Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Another batch of updates/improvements: 

+ introduced basic node permissions ("create", "delete", "update" and
     "view") at the node level: it's up to the "<$node->type>_module" to
     hide gory details (if any).

   + made the "blog it"-feature in the blog and import module work with
     the new node system, in specific with the new centralized forms.

   + made it possible to update blogs.

   + made the page module work with the new node system.

   + various smaller improvements.
4.0.x
Dries Buytaert 2001-11-01 17:04:20 +00:00
parent 3d47ad359d
commit 23ca7a2d88
18 changed files with 562 additions and 267 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
includes/node.inc
View File

@ -1,31 +1,10 @@
<?php
// $Id$
/*
** Loading and storing nodes:
** - load: called when a node is being loaded
** - save: called before a node gets saved and used to define default
** values
** - insert: called when inserting a node to the node table
** - delete: called when deleting a node from the node table
** - update: called when updating a node in the noe table
**
** Viewing and editing nodes:
** - view: called to display a node on the screen
** - form: called to display a node's form
**
** - status
*/
// TODO: still used by themes, yet doesn't return anything at the moment
function node_index() {
}
function node_access($node) {
global $user;
return ($node->status == 1) || user_access("administer nodes");
}
function node_get_comments($nid) {
$comment = db_fetch_object(db_query("SELECT COUNT(c.lid) AS number FROM node n LEFT JOIN comments c ON n.nid = c.lid WHERE n.nid = '$nid' GROUP BY n.nid"));
return $comment->number ? $comment->number : 0;
@ -210,21 +189,21 @@ function node_save($node, $filter) {
}
function node_delete($conditions) {
function node_delete($node) {
if ($node = node_load($conditions)) {
// delete the node and its comments:
db_query("DELETE FROM node WHERE nid = '$node->nid'");
db_query("DELETE FROM comments WHERE lid = '$node->nid'");
db_query("DELETE FROM moderate WHERE nid = '$node->nid'");
// call the node specific callback (if any):
module_invoke($node->type, "delete", &$node);
watchdog("special", "node: deleted '$node->title'");
if (is_array($node)) {
$node = node_object($node);
}
// delete the node and its comments:
db_query("DELETE FROM node WHERE nid = '$node->nid'");
db_query("DELETE FROM comments WHERE lid = '$node->nid'");
db_query("DELETE FROM moderate WHERE nid = '$node->nid'");
// call the node specific callback (if any):
module_invoke($node->type, "delete", &$node);
watchdog("special", "node: deleted '$node->title'");
}
function node_view($node, $main = 0) {

6
modules/aggregator.module
View File

@ -497,7 +497,7 @@ function import_page_last() {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>";
if ($item->link) {
@ -530,7 +530,7 @@ function import_page_feed($fid) {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"$item->link\">". t("visit") ."</a>";
if ($item->link) {
@ -564,7 +564,7 @@ function import_page_bundle($bid) {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>";
$links[] = "<a href=\"$item->link\">". t("visit") ."</a>";

6
modules/aggregator/aggregator.module
View File

@ -497,7 +497,7 @@ function import_page_last() {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>";
if ($item->link) {
@ -530,7 +530,7 @@ function import_page_feed($fid) {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"$item->link\">". t("visit") ."</a>";
if ($item->link) {
@ -564,7 +564,7 @@ function import_page_bundle($bid) {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>";
$links[] = "<a href=\"$item->link\">". t("visit") ."</a>";

64
modules/blog.module
View File

@ -1,6 +1,35 @@
<?php
// $Id$
function blog_node($field) {
global $user;
$info = array("name" => "personal blog");
return $info[$field];
}
function blog_access($op, $node) {
global $user;
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
if ($op == "create") {
return $user->uid;
}
if ($op == "update") {
return user_access("administer nodes") || ($user->uid == $node->uid);
}
if ($op == "delete") {
return user_access("administer nodes") || ($user->uid == $node->uid);
}
}
function blog_help() {
?>
<p>Drupal's blog module allows registered users to maintain an online blog or diary. It provides easy-to-write and easy-to-read online diaries or journals that can be filled with daily thoughts, poetry, boneless blabber, spiritual theories, intimate details, valuable experiences, cynical rants, semi-coherent comments, writing experiments, artistic babblings, critics on current facts, fresh insights, diverse dreams, chronicles and mumbling madness available for public consumption.</p>
@ -94,7 +123,7 @@ function blog_page_user($uid = 0, $date = 0) {
}
if ($user->uid && user_access("post blogs")) {
$links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>";
}
if ($blog->comment) {
@ -131,7 +160,7 @@ function blog_page_last() {
}
if ($user->uid && user_access("post blogs")) {
$links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>";
}
if ($blog->comment) {
@ -150,6 +179,17 @@ function blog_page_last() {
}
function blog_form($edit) {
global $nid, $iid;
if (!$edit->body) {
if ($nid && $blog = node_load(array("nid" => $nid))) {
$edit->body = "<i>". $blog->body ."</i> [<a href=\"module.php?mod=blog&id=$blog->uid&date=$blog->created\">$blog->name</a>]";
}
if ($iid && $item = db_fetch_object(db_query("SELECT i.*, f.title as ftitle, f.link as flink FROM item i, feed f WHERE i.iid = '". check_input($iid) ."' AND i.fid = f.fid"))) {
$edit->body = "<a href=\"$item->link\">$item->title</a> - <i>". check_output($item->description) ."</i> [<a href=\"$item->flink\">$item->ftitle</a>]\n";
}
}
$output = form_textarea(t("Body"), "body", $edit->body, 60, 15, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
@ -157,30 +197,14 @@ function blog_form($edit) {
}
function blog_save($node) {
global $user;
if ($node->nid) {
/*
** Load the original blog from the database to make sure that only
** original author can update his blog.
*/
$blog = node_load(array("nid" => $node->nid));
if ($user->uid && $user->uid == $node->uid && $user->uid == $blog->uid) {
return array();
}
else if (user_access("adminster nodes")) {
return array();
}
else {
return 0;
}
return array();
}
else {
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
}
function blog_page() {

64
modules/blog/blog.module
View File

@ -1,6 +1,35 @@
<?php
// $Id$
function blog_node($field) {
global $user;
$info = array("name" => "personal blog");
return $info[$field];
}
function blog_access($op, $node) {
global $user;
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
if ($op == "create") {
return $user->uid;
}
if ($op == "update") {
return user_access("administer nodes") || ($user->uid == $node->uid);
}
if ($op == "delete") {
return user_access("administer nodes") || ($user->uid == $node->uid);
}
}
function blog_help() {
?>
<p>Drupal's blog module allows registered users to maintain an online blog or diary. It provides easy-to-write and easy-to-read online diaries or journals that can be filled with daily thoughts, poetry, boneless blabber, spiritual theories, intimate details, valuable experiences, cynical rants, semi-coherent comments, writing experiments, artistic babblings, critics on current facts, fresh insights, diverse dreams, chronicles and mumbling madness available for public consumption.</p>
@ -94,7 +123,7 @@ function blog_page_user($uid = 0, $date = 0) {
}
if ($user->uid && user_access("post blogs")) {
$links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>";
}
if ($blog->comment) {
@ -131,7 +160,7 @@ function blog_page_last() {
}
if ($user->uid && user_access("post blogs")) {
$links[] = "<a href=\"module.php?mod=blog&op=blog&id=$blog->nid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&nid=$blog->nid\">". t("blog it") ."</a>";
}
if ($blog->comment) {
@ -150,6 +179,17 @@ function blog_page_last() {
}
function blog_form($edit) {
global $nid, $iid;
if (!$edit->body) {
if ($nid && $blog = node_load(array("nid" => $nid))) {
$edit->body = "<i>". $blog->body ."</i> [<a href=\"module.php?mod=blog&id=$blog->uid&date=$blog->created\">$blog->name</a>]";
}
if ($iid && $item = db_fetch_object(db_query("SELECT i.*, f.title as ftitle, f.link as flink FROM item i, feed f WHERE i.iid = '". check_input($iid) ."' AND i.fid = f.fid"))) {
$edit->body = "<a href=\"$item->link\">$item->title</a> - <i>". check_output($item->description) ."</i> [<a href=\"$item->flink\">$item->ftitle</a>]\n";
}
}
$output = form_textarea(t("Body"), "body", $edit->body, 60, 15, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
@ -157,30 +197,14 @@ function blog_form($edit) {
}
function blog_save($node) {
global $user;
if ($node->nid) {
/*
** Load the original blog from the database to make sure that only
** original author can update his blog.
*/
$blog = node_load(array("nid" => $node->nid));
if ($user->uid && $user->uid == $node->uid && $user->uid == $blog->uid) {
return array();
}
else if (user_access("adminster nodes")) {
return array();
}
else {
return 0;
}
return array();
}
else {
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
}
function blog_page() {

44
modules/book.module
View File

@ -1,6 +1,35 @@
<?php
// $Id$
function book_node($field) {
global $user;
$info = array("name" => "book page");
return $info[$field];
}
function book_access($op, $node) {
global $user;
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
if ($op == "create") {
return 1;
}
if ($op == "update") {
return 1;
}
if ($op == "delete") {
return user_access("adminster nodes");
}
}
function book_link($type) {
if ($type == "page" && user_access("access content")) {
$links[] = "<a href=\"module.php?mod=book\">". t("collaborative book") ."</a>";
@ -36,17 +65,11 @@ function book_delete($node) {
}
function book_save($node) {
if ($node->nid) {
if (user_access("administer nodes")) {
return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight");
}
else {
// TODO: temporay disabled book page updates by regular users
return 0;
}
if ($node->nid && user_access("administer nodes")) {
return array("pid", "log", "parent", "weight");
}
else {
return array("pid", "log", "parent", "weight");
return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight");
}
}
@ -80,8 +103,7 @@ function book_view($node, $main = 0) {
$indent .= "-";
}
$output .= " <TR><TD COLSPAN=\"3\">$location</TD></TR>";
// TODO: <TD ALIGN=\"right\">". node_control($node) ."</TD></TR>\n";
$output .= " <TR><TD COLSPAN=\"2\">$location</TD><TD ALIGN=\"right\"><A HREF=\"module.php?mod=node&op=edit&id=$node->nid\">update</A></TD></TR>\n";
$output .= " <TR><TD COLSPAN=\"3\"><HR></TD></TR>";
$output .= " <TR><TD COLSPAN=\"3\"><B><BIG>". check_output($node->title) ."</BIG></B>". ($node->body ? "<BR><SMALL><I>Last updated by ". format_name($node) ." on ". format_date($node->created) ."</I></SMALL> " : "") ."</TD></TR>\n";
}

44
modules/book/book.module
View File

@ -1,6 +1,35 @@
<?php
// $Id$
function book_node($field) {
global $user;
$info = array("name" => "book page");
return $info[$field];
}
function book_access($op, $node) {
global $user;
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
if ($op == "create") {
return 1;
}
if ($op == "update") {
return 1;
}
if ($op == "delete") {
return user_access("adminster nodes");
}
}
function book_link($type) {
if ($type == "page" && user_access("access content")) {
$links[] = "<a href=\"module.php?mod=book\">". t("collaborative book") ."</a>";
@ -36,17 +65,11 @@ function book_delete($node) {
}
function book_save($node) {
if ($node->nid) {
if (user_access("administer nodes")) {
return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight");
}
else {
// TODO: temporay disabled book page updates by regular users
return 0;
}
if ($node->nid && user_access("administer nodes")) {
return array("pid", "log", "parent", "weight");
}
else {
return array("pid", "log", "parent", "weight");
return array("moderate" => 1, "promote" => 0, "status" => 0, "log", "parent", "weight");
}
}
@ -80,8 +103,7 @@ function book_view($node, $main = 0) {
$indent .= "-";
}
$output .= " <TR><TD COLSPAN=\"3\">$location</TD></TR>";
// TODO: <TD ALIGN=\"right\">". node_control($node) ."</TD></TR>\n";
$output .= " <TR><TD COLSPAN=\"2\">$location</TD><TD ALIGN=\"right\"><A HREF=\"module.php?mod=node&op=edit&id=$node->nid\">update</A></TD></TR>\n";
$output .= " <TR><TD COLSPAN=\"3\"><HR></TD></TR>";
$output .= " <TR><TD COLSPAN=\"3\"><B><BIG>". check_output($node->title) ."</BIG></B>". ($node->body ? "<BR><SMALL><I>Last updated by ". format_name($node) ." on ". format_date($node->created) ."</I></SMALL> " : "") ."</TD></TR>\n";
}

27
modules/forum.module
View File

@ -1,6 +1,21 @@
<?php
// $Id$
function forum_node($field) {
$info = array("name" => "discussion forum");
return $info[$field];
}
function forum_access($op, $node) {
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
return user_access("adminster nodes");
}
function forum_link($type) {
if ($type == "page" && user_access("access content")) {
$links[] = "<a href=\"module.php?mod=forum\">". t("forum") ."</a>";
@ -24,18 +39,12 @@ function forum_form($node) {
function forum_save() {
if (user_access("administer nodes")) {
if ($node->nid) {
return array();
}
else {
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
if ($node->nid) {
return array();
}
else {
return 0;
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
}
function forum_num_comments($nid) {

27
modules/forum/forum.module
View File

@ -1,6 +1,21 @@
<?php
// $Id$
function forum_node($field) {
$info = array("name" => "discussion forum");
return $info[$field];
}
function forum_access($op, $node) {
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
return user_access("adminster nodes");
}
function forum_link($type) {
if ($type == "page" && user_access("access content")) {
$links[] = "<a href=\"module.php?mod=forum\">". t("forum") ."</a>";
@ -24,18 +39,12 @@ function forum_form($node) {
function forum_save() {
if (user_access("administer nodes")) {
if ($node->nid) {
return array();
}
else {
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
if ($node->nid) {
return array();
}
else {
return 0;
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
}
function forum_num_comments($nid) {

6
modules/import.module
View File

@ -497,7 +497,7 @@ function import_page_last() {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>";
if ($item->link) {
@ -530,7 +530,7 @@ function import_page_feed($fid) {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"$item->link\">". t("visit") ."</a>";
if ($item->link) {
@ -564,7 +564,7 @@ function import_page_bundle($bid) {
$output .= "<table border=\"0\" cellpadding=\"4\" cellspacing=\"2\">";
while ($item = db_fetch_object($result)) {
$links[] = "<a href=\"submit.php?mod=blog&type=import&id=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=node&op=add&type=blog&iid=$item->iid\">". t("blog it") ."</a>";
$links[] = "<a href=\"module.php?mod=import&op=feed&id=$item->fid\">". t("feed") ."</a>";
$links[] = "<a href=\"$item->link\">". t("visit") ."</a>";

153
modules/node.module
View File

@ -14,6 +14,30 @@ function node_help() {
}
}
function node_access($op, $node = 0) {
/*
** Convert the node to an object if necessary:
*/
if (is_array($node)) {
$node = node_object($node);
}
/*
** Construct a function:
*/
$function = $node->type ."_access";
if (function_exists($function)) {
return $function($op, $node);
}
else {
return 0;
}
}
function node_perm() {
return array("administer nodes", "access content", "post content");
}
@ -375,7 +399,7 @@ function node_form($edit) {
$output .= form_submit(t("Submit"));
}
if ($edit->nid && user_access("administer nodes")) {
if ($edit->nid && node_access("delete", $edit)) {
$output .= form_submit(t("Delete"));
}
@ -407,15 +431,13 @@ function node_add($type) {
}
else {
// TODO: make building a node list generic and find an easy way to associate post permissions with them
if (user_access("adminster nodes")) {
$nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story", "page" => "static page", "forum" => "discussion forum");
}
else {
$nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story");
}
foreach ($nodes as $type => $name) {
$links[] = "<a href=\"module.php?mod=node&op=add&type=$type\">". t($name) ."</a>";
$links = array();
foreach (module_list() as $name) {
if (($info = module_invoke($name, "node", "name")) && node_access("create", array("type" => $name))) {
$links[] = "<a href=\"module.php?mod=node&op=add&type=$name\">". t($info) ."</a>";
}
}
$output .= sprintf(t("Submit a %s."), implode(", ", $links));
@ -430,7 +452,14 @@ function node_edit($id) {
$node = node_load(array("nid" => $id));
// TODO: make this generic for all node types - temporary solution
return node_form($node);
if (node_access("update", $node)) {
$output = node_form($node);
}
else {
$output = message_access();
}
return $output;
}
function node_preview($edit) {
@ -465,7 +494,7 @@ function node_preview($edit) {
return node_form($edit);
}
function node_submit($edit) {
function node_submit($node) {
global $user;
@ -473,51 +502,68 @@ function node_submit($edit) {
** Fixup the node when required:
*/
node_fixup(&$edit);
node_fixup(&$node);
if ($node->nid) {
if ($edit->nid) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $edit->type);
if (node_access("update", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $node->type);
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", $node)));
$output = t("The node has been updated.");
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $edit->type);
watchdog("warning", "node: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
$output = t("The node has been updated.");
}
else {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $edit->type);
if (node_access("create", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", $node)));
$output = t("Thanks for your submission.");
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $edit->type);
watchdog("warning", "node: not authorized to create node");
$output = t("You are not authorized to create this node.");
}
$output = t("Thanks for your submission.");
}
/*
** Check whether we are allowed to save the node and if so, whether
** there are more default values to add.
*/
$defaults = module_invoke($edit->type, "save", $edit);
if (is_array($defaults)) {
node_save($edit, array_merge($fields, $defaults));
}
else {
$output = t("Could not save or process the specified submission.");
}
return $output;
@ -525,17 +571,25 @@ function node_submit($edit) {
function node_remove($edit) {
if ($edit["confirm"]) {
node_delete(array(nid => $edit["nid"]));
$node = node_load(array("nid" => $edit["nid"]));
$output = node_admin_nodes();
if (node_access("delete", $node)) {
if ($edit["confirm"]) {
node_delete($node);
$output = t("The node has been deleted.");
}
else {
$output .= form_item(t("Confirm removal of"), check_output($node->title));
$output .= form_hidden("nid", $node->nid);
$output .= form_hidden("confirm", 1);
$output .= form_submit(t("Delete"));
$output = form($output, "post", "admin.php?mod=node");
}
}
else {
$output .= form_item(t("Confirm removal of"), check_output($edit["title"]));
$output .= form_hidden("nid", $edit["nid"]);
$output .= form_hidden("confirm", 1);
$output .= form_submit(t("Delete"));
$output = form($output, "post", "admin.php?mod=node");
watchdog("warning", "node: not authorized to remove node");
$output = t("You are not authorized to remove this node.");
}
return $output;
@ -564,6 +618,9 @@ function node_page() {
case t("Submit"):
$theme->box(t("Node"), node_submit($edit));
break;
case t("Delete"):
print node_remove($edit);
break;
default:
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '1' AND created <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY created DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
while ($node = db_fetch_object($result)) {

153
modules/node/node.module
View File

@ -14,6 +14,30 @@ function node_help() {
}
}
function node_access($op, $node = 0) {
/*
** Convert the node to an object if necessary:
*/
if (is_array($node)) {
$node = node_object($node);
}
/*
** Construct a function:
*/
$function = $node->type ."_access";
if (function_exists($function)) {
return $function($op, $node);
}
else {
return 0;
}
}
function node_perm() {
return array("administer nodes", "access content", "post content");
}
@ -375,7 +399,7 @@ function node_form($edit) {
$output .= form_submit(t("Submit"));
}
if ($edit->nid && user_access("administer nodes")) {
if ($edit->nid && node_access("delete", $edit)) {
$output .= form_submit(t("Delete"));
}
@ -407,15 +431,13 @@ function node_add($type) {
}
else {
// TODO: make building a node list generic and find an easy way to associate post permissions with them
if (user_access("adminster nodes")) {
$nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story", "page" => "static page", "forum" => "discussion forum");
}
else {
$nodes = array("book" => "book page", "blog" => "personal blog entry", "poll" => "online survey", "story" => "story");
}
foreach ($nodes as $type => $name) {
$links[] = "<a href=\"module.php?mod=node&op=add&type=$type\">". t($name) ."</a>";
$links = array();
foreach (module_list() as $name) {
if (($info = module_invoke($name, "node", "name")) && node_access("create", array("type" => $name))) {
$links[] = "<a href=\"module.php?mod=node&op=add&type=$name\">". t($info) ."</a>";
}
}
$output .= sprintf(t("Submit a %s."), implode(", ", $links));
@ -430,7 +452,14 @@ function node_edit($id) {
$node = node_load(array("nid" => $id));
// TODO: make this generic for all node types - temporary solution
return node_form($node);
if (node_access("update", $node)) {
$output = node_form($node);
}
else {
$output = message_access();
}
return $output;
}
function node_preview($edit) {
@ -465,7 +494,7 @@ function node_preview($edit) {
return node_form($edit);
}
function node_submit($edit) {
function node_submit($node) {
global $user;
@ -473,51 +502,68 @@ function node_submit($edit) {
** Fixup the node when required:
*/
node_fixup(&$edit);
node_fixup(&$node);
if ($node->nid) {
if ($edit->nid) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $edit->type);
if (node_access("update", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "promote", "moderate", "status", "teaser", "title", "created", "type" => $node->type);
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", $node)));
$output = t("The node has been updated.");
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $edit->type);
watchdog("warning", "node: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
$output = t("The node has been updated.");
}
else {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $edit->type);
if (node_access("create", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", $node)));
$output = t("Thanks for your submission.");
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $edit->type);
watchdog("warning", "node: not authorized to create node");
$output = t("You are not authorized to create this node.");
}
$output = t("Thanks for your submission.");
}
/*
** Check whether we are allowed to save the node and if so, whether
** there are more default values to add.
*/
$defaults = module_invoke($edit->type, "save", $edit);
if (is_array($defaults)) {
node_save($edit, array_merge($fields, $defaults));
}
else {
$output = t("Could not save or process the specified submission.");
}
return $output;
@ -525,17 +571,25 @@ function node_submit($edit) {
function node_remove($edit) {
if ($edit["confirm"]) {
node_delete(array(nid => $edit["nid"]));
$node = node_load(array("nid" => $edit["nid"]));
$output = node_admin_nodes();
if (node_access("delete", $node)) {
if ($edit["confirm"]) {
node_delete($node);
$output = t("The node has been deleted.");
}
else {
$output .= form_item(t("Confirm removal of"), check_output($node->title));
$output .= form_hidden("nid", $node->nid);
$output .= form_hidden("confirm", 1);
$output .= form_submit(t("Delete"));
$output = form($output, "post", "admin.php?mod=node");
}
}
else {
$output .= form_item(t("Confirm removal of"), check_output($edit["title"]));
$output .= form_hidden("nid", $edit["nid"]);
$output .= form_hidden("confirm", 1);
$output .= form_submit(t("Delete"));
$output = form($output, "post", "admin.php?mod=node");
watchdog("warning", "node: not authorized to remove node");
$output = t("You are not authorized to remove this node.");
}
return $output;
@ -564,6 +618,9 @@ function node_page() {
case t("Submit"):
$theme->box(t("Node"), node_submit($edit));
break;
case t("Delete"):
print node_remove($edit);
break;
default:
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '1' AND created <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY created DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
while ($node = db_fetch_object($result)) {

41
modules/page.module
View File

@ -3,6 +3,33 @@
$GLOBALS["format"] = array(0 => "HTML", 1 => "PHP", 2 => "text");
function page_node($field) {
$info = array("name" => "static page");
return $info[$field];
}
function page_access($op, $node) {
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
return user_access("administer nodes");
}
function page_insert($node) {
db_query("INSERT INTO page (nid, format, link) VALUES ('$node->nid', '$node->format', '$node->link')");
}
function page_update($node) {
db_query("UPDATE page SET format = '$node->format', link = '$node->link' WHERE nid = '$node->nid'");
}
function page_delete($node) {
db_query("DELETE FROM page WHERE nid = '$node->nid'");
}
function page_link($type) {
if ($type == "page") {
$result = db_query("SELECT nid,link FROM page WHERE link != '' ORDER BY link");
@ -42,7 +69,8 @@ function page_form($node) {
$node->body = addslashes($node->body);
}
$output .= form_textarea("Body", "body", $node->body, 60, 30);
$output .= form_textarea("Body", "body", $node->body, 60, 20);
$output .= form_textfield("Link", "link", $node->link, 60, 64);
$output .= form_select("Type", "format", $node->format, $format);
return $output;
@ -50,16 +78,11 @@ function page_form($node) {
function page_save() {
if (user_access("administer nodes")) {
if ($node->nid) {
return array();
}
else {
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
if ($node->nid) {
return array("format", "link");
}
else {
return 0;
return array("format", "link", "promote" => 0, "moderate" => 0, "status" => 1);
}
}

41
modules/page/page.module
View File

@ -3,6 +3,33 @@
$GLOBALS["format"] = array(0 => "HTML", 1 => "PHP", 2 => "text");
function page_node($field) {
$info = array("name" => "static page");
return $info[$field];
}
function page_access($op, $node) {
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
return user_access("administer nodes");
}
function page_insert($node) {
db_query("INSERT INTO page (nid, format, link) VALUES ('$node->nid', '$node->format', '$node->link')");
}
function page_update($node) {
db_query("UPDATE page SET format = '$node->format', link = '$node->link' WHERE nid = '$node->nid'");
}
function page_delete($node) {
db_query("DELETE FROM page WHERE nid = '$node->nid'");
}
function page_link($type) {
if ($type == "page") {
$result = db_query("SELECT nid,link FROM page WHERE link != '' ORDER BY link");
@ -42,7 +69,8 @@ function page_form($node) {
$node->body = addslashes($node->body);
}
$output .= form_textarea("Body", "body", $node->body, 60, 30);
$output .= form_textarea("Body", "body", $node->body, 60, 20);
$output .= form_textfield("Link", "link", $node->link, 60, 64);
$output .= form_select("Type", "format", $node->format, $format);
return $output;
@ -50,16 +78,11 @@ function page_form($node) {
function page_save() {
if (user_access("administer nodes")) {
if ($node->nid) {
return array();
}
else {
return array("promote" => 0, "moderate" => 0, "status" => 1);
}
if ($node->nid) {
return array("format", "link");
}
else {
return 0;
return array("format", "link", "promote" => 0, "moderate" => 0, "status" => 1);
}
}

4
modules/queue.module
View File

@ -79,7 +79,7 @@ function queue_overview() {
$theme->footer();
}
function queue_node($id) {
function queue_view($id) {
global $theme, $user;
$node = node_load(array(nid => $id));
@ -130,7 +130,7 @@ function queue_page() {
queue_vote(check_input($id), check_input($vote));
// fall through:
case "view":
queue_node(check_input($id));
queue_view(check_input($id));
break;
default:
queue_overview();

49
modules/story.module
View File

@ -1,11 +1,41 @@
<?php
// $Id$
function story_node($field) {
$info = array("name" => "story");
return $info[$field];
}
function story_access($op, $node) {
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
if ($op == "create") {
return 1;
}
if ($op == "update") {
return user_access("administer nodes");
}
if ($op == "delete") {
return user_access("adminster nodes");
}
}
function story_help() {
?>
<P>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</P>
<P>Posted stories: published stories accessible to all visitors.</P>
<P>Dumped stories: rejected stories that are no longer available to visitors.</P>
/*
// TODO: update documentation, outdated
<p>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</p>
<p>Posted stories: published stories accessible to all visitors.</p>
<p>Dumped stories: rejected stories that are no longer available to visitors.</p>
*/
<?php
}
@ -17,21 +47,14 @@ function story_form($node) {
}
function story_save($node) {
if ($node->nid) {
if (user_access("administer nodes")) {
return array();
}
else {
return 0;
}
return array();
}
else {
/*
** By default, stories get promoted to the front page and they are
** subject to moderation.
*/
return array("promote" => 1, "moderate" => 1);
}
}
?>

49
modules/story/story.module
View File

@ -1,11 +1,41 @@
<?php
// $Id$
function story_node($field) {
$info = array("name" => "story");
return $info[$field];
}
function story_access($op, $node) {
if ($op == "view") {
return $node->nid && $node->status && !$node->moderate;
}
if ($op == "create") {
return 1;
}
if ($op == "update") {
return user_access("administer nodes");
}
if ($op == "delete") {
return user_access("adminster nodes");
}
}
function story_help() {
?>
<P>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</P>
<P>Posted stories: published stories accessible to all visitors.</P>
<P>Dumped stories: rejected stories that are no longer available to visitors.</P>
/*
// TODO: update documentation, outdated
<p>Queued stories: user-contributed stories are automatically whisked away to a submission queue for moderators (i.e. registered user) to frown at. Moderators vote whether or not a story should be posted to the front page for discussion.</p>
<p>Posted stories: published stories accessible to all visitors.</p>
<p>Dumped stories: rejected stories that are no longer available to visitors.</p>
*/
<?php
}
@ -17,21 +47,14 @@ function story_form($node) {
}
function story_save($node) {
if ($node->nid) {
if (user_access("administer nodes")) {
return array();
}
else {
return 0;
}
return array();
}
else {
/*
** By default, stories get promoted to the front page and they are
** subject to moderation.
*/
return array("promote" => 1, "moderate" => 1);
}
}
?>

6
node.php
View File

@ -71,7 +71,7 @@ function node_render($node) {
function node_failure() {
global $theme;
$theme->header();
$theme->box(t("Not found"), t("The node you are looking for does not exist yet or is no longer accessible.") ."\n");
$theme->box(t("Not found"), t("The node you are looking for does no longer exist or is not accessible without the proper access rights.") ."\n");
$theme->footer();
}
@ -82,7 +82,7 @@ if ($number > 1) {
$result = db_query("SELECT n.*, u.name, u.uid FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.title = '$title' AND n.status = 1 ORDER BY created DESC");
while ($node = db_fetch_object($result)) {
if (node_access($node)) {
if (node_access("view", $node)) {
$output .= "<p><b><a href=\"node.php?id=$node->nid\">". check_output($node->title) ."</a></b><br /><small>$node->type - ". format_name($node) ." - ". format_date($node->ccreated, "small") ."</small></p>";
}
}
@ -93,7 +93,7 @@ if ($number > 1) {
}
elseif ($number) {
$node = ($title ? node_load(array("title" => $title, "status" => 1)) : node_load(array("nid" => ($edit[id] ? $edit[id] : $id))));
if ($node && node_access($node)) {
if (node_access("view", $node)) {
node_render($node);
}
else {