summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fb_user.module209
1 files changed, 115 insertions, 94 deletions
diff --git a/fb_user.module b/fb_user.module
index 15dc28d..2dad88a 100644
--- a/fb_user.module
+++ b/fb_user.module
@@ -19,6 +19,9 @@ define('FB_USER_OPTION_MAP_NEVER', 1);
define('FB_USER_OPTION_MAP_ALWAYS', 2);
+function fb_user_perm() {
+ return array('edit own extended permissions', 'delete own fb_user authmap');
+}
/**
* There are several pages where we don't want to automatically create a new
@@ -26,7 +29,9 @@ define('FB_USER_OPTION_MAP_ALWAYS', 2);
*/
function _fb_user_special_page() {
// TODO: hopefully this can be simplified.
- return (arg(0) == 'user' || arg(0) == 'fb_user' ||
+ return ((arg(0) == 'user' && arg(1) == 'login') ||
+ (arg(0) == 'user' && arg(1) == 'register') ||
+ arg(0) == 'fb_user' ||
(arg(0) == 'fb' && arg(1) == 'form_cache') ||
(arg(0) == 'fb_app' && arg(1) == 'event') ||
(arg(0) == 'fb_connect' && arg(2) == 'receiver'));
@@ -90,6 +95,7 @@ function fb_user_fb($op, $data, &$return) {
$uid = $fb_app_data['fb_user']['not_logged_in_uid'];
}
if ($uid) {
+ dpm("XXX setting global user in fb_user_fb!");
$user = user_load(array('uid' => $uid));
}
}
@@ -424,41 +430,50 @@ function fb_user_user($op, &$edit, &$account, $category = NULL) {
// Add tabs on user edit pages to manage maps between local accounts and facebook accounts.
if ($op == 'categories') {
- // A tab for administrators
- $items[] = array('name' => 'fb_user',
- 'title' => t('Facebook Applications'),
- 'weight' => 1,
- );
- // A tab for each application the user has authorized
- $result = _fb_app_query_all();
- $apps = array();
- while ($fb_app = db_fetch_object($result)) {
- $apps[$fb_app->label] = $fb_app;
- $fb_app_data = fb_app_get_data($fb_app);
- $fb_user_data = $fb_app_data['fb_user']; // our configuration
-
- $fbu = _fb_user_get_fbu($account->uid, $fb_app);
-
- if ($fbu && !$info[$fbu]) {
- // The drupal user is a facebook user. Now, learn more from facebook.
- $fb = fb_api_init($fb_app, FB_FBU_ANY);
- // Note: this requires infinite session with facebook. TODO: fallback to fb_user_app table.
- $info[$fbu] = $fb->api_client->users_getInfo(array($fbu),
- array('name',
- 'is_app_user',
- ));
+ if (user_access('administer users') ||
+ (user_access('delete own fb_user authmap') && $user->uid == $account->uid)) {
+ // A tab for administrators
+ $items[] = array('name' => 'fb_user',
+ 'title' => t('Facebook Applications'),
+ 'weight' => 1,
+ );
+ }
+ if (user_access('edit own extended permissions') &&
+ $user->uid == $account->uid) {
+ // A tab for each application the user has authorized
+ $result = _fb_app_query_all();
+ $apps = array();
+ while ($fb_app = db_fetch_object($result)) {
+ $apps[$fb_app->label] = $fb_app;
+ $fb_app_data = fb_app_get_data($fb_app);
+ $fb_user_data = $fb_app_data['fb_user']; // our configuration
- if ($info[$fbu][0]['is_app_user']) {
- $items[] = array('name' => $fb_app->label,
- 'title' => $fb_app->title,
- 'weight' => 2);
- }
+ $fbu = _fb_user_get_fbu($account->uid, $fb_app);
+ if ($fbu && !$info[$fbu]) {
+ // The drupal user is a facebook user. Now, learn more from facebook.
+ $fb = fb_api_init($fb_app, FB_FBU_ANY);
+ // Note: this requires infinite session with facebook. TODO: fallback to fb_user_app table.
+ $info[$fbu] = $fb->api_client->users_getInfo(array($fbu),
+ array('name',
+ 'is_app_user',
+ ));
+
+ if ($info[$fbu][0]['is_app_user']) {
+ $items[] = array('name' => $fb_app->label,
+ 'title' => $fb_app->title,
+ 'weight' => 2);
+ }
+ }
}
}
return $items;
}
else if ($op == 'form' && $category == 'fb_user') {
+ if (!user_access('administer users') ||
+ !(user_access('delete own fb_user authmap') && $user->uid == $account->uid))
+ return; // hide from this user
+
$form['map'] = array('#tree' => TRUE);
// Iterate through all facebook apps, because they do not all use the same
// map scheme.
@@ -472,7 +487,7 @@ function fb_user_user($op, &$edit, &$account, $category = NULL) {
if ($fbu && !$info[$fbu]) {
// The drupal user is a facebook user. Now, learn more from facebook.
$fb = fb_api_init($fb_app, FB_FBU_ANY);
- // Note: this requires infinite session with facebook. TODO: fallback to fb_user_app table.
+ // Note: this requires infinite session with facebook or active fbconnect session. TODO: fallback to fb_user_app table.
$info[$fbu] = $fb->api_client->users_getInfo(array($fbu),
array('name',
'is_app_user',
@@ -534,74 +549,80 @@ function fb_user_user($op, &$edit, &$account, $category = NULL) {
return $form;
}
else if ($op == 'form' && ($fb_app = $apps[$category])) {
- // Application-specific settings
- $form['#fb_app'] = $fb_app; // used in hook_form_alter.
-
- if (function_exists('fb_canvas_is_fbml') && fb_canvas_is_fbml()) {
- $sections = array('profile', 'info');
- foreach ($sections as $section) {
- $form[$section] =
- array('#type' => 'markup',
- '#value' => '<fb:add-section-button section="'.$section.'" />',
- );
- }
- }
- // http://wiki.developers.facebook.com/index.php/Extended_permissions
- $permissions =
- array('email' => 'Allow %application to send you email',
- 'offline_access' => 'Grant %application access to your Facebook profile.',
- 'status_update' => 'Allow %application to set your status.',
- 'photo_upload' => 'Allow %application to upload photos.',
- 'create_listing' => 'Allow %application to create marketplace listings on your behalf.',
- 'create_event' => 'Allow %application to create events on your behalf.',
- 'rsvp_event' => 'Allow %application to RSVP to events on your behalf',
- 'sms' => 'Allow %application to send you SMS text messages.',
- );
- foreach ($permissions as $key => $t) {
+ if (user_access('edit own extended permissions') &&
+ $GLOBALS['user']->uid == $account->uid) {
+ // Application-specific settings
+ $form['#fb_app'] = $fb_app; // used in hook_form_alter.
+
if (function_exists('fb_canvas_is_fbml') && fb_canvas_is_fbml()) {
- $form[$key] =
- array('#type' => 'markup',
- '#value' => '<fb:prompt-permission perms="'.$key.'">'.
- t($t, array('%application' => $fb_app->title)) .
- '<br /></fb:prompt-permission>',
- );
- }
- else {
- // Non-fbml page
- // TODO: use API to hide permissions we already have
- $url = url($_GET['q'], NULL, NULL, TRUE);
- $form[$key] =
- array('#type' => 'markup',
- '#value' => l(t($t, array('%application' => $fb_app->title)),
- "http://www.facebook.com/authorize.php",
- array(),
- "api_key={$fb_app->api_key}&v=1.0&ext_perm={$key}&next={$url}&next_cancel={$url}"),
- );
-
+ $sections = array('profile', 'info');
+ foreach ($sections as $section) {
+ $form[$section] =
+ array('#type' => 'markup',
+ '#value' => '<fb:add-section-button section="'.$section.'" />',
+ );
+ }
}
- }
-
- // Add buttons for boxes and info
- $sections = array('profile', 'info');
- foreach ($sections as $section) {
- if (function_exists('fb_canvas_is_fbml') && fb_canvas_is_fbml()) {
- $form[$section] =
- array('#type' => 'markup',
- '#value' => '<fb:add-section-button section="'.$section.'" />',
- );
+ // http://wiki.developers.facebook.com/index.php/Extended_permissions
+ $permissions =
+ array('email' => 'Allow %application to send you email',
+ 'offline_access' => 'Grant %application access to your Facebook profile.',
+ 'status_update' => 'Allow %application to set your status.',
+ 'photo_upload' => 'Allow %application to upload photos.',
+ 'create_listing' => 'Allow %application to create marketplace listings on your behalf.',
+ 'create_event' => 'Allow %application to create events on your behalf.',
+ 'rsvp_event' => 'Allow %application to RSVP to events on your behalf',
+ 'sms' => 'Allow %application to send you SMS text messages.',
+ );
+ foreach ($permissions as $key => $t) {
+ if (function_exists('fb_canvas_is_fbml') && fb_canvas_is_fbml()) {
+ $form[$key] =
+ array('#type' => 'markup',
+ '#value' => '<fb:prompt-permission perms="'.$key.'">'.
+ t($t, array('%application' => $fb_app->title)) .
+ '<br /></fb:prompt-permission>',
+ );
+ }
+ else {
+ // Non-fbml page
+ // TODO: use API to hide permissions we already have
+ $url = url($_GET['q'], NULL, NULL, TRUE);
+ $form[$key] =
+ array('#type' => 'markup',
+ '#value' => l(t($t, array('%application' => $fb_app->title)),
+ "http://www.facebook.com/authorize.php",
+ array(),
+ "api_key={$fb_app->api_key}&v=1.0&ext_perm={$key}&next={$url}&next_cancel={$url}",
+ NULL, TRUE, TRUE),
+ '#prefix' => '<p>',
+ '#suffix' => '</p>',
+ );
+
+ }
}
- // No way to add these to a non-canvas page at the moment
+
+ // Add buttons for boxes and info
+ $sections = array('profile', 'info');
+ foreach ($sections as $section) {
+ if (function_exists('fb_canvas_is_fbml') && fb_canvas_is_fbml()) {
+ $form[$section] =
+ array('#type' => 'markup',
+ '#value' => '<fb:add-section-button section="'.$section.'" />',
+ );
+ }
+ // No way to add these to a non-canvas page at the moment
+ }
+
+ $form['description'] =
+ array('#type' => 'markup',
+ '#value' => l(t('All settings for %application (and other Facebook Applications).', array('%application' => $fb_app->title)),
+ 'http://www.facebook.com/editapps.php',
+ array(), NULL, NULL, FALSE, TRUE),
+ '#prefix' => '<p>',
+ '#suffix' => "</p>\n",
+ );
+ return $form;
}
-
- $form['description'] =
- array('#type' => 'markup',
- '#value' => l(t('All settings for %application (and other Facebook Applications).', array('%application' => $fb_app->title)),
- 'http://www.facebook.com/editapps.php',
- array(), NULL, NULL, FALSE, TRUE),
- '#prefix' => '<p>',
- '#suffix' => "</p>\n",
- );
- return $form;
}
else if ($op == 'update' && $category == 'fb_user') {
//dpm($edit, "fb_user_user($op)");