? bypass.patch
? sites/default/files
Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.974
diff -u -p -r1.974 node.module
--- modules/node/node.module	6 Sep 2008 08:36:20 -0000	1.974
+++ modules/node/node.module	11 Sep 2008 22:26:16 -0000
@@ -1163,8 +1163,9 @@ function theme_node_log_message($log) {
 function node_perm() {
   $perms = array(
     'administer content types' => t('Manage content types and content type administration settings.'),
-    'administer nodes' => t('Manage all website content, and bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
+    'administer nodes' => t('Manage all information associated with site content, such as author, publication date and current revision. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
     'access content' => t('View published content.'),
+    'bypass node access' => t('View, edit and delete all site content. Users with this permission will bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
     'view revisions' => t('View content revisions.'),
     'revert revisions' => t('Replace content with an older revision.'),
     'delete revisions' => t('Delete content revisions.'),
@@ -2076,7 +2077,7 @@ function node_access($op, $node, $accoun
     return FALSE;
   }
 
-  if (user_access('administer nodes', $account)) {
+  if (user_access('bypass node access', $account)) {
     return TRUE;
   }
 
@@ -2136,7 +2137,7 @@ function node_access($op, $node, $accoun
  *   An SQL join clause.
  */
 function _node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
-  if (user_access('administer nodes')) {
+  if (user_access('bypass node access')) {
     return '';
   }
 
@@ -2158,7 +2159,7 @@ function _node_access_join_sql($node_ali
  *   An SQL where clause.
  */
 function _node_access_where_sql($op = 'view', $node_access_alias = 'na', $account = NULL) {
-  if (user_access('administer nodes')) {
+  if (user_access('bypass node access')) {
     return;
   }
 
Index: modules/node/node.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.test,v
retrieving revision 1.5
diff -u -p -r1.5 node.test
--- modules/node/node.test	30 Aug 2008 13:08:05 -0000	1.5
+++ modules/node/node.test	11 Sep 2008 22:26:17 -0000
@@ -370,9 +370,7 @@ class PageViewTestCase extends DrupalWeb
   function getInfo() {
     return array(
       'name' => t('Unauthorized node view'),
-      'description' => t('Creates a node of type page and then an unpermissioned user attempts to edit the node, '
-        . 'before tries with an anonymous user. Asserts failure.'
-        . '</ br>WARNING: This is based on default registered user permissions (no administer nodes).'),
+      'description' => t('Creates a node of type page and then an unpermissioned user attempts to edit the node. Asserts failure.'),
       'group' => t('Node'),
     );
   }
@@ -381,22 +379,22 @@ class PageViewTestCase extends DrupalWeb
     // Prepare a node to view
     global $user;
     $node = $this->drupalCreateNode();
-    $this->assertNotNull(node_load($node->nid), 'Node created');
 
     // Tries to edit with anonymous user
     $html = $this->drupalGet("node/$node->nid/edit");
     $this->assertResponse(403);
 
-    // Prepare a user to request the node view
+    // Prepare an unpriveleged user to request the node view.
     $test_user = $this->drupalCreateUser(array('access content'));
     $this->drupalLogin($test_user);
-
     $html = $this->drupalGet("node/$node->nid/edit");
     $this->assertResponse(403);
 
-    $test_user = $this->drupalCreateUser(array('administer nodes'));
-    //TODO: Add edit page attempt with administer nodes user
-    node_delete($node->nid);
+    // Do same with a properly permissioned user.
+    $test_user = $this->drupalCreateUser(array('bypass node access'));
+    $this->drupalLogin($test_user);
+    $html = $this->drupalGet("node/$node->nid/edit");
+    $this->assertResponse(200);
   }
 }
 
@@ -433,4 +431,4 @@ class NodeTitleXSSTestCase extends Drupa
     $this->drupalGet('node/' . $node->nid . '/edit');
     $this->assertNoRaw($xss, t('Harmful tags are escaped when editing a node.'));
   }
-}
\ No newline at end of file
+}
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.263
diff -u -p -r1.263 system.install
--- modules/system/system.install	6 Sep 2008 08:36:21 -0000	1.263
+++ modules/system/system.install	11 Sep 2008 22:26:22 -0000
@@ -3049,6 +3049,29 @@ function system_update_7010() {
 }
 
 /**
+ * Split the 'bypass node access' permission from 'administer nodes'.
+ */
+function system_update_7011() {
+  $ret = array();
+  // Get existing roles that can 'administer nodes'.
+  $rids = array();
+  $rids = db_query("SELECT rid FROM {role_permission} WHERE permission = :perm", array(':perm' => 'administer nodes'))->fetchCol();
+  // None found.
+  if (empty($rids)) {
+    return $ret;
+  }
+  $insert = db_insert('role_permission')->fields(array('rid', 'permission'));
+  foreach ($rids as $rid) {
+    $insert->values(array(
+    'rid' => $rid,
+    'permission' => 'bypass node access',
+    ));
+  }
+  $insert->execute();  
+  return $ret;
+}
+
+/**
  * @} End of "defgroup updates-6.x-to-7.x"
  * The next series of updates should start at 8000.
  */