summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2006-05-26 09:21:10 (GMT)
committerDries Buytaert2006-05-26 09:21:10 (GMT)
commit02fa0d85b2eaf2b25b8eff07a996def15f2f3929 (patch)
tree50b6b60ff09f0005522582f8e1ad44403958208c
parentbe6b7b0f1dcbb861115a385b07f8c814a2b40a1a (diff)
- Patch #18018 by dww, nedjo, tostinne, luke et al: block visibility by role.
-rw-r--r--CHANGELOG.txt2
-rw-r--r--INSTALL.txt10
-rw-r--r--database/database.4.0.mysql11
-rw-r--r--database/database.4.1.mysql11
-rw-r--r--database/database.pgsql11
-rw-r--r--database/updates.inc26
-rw-r--r--modules/block.module51
-rw-r--r--modules/block/block.module51
-rw-r--r--modules/taxonomy.module2
-rw-r--r--modules/taxonomy/taxonomy.module2
10 files changed, 152 insertions, 25 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 94b65d7..50ddb55 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -3,6 +3,8 @@ Drupal x.x.x, xxxx-xx-xx (development version)
- usability:
* added support for auto-complete forms (AJAX) to user profiles.
* improved configurability of the contact forms.
+- block system:
+ * extended the block visibility settings with a role specific settings..
- distributed authentication:
* added default server option.
- fixed critical SQL issue, see SA-2006-005
diff --git a/INSTALL.txt b/INSTALL.txt
index d13cb10..fc2e552 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -144,11 +144,11 @@ INSTALLATION
by the Drupal server process. You can change the name of this
subdirectory at "Administer > Settings > File system settings".
- SECURITY NOTICE: Certain Apache configurations can be vulnerable
- to a security exploit allowing arbitrary code execution. Drupal
- will attempt to automatically create a .htaccess file in your
- "files" directory to protect you. If you already have a .htaccess
- file in that location, please add the following line:
+ SECURITY NOTICE: Certain Apache configurations can be vulnerable
+ to a security exploit allowing arbitrary code execution. Drupal
+ will attempt to automatically create a .htaccess file in your
+ "files" directory to protect you. If you already have a .htaccess
+ file in that location, please add the following line:
SetHandler This_is_a_Drupal_security_line_do_not_remove
You can now launch your browser and point it to your Drupal site.
diff --git a/database/database.4.0.mysql b/database/database.4.0.mysql
index dfd9632..e2a9d00 100644
--- a/database/database.4.0.mysql
+++ b/database/database.4.0.mysql
@@ -569,6 +569,17 @@ CREATE TABLE role (
);
--
+-- Table structure for table 'blocks_roles'
+--
+CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid int(10) unsigned NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+)
+/*!40100 DEFAULT CHARACTER SET utf8 */ ;
+
+--
-- Table structure for table 'search_dataset'
--
CREATE TABLE search_dataset (
diff --git a/database/database.4.1.mysql b/database/database.4.1.mysql
index 8c2c331..4518b722 100644
--- a/database/database.4.1.mysql
+++ b/database/database.4.1.mysql
@@ -608,6 +608,17 @@ CREATE TABLE role (
DEFAULT CHARACTER SET utf8;
--
+-- Table structure for table 'blocks_roles'
+--
+CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid int(10) unsigned NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+)
+/*!40100 DEFAULT CHARACTER SET utf8 */ ;
+
+--
-- Table structure for table 'search_dataset'
--
CREATE TABLE search_dataset (
diff --git a/database/database.pgsql b/database/database.pgsql
index 7d468f8..a2812b6 100644
--- a/database/database.pgsql
+++ b/database/database.pgsql
@@ -572,6 +572,17 @@ CREATE TABLE role (
);
--
+-- Table structure for table 'blocks_roles'
+--
+
+CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid integer NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+);
+
+--
-- Table structure for table 'search_dataset'
--
CREATE TABLE search_dataset (
diff --git a/database/updates.inc b/database/updates.inc
index 0e35785..d641da0 100644
--- a/database/updates.inc
+++ b/database/updates.inc
@@ -2014,3 +2014,29 @@ function system_update_182() {
return $ret;
}
+
+function system_update_183() {
+ $ret = array();
+ switch ($GLOBALS['db_type']) {
+ case 'mysql':
+ case 'mysqli':
+ $ret[] = update_sql("CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid int(10) unsigned NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+ ) /*!40100 DEFAULT CHARACTER SET utf8 */;");
+ break;
+
+ case 'pgsql':
+ $ret[] = update_sql("CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid integer NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+ );");
+ break;
+
+ }
+ return $ret;
+}
diff --git a/modules/block.module b/modules/block.module
index 9d48ca7..588bb29 100644
--- a/modules/block.module
+++ b/modules/block.module
@@ -22,6 +22,7 @@ function block_help($section) {
<li>Its page visibility settings. Blocks can be configured to be visible/hidden on certain pages.</li>
<li>Its custom visibility settings. Blocks can be configured to be visible only when specific conditions are true.</li>
<li>Its user visibility settings. Administrators can choose to let users decide whether to show/hide certain blocks.</li>
+<li>Its user-role visibility settings. Administrators can choose to let blocks be visible only for certain user roles.</li>
<li>Its function. Some dynamic blocks, such as those generated by modules, will be displayed only on certain pages.</li>
</ul>
');
@@ -365,7 +366,7 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['block_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Block specific settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
foreach ($settings as $k => $v) {
@@ -382,19 +383,48 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['user_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('User specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$form['user_vis_settings']['custom'] = array(
'#type' => 'radios',
'#title' => t('Custom visibility settings'),
- '#options' => array(t('Users cannot control whether or not they see this block.'), t('Show this block by default, but let individual users hide it.'), t('Hide this block by default but let individual users show it.')),
+ '#options' => array(
+ t('Users cannot control whether or not they see this block.'),
+ t('Show this block by default, but let individual users hide it.'),
+ t('Hide this block by default but let individual users show it.')
+ ),
'#description' => t('Allow individual users to customize the visibility of this block in their account settings.'),
'#default_value' => $edit['custom'],
);
+
+ // Role-based visibility settings
+ $default_role_options = array();
+ $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
+ while ($role = db_fetch_object($result)) {
+ $default_role_options[] = $role->rid;
+ }
+ $result = db_query('SELECT rid, name FROM {role} ORDER BY name');
+ $role_options = array();
+ while ($role = db_fetch_object($result)) {
+ $role_options[$role->rid] = $role->name;
+ }
+ $form['role_vis_settings'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Role specific visibility settings'),
+ '#collapsible' => TRUE,
+ );
+ $form['role_vis_settings']['roles'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('Show block for specific roles'),
+ '#default_value' => $default_role_options,
+ '#options' => $role_options,
+ '#description' => t('Show this block only for the selected role(s). If you select no roles, the block will be visible to all users.'),
+ );
+
$form['page_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Page specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$access = user_access('use PHP for block visibility');
@@ -444,6 +474,10 @@ function block_admin_configure_validate($form_id, $form_values) {
function block_admin_configure_submit($form_id, $form_values) {
if (!form_get_errors()) {
db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d WHERE module = '%s' AND delta = '%s'", $form_values['visibility'], $form_values['pages'], $form_values['custom'], $form_values['module'], $form_values['delta']);
+ db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_values['module'], $form_values['delta']);
+ foreach (array_filter($form_values['roles']) as $rid) {
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_values['module'], $form_values['delta']);
+ }
module_invoke($form_values['module'], 'block', 'save', $form_values['delta'], $form_values);
drupal_set_message(t('The block configuration has been saved.'));
cache_clear_all();
@@ -540,7 +574,7 @@ function block_box_save($edit, $delta = NULL) {
else {
db_query("INSERT INTO {boxes} (title, body, info, format) VALUES ('%s', '%s', '%s', %d)", $edit['title'], $edit['body'], $edit['info'], $edit['format']);
}
- return true;
+ return TRUE;
}
/**
@@ -550,10 +584,11 @@ function block_box_save($edit, $delta = NULL) {
* the site.
*/
function block_user($type, $edit, &$user, $category = NULL) {
+ global $user;
switch ($type) {
case 'form':
if ($category == 'account') {
- $result = db_query('SELECT * FROM {blocks} WHERE status = 1 AND custom != 0 ORDER BY weight, module, delta');
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles)));
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
while ($block = db_fetch_object($result)) {
$data = module_invoke($block->module, 'block', 'list');
@@ -600,7 +635,7 @@ function block_list($region) {
static $blocks = array();
if (!count($blocks)) {
- $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s' AND status = 1 ORDER BY region, weight, module", $theme_key);
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", $theme_key, implode(',', array_keys($user->roles)));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
@@ -656,5 +691,3 @@ function block_list($region) {
}
return $blocks[$region];
}
-
-
diff --git a/modules/block/block.module b/modules/block/block.module
index 9d48ca7..588bb29 100644
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -22,6 +22,7 @@ function block_help($section) {
<li>Its page visibility settings. Blocks can be configured to be visible/hidden on certain pages.</li>
<li>Its custom visibility settings. Blocks can be configured to be visible only when specific conditions are true.</li>
<li>Its user visibility settings. Administrators can choose to let users decide whether to show/hide certain blocks.</li>
+<li>Its user-role visibility settings. Administrators can choose to let blocks be visible only for certain user roles.</li>
<li>Its function. Some dynamic blocks, such as those generated by modules, will be displayed only on certain pages.</li>
</ul>
');
@@ -365,7 +366,7 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['block_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Block specific settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
foreach ($settings as $k => $v) {
@@ -382,19 +383,48 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['user_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('User specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$form['user_vis_settings']['custom'] = array(
'#type' => 'radios',
'#title' => t('Custom visibility settings'),
- '#options' => array(t('Users cannot control whether or not they see this block.'), t('Show this block by default, but let individual users hide it.'), t('Hide this block by default but let individual users show it.')),
+ '#options' => array(
+ t('Users cannot control whether or not they see this block.'),
+ t('Show this block by default, but let individual users hide it.'),
+ t('Hide this block by default but let individual users show it.')
+ ),
'#description' => t('Allow individual users to customize the visibility of this block in their account settings.'),
'#default_value' => $edit['custom'],
);
+
+ // Role-based visibility settings
+ $default_role_options = array();
+ $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
+ while ($role = db_fetch_object($result)) {
+ $default_role_options[] = $role->rid;
+ }
+ $result = db_query('SELECT rid, name FROM {role} ORDER BY name');
+ $role_options = array();
+ while ($role = db_fetch_object($result)) {
+ $role_options[$role->rid] = $role->name;
+ }
+ $form['role_vis_settings'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Role specific visibility settings'),
+ '#collapsible' => TRUE,
+ );
+ $form['role_vis_settings']['roles'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('Show block for specific roles'),
+ '#default_value' => $default_role_options,
+ '#options' => $role_options,
+ '#description' => t('Show this block only for the selected role(s). If you select no roles, the block will be visible to all users.'),
+ );
+
$form['page_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Page specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$access = user_access('use PHP for block visibility');
@@ -444,6 +474,10 @@ function block_admin_configure_validate($form_id, $form_values) {
function block_admin_configure_submit($form_id, $form_values) {
if (!form_get_errors()) {
db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d WHERE module = '%s' AND delta = '%s'", $form_values['visibility'], $form_values['pages'], $form_values['custom'], $form_values['module'], $form_values['delta']);
+ db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_values['module'], $form_values['delta']);
+ foreach (array_filter($form_values['roles']) as $rid) {
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_values['module'], $form_values['delta']);
+ }
module_invoke($form_values['module'], 'block', 'save', $form_values['delta'], $form_values);
drupal_set_message(t('The block configuration has been saved.'));
cache_clear_all();
@@ -540,7 +574,7 @@ function block_box_save($edit, $delta = NULL) {
else {
db_query("INSERT INTO {boxes} (title, body, info, format) VALUES ('%s', '%s', '%s', %d)", $edit['title'], $edit['body'], $edit['info'], $edit['format']);
}
- return true;
+ return TRUE;
}
/**
@@ -550,10 +584,11 @@ function block_box_save($edit, $delta = NULL) {
* the site.
*/
function block_user($type, $edit, &$user, $category = NULL) {
+ global $user;
switch ($type) {
case 'form':
if ($category == 'account') {
- $result = db_query('SELECT * FROM {blocks} WHERE status = 1 AND custom != 0 ORDER BY weight, module, delta');
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles)));
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
while ($block = db_fetch_object($result)) {
$data = module_invoke($block->module, 'block', 'list');
@@ -600,7 +635,7 @@ function block_list($region) {
static $blocks = array();
if (!count($blocks)) {
- $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s' AND status = 1 ORDER BY region, weight, module", $theme_key);
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", $theme_key, implode(',', array_keys($user->roles)));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
@@ -656,5 +691,3 @@ function block_list($region) {
}
return $blocks[$region];
}
-
-
diff --git a/modules/taxonomy.module b/modules/taxonomy.module
index ba7827d..0ee530d 100644
--- a/modules/taxonomy.module
+++ b/modules/taxonomy.module
@@ -1147,7 +1147,7 @@ function taxonomy_render_nodes($result) {
$output .= theme('pager', NULL, variable_get('default_nodes_main', 10), 0);
}
else {
- $output .= t('There are currently no posts in this category.');
+ $output .= '<p>'. t('There are currently no posts in this category.') .'</p>';
}
return $output;
}
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index ba7827d..0ee530d 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -1147,7 +1147,7 @@ function taxonomy_render_nodes($result) {
$output .= theme('pager', NULL, variable_get('default_nodes_main', 10), 0);
}
else {
- $output .= t('There are currently no posts in this category.');
+ $output .= '<p>'. t('There are currently no posts in this category.') .'</p>';
}
return $output;
}