "select s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1"));
$find = do_search(array('keys' => $keys, 'type' => 'node', 'select' => "SELECT DISTINCT s.lno as lno, n.title as title, n.created as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {node} n ". node_access_join_sql() ." INNER JOIN {users} u ON n.uid = u.uid WHERE s.lno = n.nid AND s.type = 'node' AND s.word like '%' AND n.status = 1 AND ". node_access_where_sql()));
return array(t('Matching nodes ranked in order of relevance'), $find);
}
@ -678,7 +656,7 @@ function node_menu() {
$items[] = array('path' => 'node/'. arg(1), 'title' => t('view'),
'callback' => 'node_page',
'access' => user_access('access content'),
'access' => node_access('view', $node),
'type' => MENU_CALLBACK);
$items[] = array('path' => 'node/'. arg(1) .'/view', 'title' => t('view'),
'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
@ -1281,12 +1259,7 @@ function node_edit($id) {
drupal_set_title($node->title);
if (node_access('update', $node)) {
$output = node_form($node);
}
else {
$output = message_access();
}
$output = node_form($node);
return $output;
}
@ -1423,7 +1396,7 @@ function node_delete($edit) {
* Generate a listing of promoted nodes.
*/
function node_page_default() {
$result = pager_query('SELECT nid, type FROM {node} WHERE promote = 1 AND status = 1 ORDER BY sticky DESC, created DESC', variable_get('default_nodes_main', 10));
$result = pager_query('SELECT DISTINCT(n.nid), n.type FROM {node} n '. node_access_join_sql() .' WHERE n.promote = 1 AND n.status = 1 AND '. node_access_where_sql() .' ORDER BY n.sticky DESC, n.created DESC', variable_get('default_nodes_main', 10));
if (db_num_rows($result)) {
drupal_set_html_head('<link rel="alternate" type="application/rss+xml" title="RSS" href="'. url('node/feed', NULL, NULL, TRUE) .'" />');
@ -1546,4 +1519,164 @@ function node_nodeapi(&$node, $op, $arg = 0) {
}
}
/**
* @defgroup node_access Node access rights
* @{
* The node access system determines who can do what to which nodes.
*
* In determining access rights for a node, node_access() first checks
* whether the user has the "administer nodes" permission. Such users have
* unrestricted access to all nodes. Then the node module's hook_access()
* is called, and a TRUE or FALSE return value will grant or deny access.
* This allows, for example, the blog module to always grant access to the
* blog author, and for the book module to always deny editing access to
* PHP pages.
*
* If node module does not intervene (returns NULL), then the
* node_access table is used to determine access. All node access
* modules are queried using hook_node_grants() to assemble a list of
* "grant IDs" for the user. This list is compared against the table.
* If any row contains the node ID in question (or 0, which stands for "all
* nodes"), one of the grant IDs returned, and a value of TRUE for the
* operation in question, then access is granted. Note that this table is a
* list of grants; any matching row is sufficient to grant access to the
* node.
*
* In node listings, the process above is followed except that
* hook_access() is not called on each node for performance reasons and for
* proper functioning of the pager system. When adding a node listing to your
* module, be sure to use node_access_join_sql() and node_access_where_sql() to add
* the appropriate clauses to your query for access checks.
*
* To see how to write a node access module of your own, see
* node_access_example.module.
*/
/**
* Determine whether the current user may perform the given operation on the
* specified node.
*
* @param $op
* The operation to be performed on the node. Possible values are:
* - "view"
* - "update"
* - "delete"
* @param $node
* The node object (or node array) on which the operation is to be performed.
* @return
* TRUE if the operation may be performed.
*/
function node_access($op, $node = NULL) {
if (user_access('administer nodes')) {
return TRUE;
}
// Convert the node to an object if necessary:
$node = array2object($node);
// Can't use node_invoke(), because the access hook takes the $op parameter
// before the $node parameter.
$access = module_invoke(node_get_module_name($node), 'access', $op, $node);
if (!is_null($access)) {
return $access;
}
// If the module did not override the access rights, use those set in the
// node_access table.
if ($node->nid && $node->status) {
$sql = 'SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) AND CONCAT(realm, gid) IN (';
$grants = array();
foreach (node_access_grants($op, $uid) as $realm => $gids) {
foreach ($gids as $gid) {
$grants[] = "'". $realm . $gid ."'";
}
}
$sql .= implode(',', $grants) .') AND grant_'. $op .' = 1';
$result = db_query($sql, $nid);
return (db_result($result));
}
return FALSE;
}
/**
* Generate an SQL join clause for use in fetching a node listing.
*
* @param $node_alias
* If the node table has been given an SQL alias other than the default
* "n", that must be passed here.
* @param $node_access_alias
* If the node_access table has been given an SQL alias other than the default
* "na", that must be passed here.
* @return
* An SQL join clause.
*/
function node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
if (user_access('administer nodes')) {
return '';
}
$sql = 'INNER JOIN {node_access} '. $node_access_alias;
$sql .= ' ON ('. $node_access_alias .'.nid = 0 OR '. $node_access_alias .'.nid = '. $node_alias .'.nid)';
return $sql;
}
/**
* Generate an SQL where clause for use in fetching a node listing.
*
* @param $op
* The operation that must be allowed to return a node.
* @param $node_access_alias
* If the node_access table has been given an SQL alias other than the default
* "na", that must be passed here.
* @return
* An SQL where clause.
*/
function node_access_where_sql($op = 'view', $node_access_alias = 'na') {
if (user_access('administer nodes')) {
return '1';
}
$sql = $node_access_alias .'.grant_'. $op .' = 1 AND CONCAT('. $node_access_alias .'.realm, '. $node_access_alias .'.gid) IN (';
$grants = array();
foreach (node_access_grants($op) as $realm => $gids) {
foreach ($gids as $gid) {
$grants[] = "'". $realm . $gid ."'";
}
}
$sql .= implode(',', $grants) .')';
return $sql;
}
/**
* Fetch an array of permission IDs granted to the given user ID.
*
* The implementation here provides only the universal "all" grant. A node
* access module should implement hook_node_grants() to provide a grant
* list for the user.
*
* @param $op
* The operation that the user is trying to perform.
* @param $uid
* The user ID performing the operation. If omitted, the current user is used.
* @return
* An associative array in which the keys are realms, and the values are
* arrays of grants for those realms.
*/
function node_access_grants($op, $uid = NULL) {
global $user;
if (isset($uid)) {
$user_object = user_load(array('uid' => $uid));
}
else {
$user_object = $user;
}
return array_merge(array('all' => array(0)), module_invoke_all('node_grants', $user_object, $op));
}
/**
* @} end of defgroup node_access
*/
?>

14
modules/page.module
View File

@ -41,20 +41,14 @@ function page_node_name($node) {
function page_access($op, $node) {
global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create pages');
}
if ($op == 'update') {
return user_access('edit own pages') && ($user->uid == $node->uid);
}
if ($op == 'delete') {
return user_access('edit own pages') && ($user->uid == $node->uid);
if ($op == 'update' || $op == 'delete') {
if (user_access('edit own pages') && ($user->uid == $node->uid)) {
return TRUE;
}
}
}

14
modules/page/page.module
View File

@ -41,20 +41,14 @@ function page_node_name($node) {
function page_access($op, $node) {
global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create pages');
}
if ($op == 'update') {
return user_access('edit own pages') && ($user->uid == $node->uid);
}
if ($op == 'delete') {
return user_access('edit own pages') && ($user->uid == $node->uid);
if ($op == 'update' || $op == 'delete') {
if (user_access('edit own pages') && ($user->uid == $node->uid)) {
return TRUE;
}
}
}

8
modules/poll.module
View File

@ -27,10 +27,6 @@ function poll_help($section) {
* Implementation of hook_access().
*/
function poll_access($op, $node) {
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create polls');
}
@ -49,7 +45,7 @@ function poll_block($op = 'list', $delta = 0) {
}
else {
// Retrieve the latest poll.
$timestamp = db_result(db_query("SELECT MAX(created) FROM {node} WHERE type = 'poll' AND status = '1' AND moderate = '0'"));
$timestamp = db_result(db_query('SELECT MAX(n.created) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'poll' AND n.status = 1 AND ". node_access_where_sql() .' AND n.moderate = 0'));
if ($timestamp) {
$poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'moderate' => 0, 'status' => 1));
@ -270,7 +266,7 @@ function poll_node_name($node) {
function poll_page() {
// List all polls
$result = pager_query("SELECT n.nid, n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = '1' AND moderate = '0' GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
$result = pager_query("SELECT DISTINCT(n.nid), n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n ". node_access_join_sql() ." INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND ". node_access_where_sql() ." AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
$output = '<ul>';
while ($node = db_fetch_object($result)) {
$output .= '<li>'. l($node->title, "node/$node->nid") .' - '. format_plural($node->votes, '1 vote', '%count votes') .' - '. ($node->active ? t('open') : t('closed')) .'</li>';

8
modules/poll/poll.module
View File

@ -27,10 +27,6 @@ function poll_help($section) {
* Implementation of hook_access().
*/
function poll_access($op, $node) {
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create polls');
}
@ -49,7 +45,7 @@ function poll_block($op = 'list', $delta = 0) {
}
else {
// Retrieve the latest poll.
$timestamp = db_result(db_query("SELECT MAX(created) FROM {node} WHERE type = 'poll' AND status = '1' AND moderate = '0'"));
$timestamp = db_result(db_query('SELECT MAX(n.created) FROM {node} n '. node_access_join_sql() ." WHERE n.type = 'poll' AND n.status = 1 AND ". node_access_where_sql() .' AND n.moderate = 0'));
if ($timestamp) {
$poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'moderate' => 0, 'status' => 1));
@ -270,7 +266,7 @@ function poll_node_name($node) {
function poll_page() {
// List all polls
$result = pager_query("SELECT n.nid, n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = '1' AND moderate = '0' GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
$result = pager_query("SELECT DISTINCT(n.nid), n.title, p.active, SUM(c.chvotes) AS votes FROM {node} n ". node_access_join_sql() ." INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND ". node_access_where_sql() ." AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC", 15);
$output = '<ul>';
while ($node = db_fetch_object($result)) {
$output .= '<li>'. l($node->title, "node/$node->nid") .' - '. format_plural($node->votes, '1 vote', '%count votes') .' - '. ($node->active ? t('open') : t('closed')) .'</li>';

14
modules/story.module
View File

@ -55,20 +55,14 @@ function story_perm() {
function story_access($op, $node) {
global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create stories');
}
if ($op == 'update') {
return user_access('edit own stories') && ($user->uid == $node->uid);
}
if ($op == 'delete') {
return user_access('edit own stories') && ($user->uid == $node->uid);
if ($op == 'update' || $op == 'delete') {
if (user_access('edit own stories') && ($user->uid == $node->uid)) {
return TRUE;
}
}
}

14
modules/story/story.module
View File

@ -55,20 +55,14 @@ function story_perm() {
function story_access($op, $node) {
global $user;
if ($op == 'view') {
return $node->status;
}
if ($op == 'create') {
return user_access('create stories');
}
if ($op == 'update') {
return user_access('edit own stories') && ($user->uid == $node->uid);
}
if ($op == 'delete') {
return user_access('edit own stories') && ($user->uid == $node->uid);
if ($op == 'update' || $op == 'delete') {
if (user_access('edit own stories') && ($user->uid == $node->uid)) {
return TRUE;
}
}
}

8
modules/taxonomy.module
View File

@ -771,14 +771,14 @@ function _prepare_insert($data, $stage) {
function taxonomy_select_nodes($taxonomy, $pager = TRUE) {
if ($taxonomy->str_tids) {
if ($taxonomy->operator == 'or') {
$sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 ORDER BY sticky DESC, created DESC";
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1";
$sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY sticky DESC, created DESC';
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql();
}
else {
$sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
$sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
// Special trick as we could not find anything better:
$count = db_num_rows(db_query("SELECT n.nid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
$count = db_num_rows(db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
$sql_count = "SELECT $count";
}

8
modules/taxonomy/taxonomy.module
View File

@ -771,14 +771,14 @@ function _prepare_insert($data, $stage) {
function taxonomy_select_nodes($taxonomy, $pager = TRUE) {
if ($taxonomy->str_tids) {
if ($taxonomy->operator == 'or') {
$sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 ORDER BY sticky DESC, created DESC";
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1";
$sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.sticky, n.created, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() .' ORDER BY sticky DESC, created DESC';
$sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql();
}
else {
$sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
$sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, u.name FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid INNER JOIN {users} u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ". count($taxonomy->tids) ." ORDER BY sticky DESC, created DESC";
// Special trick as we could not find anything better:
$count = db_num_rows(db_query("SELECT n.nid FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
$count = db_num_rows(db_query("SELECT DISTINCT(n.nid) FROM {node} n ". node_access_join_sql() ." INNER JOIN {term_node} r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = 1 AND ". node_access_where_sql() ." GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
$sql_count = "SELECT $count";
}

5
modules/tracker.module
View File

@ -44,11 +44,10 @@ function tracker_page($uid = 0) {
$output .= '';
if ($uid) {
$result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
$result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
}
else {
$result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(nid) FROM {node} WHERE status = 1');
$result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND '. node_access_where_sql());
}
while ($node = db_fetch_object($result)) {

5
modules/tracker/tracker.module
View File

@ -44,11 +44,10 @@ function tracker_page($uid = 0) {
$output .= '';
if ($uid) {
$result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
$result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND '. node_access_where_sql() .' AND (n.uid = %d OR c.uid = %d)', $uid, $uid);
}
else {
$result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(nid) FROM {node} WHERE status = 1');
$result = pager_query('SELECT DISTINCT(n.nid), n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n '. node_access_join_sql() .' LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND '. node_access_where_sql() .' GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. node_access_join_sql() .' WHERE n.status = 1 AND '. node_access_where_sql());
}
while ($node = db_fetch_object($result)) {

8
modules/user.module
View File

@ -266,7 +266,7 @@ function user_access($string) {
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if ($perm === 0) {
$result = db_query('SELECT DISTINCT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
$result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
while ($row = db_fetch_object($result)) {
$perm .= "$row->perm, ";
@ -520,8 +520,8 @@ function user_block($op = 'list', $delta = 0) {
$time_period = variable_get('user_block_seconds_online', 2700);
// Perform database queries to gather online user lists.
$guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
$users = db_query('SELECT DISTINCT uid, MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
$guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT(sid)) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
$users = db_query('SELECT DISTINCT(uid), MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
$total_users = db_num_rows($users);
// Format the output with proper grammar.
@ -1423,7 +1423,7 @@ function user_admin_role($edit = array()) {
db_query('DELETE FROM {permission} WHERE rid = %d', $id);
// Update the users who have this role set:
$result = db_query('SELECT DISTINCT ur1.uid FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
$result = db_query('SELECT DISTINCT(ur1.uid) FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
$uid = array();
while ($u = db_fetch_object($result)) {

8
modules/user/user.module
View File

@ -266,7 +266,7 @@ function user_access($string) {
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if ($perm === 0) {
$result = db_query('SELECT DISTINCT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
$result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
while ($row = db_fetch_object($result)) {
$perm .= "$row->perm, ";
@ -520,8 +520,8 @@ function user_block($op = 'list', $delta = 0) {
$time_period = variable_get('user_block_seconds_online', 2700);
// Perform database queries to gather online user lists.
$guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT sid) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
$users = db_query('SELECT DISTINCT uid, MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
$guests = db_fetch_object(db_query('SELECT COUNT(DISTINCT(sid)) AS count FROM {sessions} WHERE timestamp >= %d AND uid = 0', time() - $time_period));
$users = db_query('SELECT DISTINCT(uid), MAX(timestamp) AS max_timestamp FROM {sessions} WHERE timestamp >= %d AND uid != 0 GROUP BY uid ORDER BY max_timestamp DESC', time() - $time_period );
$total_users = db_num_rows($users);
// Format the output with proper grammar.
@ -1423,7 +1423,7 @@ function user_admin_role($edit = array()) {
db_query('DELETE FROM {permission} WHERE rid = %d', $id);
// Update the users who have this role set:
$result = db_query('SELECT DISTINCT ur1.uid FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
$result = db_query('SELECT DISTINCT(ur1.uid) FROM {users_roles} ur1 LEFT JOIN {users_roles} ur2 ON ur2.uid = ur1.uid WHERE ur1.rid = %d AND ur2.rid != ur1.rid', $id);
$uid = array();
while ($u = db_fetch_object($result)) {