Index: openid_provider.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.inc,v
retrieving revision 1.3.2.6
diff -u -p -r1.3.2.6 openid_provider.inc
--- openid_provider.inc	11 Mar 2009 18:15:02 -0000	1.3.2.6
+++ openid_provider.inc	12 Jun 2009 12:11:43 -0000
@@ -136,13 +136,22 @@ function openid_provider_authentication_
   $response = array_merge($response, module_invoke_all('openid_provider', 'response', $response, $request));
   
   $rp = _openid_provider_rp_load($user->uid, $realm);
-  if ($rp->auto_release) {
-    $response = _openid_provider_sign($response);
-    _openid_provider_rp_save($user->uid, $realm, TRUE);
-    return openid_redirect_http($response['openid.return_to'], $response); 
-  }
-  else {
-    return drupal_get_form('openid_provider_form', $response, $realm);
+  if (!$rp) {
+    /* never seen this relaying party, set some sane defaults */
+    $rp = new stdClass();
+    $rp->access = OPENID_PROVIDER_ASK;
+  }
+  switch ($rp->access) {
+    case OPENID_PROVIDER_DENY:
+      $response = openid_provider_cancel_authentication_response($request['openid.mode']);
+      return openid_redirect_http($request['openid.return_to'], $response);
+    case OPENID_PROVIDER_ALLOW:
+      $response = _openid_provider_sign($response);
+      _openid_provider_rp_save($user->uid, $realm, $rp->access);
+      return openid_redirect_http($response['openid.return_to'], $response);
+    case OPENID_PROVIDER_ASK:
+    default:
+      return drupal_get_form('openid_provider_form', $response, $realm);
   }
 }
 
@@ -281,13 +290,13 @@ function _openid_provider_rp_load($uid, 
   }
 }
   
-function _openid_provider_rp_save($uid, $realm, $auto_release = FALSE) {
+function _openid_provider_rp_save($uid, $realm, $access = OPENID_PROVIDER_ASK) {
   $rpid = db_result(db_query("SELECT rpid FROM {openid_provider_relying_party} WHERE uid=%d AND realm='%s'", $uid, $realm));
   if ($rpid) {
-    db_query("UPDATE {openid_provider_relying_party} SET auto_release=%d, last_time=%d WHERE rpid=%d", $auto_release, time(), $rpid);  
+    db_query("UPDATE {openid_provider_relying_party} SET access=%d, last_time=%d WHERE rpid=%d", $access, time(), $rpid);  
   }
   else {
-    db_query("INSERT INTO {openid_provider_relying_party} (uid, realm, first_time, last_time, auto_release) VALUES (%d, '%s', %d, %d, %d)", $uid, $realm, time(), time(), $auto_release);
+    db_query("INSERT INTO {openid_provider_relying_party} (uid, realm, first_time, last_time, access) VALUES (%d, '%s', %d, %d, %d)", $uid, $realm, time(), time(), $access);
   }
 }
 function _openid_provider_nonce() {
Index: openid_provider.install
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.install,v
retrieving revision 1.2.2.1
diff -u -p -r1.2.2.1 openid_provider.install
--- openid_provider.install	11 Mar 2009 18:15:02 -0000	1.2.2.1
+++ openid_provider.install	12 Jun 2009 12:11:43 -0000
@@ -54,7 +54,7 @@ function openid_provider_schema() {
         'default' => 0,
         'description' => t('Timestamp of the most recent access'),
       ),
-      'auto_release' => array(
+      'access' => array(
         'type' => 'int',
         'not null' => TRUE,
         'default' => 0,
@@ -107,4 +107,12 @@ function openid_provider_schema() {
   );
 
   return $schema;
-}
\ No newline at end of file
+}
+
+function openid_provider_update_6100() {
+  $ret = array();
+  db_change_field($ret, 'openid_provider_relying_party', 'auto_release', 'access', array('type' => 'int', 'not null' => TRUE,'default' => 0));
+  /* the field changed semantics: 0 now means deny (instead of ask), 1 means ask (instead of allow) and 2 means allow, so we just bump everyone by one */
+  $ret[] = update_sql("UPDATE {openid_provider_relying_party} SET access = access + 1;");
+  return $ret;
+}
Index: openid_provider.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.module,v
retrieving revision 1.3.2.3
diff -u -p -r1.3.2.3 openid_provider.module
--- openid_provider.module	11 Mar 2009 18:15:02 -0000	1.3.2.3
+++ openid_provider.module	12 Jun 2009 12:11:43 -0000
@@ -7,6 +7,18 @@
  */
 
 /**
+ * access control constants
+ *
+ * those are used to identify how to let the sites access this provider and
+ * are stored in the database, in the openid_provider_relying_party table.
+ *
+ * Do not assume truth or numeric value here and always use the constants.
+ */
+define('OPENID_PROVIDER_DENY', 0);
+define('OPENID_PROVIDER_ASK', 1);
+define('OPENID_PROVIDER_ALLOW', 2);
+
+/**
  * Implementation of hook_menu().
  */
 function openid_provider_menu() {
@@ -74,6 +86,17 @@ function openid_provider_perm() {
 }
 
 /**
+ * Implementation of hook_theme()
+ */
+function openid_provider_theme($existing, $type, $theme, $path) {
+  return array(
+    'openid_provider_sites' => array(
+      'arguments' => array('form' => NULL),
+    ),
+  );
+}
+
+/**
  * Implementation of hook_init()
  *
  * Add appropriate HTML headers for XRDS and Link discovery.
@@ -224,19 +247,24 @@ function openid_provider_form(&$form_sta
   
   $form['#action'] = url('openid/provider/send');
 
-  $form['submit_once'] = array(
+  $form['submit_allow_always'] = array(
+    '#type' => 'submit',
+    '#value' => t('Yes; always'),
+    '#submit' => array('openid_provider_form_submit_allow_always')
+  );
+  $form['submit_allow_once'] = array(
     '#type' => 'submit',
     '#value' => t('Yes; just this once'),
   );
-  $form['submit_always'] = array(
+  $form['submit_deny_once'] = array(
     '#type' => 'submit',
-    '#value' => t('Yes; always'),
-    '#submit' => array('openid_provider_form_submit_always')
+    '#value' => t('No'),
+    '#submit' => array('openid_provider_form_submit_deny_once')
   );
-  $form['cancel'] = array(
+  $form['submit_always_deny'] = array(
     '#type' => 'submit',
-    '#value' => t('Cancel'),
-    '#submit' => array('openid_provider_form_submit_cancel')
+    '#value' => t('No; never allow access'),
+    '#submit' => array('openid_provider_form_submit_deny_always')
   );
 
   return $form;
@@ -245,28 +273,28 @@ function openid_provider_form(&$form_sta
 /**
  * Once submit handler
  */
-function openid_provider_form_submit(&$form, $form_state, $auto_release = FALSE) {
+function openid_provider_form_submit(&$form, $form_state, $access = OPENID_PROVIDER_ASK) {
   global $user;
 
   module_load_include('inc', 'openid');
   module_load_include('inc', 'openid_provider');
   
   $response = _openid_provider_sign($form_state['storage']['response']);
-  _openid_provider_rp_save($user->uid, $form_state['storage']['realm'], $auto_release);
+  _openid_provider_rp_save($user->uid, $form_state['storage']['realm'], $access);
   openid_redirect_http($response['openid.return_to'], $response);
 }
 
 /**
  * Always submit handler
  */
-function openid_provider_form_submit_always(&$form, $form_state) {
-  return openid_provider_form_submit($form, $form_state, TRUE);
+function openid_provider_form_submit_allow_always(&$form, $form_state) {
+  return openid_provider_form_submit($form, $form_state, OPENID_PROVIDER_ALLOW);
 }
  
 /**
- * Cancel submit handler
+ * Deny submit handler
  */
-function openid_provider_form_submit_cancel(&$form, $form_state) {
+function openid_provider_form_submit_deny_once(&$form, $form_state) {
   module_load_include('inc', 'openid_provider');
   module_load_include('inc', 'openid');
   
@@ -276,6 +304,14 @@ function openid_provider_form_submit_can
 }
 
 /**
+ * Deny always submit handler
+ */
+function openid_provider_form_submit_deny_always(&$form, $form_state) {
+  _openid_provider_rp_save($user->uid, $form_state['storage']['realm'], OPENID_PROVIDER_DENY);
+  return openid_provider_form_submit($form, $form_state);
+}
+
+/**
  * Implementation of hook_pathauto() for OpenID Provider aliases.
  */
 function openid_provider_pathauto($op) {
Index: openid_provider.pages.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.pages.inc,v
retrieving revision 1.1.2.3
diff -u -p -r1.1.2.3 openid_provider.pages.inc
--- openid_provider.pages.inc	11 Mar 2009 18:15:02 -0000	1.1.2.3
+++ openid_provider.pages.inc	12 Jun 2009 12:11:43 -0000
@@ -71,7 +71,7 @@ function openid_provider_send() {
 
 /**
  * Page callback for OpenID Sites form where users can configure the
- * auto_release status of RP's they have logged into.
+ * access status of RP's they have logged into.
  *
  * @param object $account User account object for the user.
  */
@@ -89,26 +89,35 @@ function openid_provider_sites_form($for
   
   module_load_include('inc', 'openid_provider');
   
-  $rps = _openid_provider_rp_load($user->uid);
-  if (count($rps)) {
-    $form = array('#tree' => TRUE);
-    foreach ($rps as $rp) {
-      $form['rpid'][$rp->rpid] = array(
-        '#type' => 'checkbox',
-        '#title' => $rp->realm,
-        '#default_value' => $rp->auto_release,
-        '#description' => t('Last accessed @time', array('@time' => format_date($rp->last_time)))
-      );
-    }
+  $result = pager_query("SELECT * FROM {openid_provider_relying_party} WHERE uid=%d ORDER BY last_time DESC", 50, 0, NULL, $user->uid);
+  
+  $form['description'] = array(
+    '#type' => 'item',
+    '#description' => t('Those are the sites you have used your OpenID on. Access control determines determines if you will be asked for approval when login into those sites using your OpenID. You can also completely deny access to those sites if you think they are malicious.'),
+  );
+  
+  $form['submit'] = array(
+    '#type' => 'submit',
+    '#value' => t('Update'),
+  );
   
-    $form['submit'] = array(
-      '#type' => 'submit',
-      '#value' => t('Save')
+  $access_options = array(OPENID_PROVIDER_DENY => t('Deny'), OPENID_PROVIDER_ASK => t('Ask'), OPENID_PROVIDER_ALLOW => t('Allow'));
+  while ($rp = db_fetch_object($result)) {
+    $rps[$rp->rpid] = '';
+    $form['site'][$rp->rpid] = array(
+      '#value' => l($rp->realm, $rp->realm),
+    );
+    $form['last_access'][$rp->rpid] = array(
+      '#value' => $rp->last_time,
+    );
+    $form['access'][$rp->rpid] = array(
+      '#type' => 'radios',
+      '#options' => $access_options,
+      '#default_value' => $rp->access,
     );
   }
-  else {
-    $form['none']['#value'] = t('No sites yet');
-  }
+  $form['pager'] = array('#value' => theme('pager', NULL, 50, 0));
+  $form['#theme'] = 'openid_provider_sites';
   return $form;
 }
 
@@ -116,8 +125,38 @@ function openid_provider_sites_form($for
  * Form submit callback for openid_provider_sites.
  */
 function openid_provider_sites_form_submit($form, &$form_state) {
-  foreach ($form_state['values']['rpid'] as $key => $value) {
-    db_query("UPDATE {openid_provider_relying_party} SET auto_release=%d WHERE rpid=%d", $value, $key);
+  foreach ($form_state['values'] as $key => $value) {
+    if (is_numeric($key)) {
+      db_query("UPDATE {openid_provider_relying_party} SET access=%d WHERE rpid=%d", $value, $key);
+    }
   }
   drupal_set_message(t('Settings saved.'));
 }
+
+/**
+ * Theme openid sites overview.
+ *
+ * @ingroup themeable
+ */
+function theme_openid_provider_sites($form) {
+  // If there are rows in this form, then $form['title'] contains a list of
+  // the title form elements.
+  $header = array(t('Access control'), t('Site'), t('Last access'));
+  foreach (element_children($form['site']) as $key) {
+    $row = array();
+    $row[] = drupal_render($form['access'][$key]);
+    $row[] = drupal_render($form['site'][$key]);
+    $row[] = format_date(drupal_render(($form['last_access'][$key])));
+    $rows[] = $row;
+  }
+
+  unset($form['last_access']);
+  $output .= theme('table', $header, $rows);
+  if ($form['pager']['#value']) {
+    $output .= drupal_render($form['pager']);
+  }
+
+  $output .= drupal_render($form);
+
+  return $output;
+}