summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2009-08-27 20:25:29 (GMT)
committerDries Buytaert2009-08-27 20:25:29 (GMT)
commitee64752e10aed9d54674f5acacbd759e47d96467 (patch)
tree40a09a1d7103818457fce75ffa30e145794a1d39
parentc9e82a3b7f81833878433b07cee19a527536133d (diff)
- Patch #300993 by dropcube, Dave Reid: user roles and permission API. Great patch.
-rw-r--r--modules/block/block.module11
-rw-r--r--modules/filter/filter.module12
-rw-r--r--modules/simpletest/drupal_web_test_case.php21
-rw-r--r--modules/system/system.install15
-rw-r--r--modules/user/user.admin.inc43
-rw-r--r--modules/user/user.api.php60
-rw-r--r--modules/user/user.module108
-rw-r--r--profiles/default/default.install22
-rw-r--r--profiles/expert/expert.install4
9 files changed, 221 insertions, 75 deletions
diff --git a/modules/block/block.module b/modules/block/block.module
index cc1e63b..630555b 100644
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -854,6 +854,17 @@ function template_preprocess_block(&$variables) {
}
/**
+ * Implement hook_user_role_delete().
+ *
+ * Remove deleted role from blocks that use it.
+ */
+function block_user_role_delete($role) {
+ db_delete('block_role')
+ ->condition('rid', $role->rid)
+ ->execute();
+}
+
+/**
* Implement hook_filter_format_delete().
*/
function block_filter_format_delete($format, $default) {
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index ccc7bb1..71df8fc 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -963,3 +963,15 @@ function _filter_autop($text) {
/**
* @} End of "Standard filters".
*/
+
+/**
+ * Implement hook_user_role_delete().
+ *
+ * Remove deleted role from formats that use it.
+ */
+function filter_user_role_delete($role) {
+ db_update('filter_format')
+ ->expression('roles', 'REPLACE(roles, :rid, :replacement)', array(':rid' => ',' . $role->rid, ':replacement' => ''))
+ ->condition('roles', '%,' . $role->rid . '%', 'LIKE')
+ ->execute();
+}
diff --git a/modules/simpletest/drupal_web_test_case.php b/modules/simpletest/drupal_web_test_case.php
index 8ef6136..822a92a 100644
--- a/modules/simpletest/drupal_web_test_case.php
+++ b/modules/simpletest/drupal_web_test_case.php
@@ -892,26 +892,19 @@ class DrupalWebTestCase extends DrupalTestCase {
$name = $this->randomName();
}
+ // Check the all the permissions strings are valid.
if (!$this->checkPermissions($permissions)) {
return FALSE;
}
// Create new role.
- db_insert('role')
- ->fields(array('name' => $name))
- ->execute();
- $role = db_query('SELECT * FROM {role} WHERE name = :name', array(':name' => $name))->fetchObject();
- $this->assertTrue($role, t('Created role of name: @name, id: @rid', array('@name' => $name, '@rid' => (isset($role->rid) ? $role->rid : t('-n/a-')))), t('Role'));
+ $role = new stdClass();
+ $role->name = $name;
+ user_role_save($role);
+ user_role_set_permissions($role->name, $permissions);
+
+ $this->assertTrue(isset($role->rid), t('Created role of name: @name, id: @rid', array('@name' => $name, '@rid' => (isset($role->rid) ? $role->rid : t('-n/a-')))), t('Role'));
if ($role && !empty($role->rid)) {
- // Assign permissions to role and mark it for clean-up.
- $query = db_insert('role_permission')->fields(array('rid', 'permission'));
- foreach ($permissions as $permission_string) {
- $query->values(array(
- 'rid' => $role->rid,
- 'permission' => $permission_string,
- ));
- }
- $query->execute();
$count = db_query('SELECT COUNT(*) FROM {role_permission} WHERE rid = :rid', array(':rid' => $role->rid))->fetchField();
$this->assertTrue($count == count($permissions), t('Created permissions: @perms', array('@perms' => implode(', ', $permissions))), t('Role'));
return $role->rid;
diff --git a/modules/system/system.install b/modules/system/system.install
index df67801..613f029 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -385,21 +385,6 @@ function system_install() {
->execute();
}
- $query = db_insert('role_permission')->fields(array('rid', 'permission'));
- // Anonymous role permissions.
- $query->values(array(
- 'rid' => DRUPAL_ANONYMOUS_RID,
- 'permission' => 'access content',
- ));
-
- // Authenticated role permissions.
- foreach (array('access comments', 'access content', 'post comments', 'post comments without approval', 'view own unpublished content') as $permission) {
- $query->values(array(
- 'rid' => DRUPAL_AUTHENTICATED_RID,
- 'permission' => $permission,
- ));
- }
- $query->execute();
variable_set('theme_default', 'garland');
diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc
index b7f3ff4..99948a3 100644
--- a/modules/user/user.admin.inc
+++ b/modules/user/user.admin.inc
@@ -663,19 +663,8 @@ function user_admin_permissions($form_state, $rid = NULL) {
*/
function user_admin_permissions_submit($form, &$form_state) {
foreach ($form_state['values']['role_names'] as $rid => $name) {
- $checked = array_filter($form_state['values'][$rid]);
- // Delete existing permissions for the role. This handles "unchecking" checkboxes.
- db_delete('role_permission')
- ->condition('rid', $rid)
- ->execute();
- $query = db_insert('role_permission')->fields(array('rid', 'permission'));
- foreach ($checked as $permission) {
- $query->values(array(
- 'rid' => $rid,
- 'permission' => $permission,
- ));
- }
- $query->execute();
+ $permissions = array_filter($form_state['values'][$rid]);
+ user_role_set_permissions($rid, $permissions);
}
drupal_set_message(t('The changes have been saved.'));
@@ -776,13 +765,13 @@ function user_admin_role() {
function user_admin_role_validate($form, &$form_state) {
if ($form_state['values']['name']) {
if ($form_state['values']['op'] == t('Save role')) {
- $existing_role = (bool) db_query_range("SELECT 1 FROM {role} WHERE name = :name AND rid <> :rid", array(':name' => $form_state['values']['name'], ':rid' => $form_state['values']['rid']), 0, 1)->fetchField();
- if ($existing_role) {
+ $role = user_role_load($form_state['values']['name']);
+ if ($role && $role->rid != $form_state['values']['rid']) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
elseif ($form_state['values']['op'] == t('Add role')) {
- if ((bool) db_query_range('SELECT 1 FROM {role} WHERE name = :name', array(':name' => $form_state['values']['name']), 0, 1)->fetchField()) {
+ if (user_role_load($form_state['values']['name'])) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
@@ -793,31 +782,17 @@ function user_admin_role_validate($form, &$form_state) {
}
function user_admin_role_submit($form, &$form_state) {
+ $role = (object)$form_state['values'];
if ($form_state['values']['op'] == t('Save role')) {
- db_update('role')
- ->fields(array('name' => $form_state['values']['name']))
- ->condition('rid', $form_state['values']['rid'])
- ->execute();
+ user_role_save($role);
drupal_set_message(t('The role has been renamed.'));
}
elseif ($form_state['values']['op'] == t('Delete role')) {
- db_delete('role')
- ->condition('rid', $form_state['values']['rid'])
- ->execute();
- db_delete('role_permission')
- ->condition('rid', $form_state['values']['rid'])
- ->execute();
- // Update the users who have this role set:
- db_delete('users_roles')
- ->condition('rid', $form_state['values']['rid'])
- ->execute();
-
+ user_role_delete($form_state['values']['rid']);
drupal_set_message(t('The role has been deleted.'));
}
elseif ($form_state['values']['op'] == t('Add role')) {
- db_insert('role')
- ->fields(array('name' => $form_state['values']['name']))
- ->execute();
+ user_role_save($role);
drupal_set_message(t('The role has been added.'));
}
$form_state['redirect'] = 'admin/config/people/roles';
diff --git a/modules/user/user.api.php b/modules/user/user.api.php
index e3c7065..88d4c0f 100644
--- a/modules/user/user.api.php
+++ b/modules/user/user.api.php
@@ -423,5 +423,65 @@ function hook_user_view($account) {
}
/**
+ * Inform other modules that a user role has been added.
+ *
+ * Modules implementing this hook can act on the user role object when saved to
+ * the database. It's recommended that you implement this hook if your module
+ * adds additional data to user roles object. The module should save its custom
+ * additions to the database.
+ *
+ * @param $role
+ * A user role object.
+ */
+function hook_user_role_insert($role) {
+ // Save extra fields provided by the module to user roles.
+ db_insert('my_module_table')
+ ->fields(array(
+ 'rid' => $role->rid,
+ 'role_description' => $role->description,
+ ))
+ ->execute();
+}
+
+/**
+ * Inform other modules that a user role has been updated.
+ *
+ * Modules implementing this hook can act on the user role object when updated.
+ * It's recommended that you implement this hook if your module adds additional
+ * data to user roles object. The module should save its custom additions to
+ * the database.
+ *
+ * @param $role
+ * A user role object.
+ */
+function hook_user_role_update($role) {
+ // Save extra fields provided by the module to user roles.
+ db_merge('my_module_table')
+ ->key(array('rid' => $role->rid))
+ ->fields(array(
+ 'role_description' => $role->description
+ ))
+ ->execute();
+}
+
+/**
+ * Inform other modules that a user role has been deleted.
+ *
+ * This hook allows you act when a user role has been deleted.
+ * If your module stores references to roles, it's recommended that you
+ * implement this hook and delete existing instances of the deleted role
+ * in your module database tables.
+ *
+ * @param $role
+ * The $role object being deleted.
+ */
+function hook_user_role_delete($role) {
+ // Delete existing instances of the deleted role.
+ db_delete('my_module_table')
+ ->condition('rid', $role->rid)
+ ->execute();
+}
+
+/**
* @} End of "addtogroup hooks".
*/
diff --git a/modules/user/user.module b/modules/user/user.module
index 0b25f3e..cc7c83d 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -2207,6 +2207,114 @@ function user_roles($membersonly = FALSE, $permission = NULL) {
}
/**
+ * Fetch a user role from database.
+ *
+ * @param $role
+ * A string with the role name, or an integer with the role ID.
+ * @return
+ * A fully-loaded role object if a role with the given name or ID
+ * exists, FALSE otherwise.
+ */
+function user_role_load($role) {
+ $field = is_int($role) ? 'rid' : 'name';
+ return db_select('role', 'r')
+ ->fields('r')
+ ->condition($field, $role)
+ ->execute()
+ ->fetchObject();
+}
+/**
+ * Save a user role to the database.
+ *
+ * @param $role
+ * A role object to modify or add. If $role->rid is not specified, a new
+ * role will be created.
+ * @return
+ * Status constant indicating if role was created or updated.
+ * Failure to write the user role record will return FALSE. Otherwise.
+ * SAVED_NEW or SAVED_UPDATED is returned depending on the operation
+ * performed.
+ */
+function user_role_save($role) {
+ if ($role->name) {
+ // Prevent leading and trailing spaces in role names.
+ $role->name = trim($role->name);
+ }
+ if (!empty($role->rid) && $role->name) {
+ $status = drupal_write_record('role', $role, 'rid');
+ module_invoke_all('user_role_update', $role);
+ }
+ else {
+ $status = drupal_write_record('role', $role);
+ module_invoke_all('user_role_insert', $role);
+ }
+
+ return $status;
+}
+
+/**
+ * Delete a user role from database.
+ *
+ * @param $role
+ * A string with the role name, or an integer with the role ID.
+ */
+function user_role_delete($role) {
+ $role = user_role_load($role);
+
+ db_delete('role')
+ ->condition('rid', $role->rid)
+ ->execute();
+ db_delete('role_permission')
+ ->condition('rid', $role->rid)
+ ->execute();
+ // Update the users who have this role set:
+ db_delete('users_roles')
+ ->condition('rid', $role->rid)
+ ->execute();
+
+ // Clear the user access cache.
+ user_access(NULL, NULL, TRUE);
+
+ module_invoke_all('user_role_delete', $role);
+}
+
+/**
+ * Assign permissions to a user role.
+ *
+ * @param $role
+ * A string with the role name, or an integer with the role ID.
+ * @param $permissions
+ * An array of permissions strings.
+ * @param $merge
+ * A boolean indicating whether to add permissions or to merge
+ * with all existing permissions.
+ */
+function user_role_set_permissions($role, array $permissions = array(), $merge = FALSE) {
+ $role = user_role_load($role);
+ if (!$merge) {
+ // Delete existing permissions for the role.
+ db_delete('role_permission')
+ ->condition('rid', $role->rid)
+ ->execute();
+ }
+
+ // Assign the new permissions for the role.
+ foreach ($permissions as $permission_string) {
+ db_merge('role_permission')
+ ->key(array(
+ 'rid' => $role->rid,
+ 'permission' => $permission_string,
+ ))
+ ->execute();
+ }
+
+ // Clear the user access cache.
+ user_access(NULL, NULL, TRUE);
+
+ return TRUE;
+}
+
+/**
* Implement hook_user_operations().
*/
function user_user_operations($form_state = array()) {
diff --git a/profiles/default/default.install b/profiles/default/default.install
index 7a81aec..60e5d01 100644
--- a/profiles/default/default.install
+++ b/profiles/default/default.install
@@ -183,20 +183,18 @@ function default_install() {
))->execute();
db_insert('taxonomy_vocabulary_node_type')->fields(array('vid' => $vid, 'type' => 'article'))->execute();
- // Create a default role for site administrators.
- $rid = db_insert('role')->fields(array('name' => 'administrator'))->execute();
+ // Enable default permissions for system roles.
+ user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content'));
+ user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval'));
+
+ // Create a default role for site administrators, with all available permissions assigned.
+ $admin_role = new stdClass();
+ $admin_role->name = 'administrator';
+ user_role_save($admin_role);
+ user_role_set_permissions($admin_role->name, array_keys(module_invoke_all('permission')));
// Set this as the administrator role.
- variable_set('user_admin_role', $rid);
-
- // Assign all available permissions to this role.
- foreach (module_invoke_all('permission') as $key => $value) {
- db_insert('role_permission')
- ->fields(array(
- 'rid' => $rid,
- 'permission' => $key,
- ))->execute();
- }
+ variable_set('user_admin_role', $admin_role->rid);
// Update the menu router information.
menu_rebuild();
diff --git a/profiles/expert/expert.install b/profiles/expert/expert.install
index bcb6cff..4693b84 100644
--- a/profiles/expert/expert.install
+++ b/profiles/expert/expert.install
@@ -66,6 +66,10 @@ function expert_install() {
$query->values($record);
}
$query->execute();
+
+ // Enable default permissions for system roles.
+ user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content'));
+ user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval'));
}