diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 94b65d7b808f83b1ef4102e234d1a36807531323..50ddb55f95496199f76b209de4d7de6e77a1d7df 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -3,6 +3,8 @@ Drupal x.x.x, xxxx-xx-xx (development version)
- usability:
* added support for auto-complete forms (AJAX) to user profiles.
* improved configurability of the contact forms.
+- block system:
+ * extended the block visibility settings with a role specific settings..
- distributed authentication:
* added default server option.
- fixed critical SQL issue, see SA-2006-005
diff --git a/INSTALL.txt b/INSTALL.txt
index d13cb101f8214d195999eb79b408773000eaa86e..fc2e5529a66693c632fc1980b5a87e400d3969a6 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -144,11 +144,11 @@ INSTALLATION
by the Drupal server process. You can change the name of this
subdirectory at "Administer > Settings > File system settings".
- SECURITY NOTICE: Certain Apache configurations can be vulnerable
- to a security exploit allowing arbitrary code execution. Drupal
- will attempt to automatically create a .htaccess file in your
- "files" directory to protect you. If you already have a .htaccess
- file in that location, please add the following line:
+ SECURITY NOTICE: Certain Apache configurations can be vulnerable
+ to a security exploit allowing arbitrary code execution. Drupal
+ will attempt to automatically create a .htaccess file in your
+ "files" directory to protect you. If you already have a .htaccess
+ file in that location, please add the following line:
SetHandler This_is_a_Drupal_security_line_do_not_remove
You can now launch your browser and point it to your Drupal site.
diff --git a/database/database.4.0.mysql b/database/database.4.0.mysql
index dfd96323ca1f39e0c88216cc52b7be65ee445e0e..e2a9d0009da14b7ca9542cad71fa0f7b2a68cde5 100644
--- a/database/database.4.0.mysql
+++ b/database/database.4.0.mysql
@@ -568,6 +568,17 @@ CREATE TABLE role (
UNIQUE KEY name (name)
);
+--
+-- Table structure for table 'blocks_roles'
+--
+CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid int(10) unsigned NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+)
+/*!40100 DEFAULT CHARACTER SET utf8 */ ;
+
--
-- Table structure for table 'search_dataset'
--
diff --git a/database/database.4.1.mysql b/database/database.4.1.mysql
index 8c2c3318f10f9e9c5b4ce7a7161a0132b6342794..4518b7224cd177daa977b1ba584d06153fa70ddd 100644
--- a/database/database.4.1.mysql
+++ b/database/database.4.1.mysql
@@ -607,6 +607,17 @@ CREATE TABLE role (
)
DEFAULT CHARACTER SET utf8;
+--
+-- Table structure for table 'blocks_roles'
+--
+CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid int(10) unsigned NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+)
+/*!40100 DEFAULT CHARACTER SET utf8 */ ;
+
--
-- Table structure for table 'search_dataset'
--
diff --git a/database/database.pgsql b/database/database.pgsql
index 7d468f82b409c0dc79583bb0b8c2e5f43f6cf8ae..a2812b604778b4ec7c4f3f0e1b716d1d02b9452a 100644
--- a/database/database.pgsql
+++ b/database/database.pgsql
@@ -571,6 +571,17 @@ CREATE TABLE role (
UNIQUE (name)
);
+--
+-- Table structure for table 'blocks_roles'
+--
+
+CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid integer NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+);
+
--
-- Table structure for table 'search_dataset'
--
diff --git a/database/updates.inc b/database/updates.inc
index 0e357850fe73ead3abedc54ac5bb2f9e1d15ceb3..d641da08b150de70228048bffd3458900cdd804a 100644
--- a/database/updates.inc
+++ b/database/updates.inc
@@ -2014,3 +2014,29 @@ function system_update_182() {
return $ret;
}
+
+function system_update_183() {
+ $ret = array();
+ switch ($GLOBALS['db_type']) {
+ case 'mysql':
+ case 'mysqli':
+ $ret[] = update_sql("CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid int(10) unsigned NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+ ) /*!40100 DEFAULT CHARACTER SET utf8 */;");
+ break;
+
+ case 'pgsql':
+ $ret[] = update_sql("CREATE TABLE blocks_roles (
+ module varchar(64) NOT NULL,
+ delta varchar(32) NOT NULL,
+ rid integer NOT NULL,
+ PRIMARY KEY (module, delta, rid)
+ );");
+ break;
+
+ }
+ return $ret;
+}
diff --git a/modules/block.module b/modules/block.module
index 9d48ca777dbeef09d211014ba4fa729e2f4ad400..588bb291824abbc2edc926b0541a66010383ad09 100644
--- a/modules/block.module
+++ b/modules/block.module
@@ -22,6 +22,7 @@ function block_help($section) {
Its page visibility settings. Blocks can be configured to be visible/hidden on certain pages.
Its custom visibility settings. Blocks can be configured to be visible only when specific conditions are true.
Its user visibility settings. Administrators can choose to let users decide whether to show/hide certain blocks.
+Its user-role visibility settings. Administrators can choose to let blocks be visible only for certain user roles.
Its function. Some dynamic blocks, such as those generated by modules, will be displayed only on certain pages.
');
@@ -365,7 +366,7 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['block_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Block specific settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
foreach ($settings as $k => $v) {
@@ -382,19 +383,48 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['user_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('User specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$form['user_vis_settings']['custom'] = array(
'#type' => 'radios',
'#title' => t('Custom visibility settings'),
- '#options' => array(t('Users cannot control whether or not they see this block.'), t('Show this block by default, but let individual users hide it.'), t('Hide this block by default but let individual users show it.')),
+ '#options' => array(
+ t('Users cannot control whether or not they see this block.'),
+ t('Show this block by default, but let individual users hide it.'),
+ t('Hide this block by default but let individual users show it.')
+ ),
'#description' => t('Allow individual users to customize the visibility of this block in their account settings.'),
'#default_value' => $edit['custom'],
);
+
+ // Role-based visibility settings
+ $default_role_options = array();
+ $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
+ while ($role = db_fetch_object($result)) {
+ $default_role_options[] = $role->rid;
+ }
+ $result = db_query('SELECT rid, name FROM {role} ORDER BY name');
+ $role_options = array();
+ while ($role = db_fetch_object($result)) {
+ $role_options[$role->rid] = $role->name;
+ }
+ $form['role_vis_settings'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Role specific visibility settings'),
+ '#collapsible' => TRUE,
+ );
+ $form['role_vis_settings']['roles'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('Show block for specific roles'),
+ '#default_value' => $default_role_options,
+ '#options' => $role_options,
+ '#description' => t('Show this block only for the selected role(s). If you select no roles, the block will be visible to all users.'),
+ );
+
$form['page_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Page specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$access = user_access('use PHP for block visibility');
@@ -444,6 +474,10 @@ function block_admin_configure_validate($form_id, $form_values) {
function block_admin_configure_submit($form_id, $form_values) {
if (!form_get_errors()) {
db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d WHERE module = '%s' AND delta = '%s'", $form_values['visibility'], $form_values['pages'], $form_values['custom'], $form_values['module'], $form_values['delta']);
+ db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_values['module'], $form_values['delta']);
+ foreach (array_filter($form_values['roles']) as $rid) {
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_values['module'], $form_values['delta']);
+ }
module_invoke($form_values['module'], 'block', 'save', $form_values['delta'], $form_values);
drupal_set_message(t('The block configuration has been saved.'));
cache_clear_all();
@@ -540,7 +574,7 @@ function block_box_save($edit, $delta = NULL) {
else {
db_query("INSERT INTO {boxes} (title, body, info, format) VALUES ('%s', '%s', '%s', %d)", $edit['title'], $edit['body'], $edit['info'], $edit['format']);
}
- return true;
+ return TRUE;
}
/**
@@ -550,10 +584,11 @@ function block_box_save($edit, $delta = NULL) {
* the site.
*/
function block_user($type, $edit, &$user, $category = NULL) {
+ global $user;
switch ($type) {
case 'form':
if ($category == 'account') {
- $result = db_query('SELECT * FROM {blocks} WHERE status = 1 AND custom != 0 ORDER BY weight, module, delta');
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles)));
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
while ($block = db_fetch_object($result)) {
$data = module_invoke($block->module, 'block', 'list');
@@ -600,7 +635,7 @@ function block_list($region) {
static $blocks = array();
if (!count($blocks)) {
- $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s' AND status = 1 ORDER BY region, weight, module", $theme_key);
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", $theme_key, implode(',', array_keys($user->roles)));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
@@ -656,5 +691,3 @@ function block_list($region) {
}
return $blocks[$region];
}
-
-
diff --git a/modules/block/block.module b/modules/block/block.module
index 9d48ca777dbeef09d211014ba4fa729e2f4ad400..588bb291824abbc2edc926b0541a66010383ad09 100644
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -22,6 +22,7 @@ function block_help($section) {
Its page visibility settings. Blocks can be configured to be visible/hidden on certain pages.
Its custom visibility settings. Blocks can be configured to be visible only when specific conditions are true.
Its user visibility settings. Administrators can choose to let users decide whether to show/hide certain blocks.
+Its user-role visibility settings. Administrators can choose to let blocks be visible only for certain user roles.
Its function. Some dynamic blocks, such as those generated by modules, will be displayed only on certain pages.
');
@@ -365,7 +366,7 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['block_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Block specific settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
foreach ($settings as $k => $v) {
@@ -382,19 +383,48 @@ function block_admin_configure($module = NULL, $delta = 0) {
$form['user_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('User specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$form['user_vis_settings']['custom'] = array(
'#type' => 'radios',
'#title' => t('Custom visibility settings'),
- '#options' => array(t('Users cannot control whether or not they see this block.'), t('Show this block by default, but let individual users hide it.'), t('Hide this block by default but let individual users show it.')),
+ '#options' => array(
+ t('Users cannot control whether or not they see this block.'),
+ t('Show this block by default, but let individual users hide it.'),
+ t('Hide this block by default but let individual users show it.')
+ ),
'#description' => t('Allow individual users to customize the visibility of this block in their account settings.'),
'#default_value' => $edit['custom'],
);
+
+ // Role-based visibility settings
+ $default_role_options = array();
+ $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
+ while ($role = db_fetch_object($result)) {
+ $default_role_options[] = $role->rid;
+ }
+ $result = db_query('SELECT rid, name FROM {role} ORDER BY name');
+ $role_options = array();
+ while ($role = db_fetch_object($result)) {
+ $role_options[$role->rid] = $role->name;
+ }
+ $form['role_vis_settings'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Role specific visibility settings'),
+ '#collapsible' => TRUE,
+ );
+ $form['role_vis_settings']['roles'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('Show block for specific roles'),
+ '#default_value' => $default_role_options,
+ '#options' => $role_options,
+ '#description' => t('Show this block only for the selected role(s). If you select no roles, the block will be visible to all users.'),
+ );
+
$form['page_vis_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Page specific visibility settings'),
- '#collapsible' => true,
+ '#collapsible' => TRUE,
);
$access = user_access('use PHP for block visibility');
@@ -444,6 +474,10 @@ function block_admin_configure_validate($form_id, $form_values) {
function block_admin_configure_submit($form_id, $form_values) {
if (!form_get_errors()) {
db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d WHERE module = '%s' AND delta = '%s'", $form_values['visibility'], $form_values['pages'], $form_values['custom'], $form_values['module'], $form_values['delta']);
+ db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_values['module'], $form_values['delta']);
+ foreach (array_filter($form_values['roles']) as $rid) {
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_values['module'], $form_values['delta']);
+ }
module_invoke($form_values['module'], 'block', 'save', $form_values['delta'], $form_values);
drupal_set_message(t('The block configuration has been saved.'));
cache_clear_all();
@@ -540,7 +574,7 @@ function block_box_save($edit, $delta = NULL) {
else {
db_query("INSERT INTO {boxes} (title, body, info, format) VALUES ('%s', '%s', '%s', %d)", $edit['title'], $edit['body'], $edit['info'], $edit['format']);
}
- return true;
+ return TRUE;
}
/**
@@ -550,10 +584,11 @@ function block_box_save($edit, $delta = NULL) {
* the site.
*/
function block_user($type, $edit, &$user, $category = NULL) {
+ global $user;
switch ($type) {
case 'form':
if ($category == 'account') {
- $result = db_query('SELECT * FROM {blocks} WHERE status = 1 AND custom != 0 ORDER BY weight, module, delta');
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles)));
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
while ($block = db_fetch_object($result)) {
$data = module_invoke($block->module, 'block', 'list');
@@ -600,7 +635,7 @@ function block_list($region) {
static $blocks = array();
if (!count($blocks)) {
- $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s' AND status = 1 ORDER BY region, weight, module", $theme_key);
+ $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", $theme_key, implode(',', array_keys($user->roles)));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
@@ -656,5 +691,3 @@ function block_list($region) {
}
return $blocks[$region];
}
-
-
diff --git a/modules/taxonomy.module b/modules/taxonomy.module
index ba7827d70cab152e4e4406a22464f9806f91a167..0ee530d6b631e63a79569d0cb30f919719c3142d 100644
--- a/modules/taxonomy.module
+++ b/modules/taxonomy.module
@@ -1147,7 +1147,7 @@ function taxonomy_render_nodes($result) {
$output .= theme('pager', NULL, variable_get('default_nodes_main', 10), 0);
}
else {
- $output .= t('There are currently no posts in this category.');
+ $output .= ''. t('There are currently no posts in this category.') .'
';
}
return $output;
}
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index ba7827d70cab152e4e4406a22464f9806f91a167..0ee530d6b631e63a79569d0cb30f919719c3142d 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -1147,7 +1147,7 @@ function taxonomy_render_nodes($result) {
$output .= theme('pager', NULL, variable_get('default_nodes_main', 10), 0);
}
else {
- $output .= t('There are currently no posts in this category.');
+ $output .= ''. t('There are currently no posts in this category.') .'
';
}
return $output;
}