diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 0dcf2e2c5dbd5a1253152cc95062f07269e1e913..a4187755a42a1d65b434404d9f0ed32fc9645bf0 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -122,6 +122,7 @@ Views 3.x-7.x-dev o #737120 by james.williams: Fix help text for date offsets which gave incorrect information. o #737118 by DeFr: Allow API calls to delete to not clear the views cache to facilitate batch operations. o #684656 by yhahn: Prevent Views from performing an unneeded variable_set() during block list. + o #673852 by yhahn: Allow access plugins to choose whether or not "access all views" should be used. Views 6.x-3.x-dev o #396380 by merlinofchaos, dereine and dagmar: Initial support for GROUP BY queries!!!!!!!!!!!! diff --git a/plugins/views_plugin_access_perm.inc b/plugins/views_plugin_access_perm.inc index fd7fe6059cd0a74ea3e7e9bcd6d08aac2abda6f8..032170f6482e212202d26c04d9d7344d7f1d8260 100644 --- a/plugins/views_plugin_access_perm.inc +++ b/plugins/views_plugin_access_perm.inc @@ -6,11 +6,11 @@ */ class views_plugin_access_perm extends views_plugin_access { function access($account) { - return user_access($this->options['perm'], $account); + return views_check_perm($this->options['perm'], $account); } function get_access_callback() { - return array('user_access', array($this->options['perm'])); + return array('views_check_perm', array($this->options['perm'])); } function summary_title() { diff --git a/plugins/views_plugin_access_role.inc b/plugins/views_plugin_access_role.inc index 22ada6973c1ac19f2ce1c8033c4076cf80033187..2d3ea5126f950f652d64eefe68c2dfd9994ef636 100644 --- a/plugins/views_plugin_access_role.inc +++ b/plugins/views_plugin_access_role.inc @@ -6,9 +6,7 @@ */ class views_plugin_access_role extends views_plugin_access { function access($account) { - $roles = array_keys($account->roles); - $roles[] = $account->uid ? DRUPAL_AUTHENTICATED_RID : DRUPAL_ANONYMOUS_RID; - return array_intersect(array_filter($this->options['role']), $roles); + return views_check_roles(array_filter($this->options['role']), $account); } function get_access_callback() { diff --git a/views.module b/views.module index c212acce961357fd3cc3efc0fd5b6ccf6a6ab158..8871c2791133cf908cd594f9d388838e8e8fb141 100644 --- a/views.module +++ b/views.module @@ -442,10 +442,6 @@ function views_invalidate_cache() { * is accessible, then the view is accessible. */ function views_access() { - if (user_access('access all views')) { - return TRUE; - } - $args = func_get_args(); foreach ($args as $arg) { if ($arg === TRUE) { @@ -466,17 +462,29 @@ function views_access() { } /** - * Access callback to determine if the logged in user has any of the - * requested roles. + * Access callback for the views_plugin_access_perm access plugin. * - * This must be in views.module as it is called by menu access callback - * and can be called often. + * Determine if the specified user has access to a view on the basis of + * permissions. If the $account argument is omitted, the current user + * is used. + */ +function views_check_perm($perm, $account = NULL) { + return user_access($perm, $account) || user_access('access all views', $account); +} + +/** + * Access callback for the views_plugin_access_role access plugin. + + * Determine if the specified user has access to a view on the basis of any of + * the requested roles. If the $account argument is omitted, the current user + * is used. */ -function views_check_roles($rids) { +function views_check_roles($rids, $account = NULL) { global $user; - $roles = array_keys($user->roles); - $roles[] = $user->uid ? DRUPAL_AUTHENTICATED_RID : DRUPAL_ANONYMOUS_RID; - return array_intersect(array_filter($rids), $roles); + $account = isset($account) ? $account : $user; + $roles = array_keys($account->roles); + $roles[] = $account->uid ? DRUPAL_AUTHENTICATED_RID : DRUPAL_ANONYMOUS_RID; + return user_access('access all views', $account) || array_intersect(array_filter($rids), $roles); } // ------------------------------------------------------------------ // Functions to help identify views that are running or ran