Index: content_profile.install =================================================================== --- content_profile.install (revision 3013) +++ content_profile.install (working copy) @@ -137,3 +137,28 @@ } return $ret; } + +/** + * FIXME: uncomment this function and adjust update number when + * integrating this patch in the official code branch. + * + * Convert the content_profile_use_$type variables to store the + * roles for which the node type is a content profile. + * +function content_profile_update_6005() { + $ret = array(); + $roles = user_roles(TRUE); + foreach (node_get_types('names') as $type => $type_name) { + $settings = variable_get('content_profile_use_'. $type, array()); + if (!is_array($settings)) { + if ($settings !== 0){ + variable_set('content_profile_use_'. $type, array_keys($roles)); + } + else { + variable_del('content_profile_use_'. $type); + } + } + } + return $ret; +} +*/ \ No newline at end of file Index: content_profile.module =================================================================== --- content_profile.module (revision 3013) +++ content_profile.module (working copy) @@ -12,6 +12,26 @@ */ function content_profile_init() { module_load_include('inc', 'content_profile', 'content_profile.theme_vars'); + + // FIXME: do not include this when integrating this patch into the official code branch. + // Use the function content_profile_update_6005 in content_profile.install instead. + $done = variable_get('content_profile_role_patched', FALSE); + if (!$done) { + $roles = user_roles(TRUE); + foreach (node_get_types('names') as $type => $type_name) { + $settings = variable_get('content_profile_use_'. $type, array()); + if (!is_array($settings)) { + if ($settings !== 0){ + variable_set('content_profile_use_'. $type, array_keys($roles)); + } + else { + variable_del('content_profile_use_'. $type); + } + } + } + + variable_set('content_profile_role_patched', TRUE); + } } /** @@ -52,7 +72,7 @@ 'title' => drupal_ucfirst($type_name), 'page callback' => 'content_profile_page_edit', 'page arguments' => array($type, 1), - 'access callback' => 'content_profile_page_access', + 'access callback' => 'content_profile_type_access', 'access arguments' => array($type, 1), 'weight' => content_profile_get_settings($type, 'weight'), 'file' => 'node.pages.inc', @@ -73,7 +93,7 @@ $item = array( 'page callback' => 'content_profile_page_edit', 'page arguments' => array($type, 1), - 'access callback' => 'content_profile_page_access', + 'access callback' => 'content_profile_type_access', 'access arguments' => array($type, 1), 'file' => 'node.pages.inc', 'file path' => drupal_get_path('module', 'node'), @@ -82,14 +102,18 @@ } -function content_profile_page_access($type, $account) { +function content_profile_type_access($type, $account) { + // First check if $type is a content_profile type for account + $roles = variable_get('content_profile_use_'. $type, array()); + $r = array_intersect($roles, array_keys($account->roles)); + if (empty($r)) { + return FALSE; + } + // Current user should have the right to update/create $type nodes if ($node = content_profile_load($type, $account->uid)) { return node_access('update', $node); } - // Else user may view the page when they are going to create their own profile - // or have permission to create it for others. - global $user; - if ($user->uid == $account->uid || user_access('administer nodes') ){ + else { return node_access('create', $type); } return FALSE; @@ -199,7 +223,8 @@ if (is_object($type)) { $type = $type->type; } - return variable_get('content_profile_use_'. $type, FALSE); + $roles = variable_get('content_profile_use_'. $type, array()); + return !empty($roles); } /** @@ -239,10 +264,11 @@ case 'update': if (!empty($info->old_type) && $info->old_type != $info->type) { if (is_content_profile($info->old_type)) { + $roles = variable_get('content_profile_use_'. $info->type, array()); $settings = variable_get('content_profile_'. $info->old_type, array()); variable_del('content_profile_use_'. $info->old_type); variable_del('content_profile_'. $info->old_type); - variable_set('content_profile_use_'. $info->type, 1); + variable_set('content_profile_use_'. $info->type, $roles); variable_set('content_profile_'. $info->type, $settings); } } @@ -263,9 +289,10 @@ '#weight' => 32, ); $form['content_profile']['content_profile_use'] = array( - '#type' => 'checkbox', - '#title' => t('Use this content type as a content profile for users'), - '#default_value' => variable_get('content_profile_use_'. $form['#node_type']->type, FALSE), + '#type' => 'checkboxes', + '#title' => t('Use this content type as a content profile for these roles'), + '#options' => user_roles(TRUE), + '#default_value' => variable_get('content_profile_use_'. $form['#node_type']->type, array()), ); } elseif (isset($form['#node']) && $form['#node']->type .'_node_form' == $form_id && is_content_profile($form['#node'])) { @@ -273,7 +300,7 @@ if (arg(0) == 'user' && is_numeric(arg(1)) && arg(2) == 'edit' || arg(2) == 'profile') { $form['buttons']['preview']['#access'] = FALSE; $form['buttons']['delete']['#access'] = FALSE; - $form['#redirect'] = arg(2) == 'profile' ? 'user/'. $form['#node']->uid : $_GET['q']; + $form['#redirect'] = arg(2) == 'profile' ? 'user/'. arg(1) : $_GET['q']; } // Set the author value - note that this works only for admins. if (!empty($_GET['uid']) && ($uid = intval($_GET['uid'])) && ($user = user_load($uid))) { @@ -393,6 +420,14 @@ form_set_error('name', t('This user already has a content profile of this type. You can only create one profile per user.')); } } + elseif ($op == 'presave' && is_content_profile($node) && !isset($node->nid)) { + // If we create a content_profile node, make sure uid matches the user name for which this node is created. + $uid = db_result(db_query("SELECT uid FROM {users} WHERE name = '%s'", $node->name)); + // Make extra-sure we only have one content_profile node for this user. + if ($uid && !content_profile_profile_exists($node, $uid)) { + $node->uid = $uid; + } + } elseif ($op == 'prepare translation' && is_content_profile($node->translation_source)) { // Make sure the translated profile belongs to the same user. $node->uid = $node->translation_source->uid; @@ -494,12 +529,13 @@ */ function content_profile_show_profiles($uid) { global $user; - + $account = user_load(array('uid' => $uid)); + $content = array(); foreach (content_profile_get_types('names') as $type => $type_name) { $node = content_profile_load($type, $uid); - - if (($style = content_profile_get_settings($type, 'user_display')) && $node && node_access('view', $node)) { + + if (($style = content_profile_get_settings($type, 'user_display')) && content_profile_type_access($type, $account) && $node && node_access('view', $node)) { $content['content_profile_'. $type] = array( '#theme' => ($style == 'link') ? 'content_profile_display_link' : 'content_profile_display_view', '#edit_link' => content_profile_get_settings($type, 'edit_link'), @@ -513,7 +549,7 @@ // Working around the bug described at http://drupal.org/node/302873 module_load_include('inc', 'content_profile', 'content_profile.theme'); } - elseif (user_access('create '. $type .' content') && content_profile_get_settings($type, 'add_link') && !$node && ($uid == $user->uid || user_access('administer nodes'))) { + elseif (content_profile_type_access($type, $account) && content_profile_get_settings($type, 'add_link') && !$node) { $content['content_profile_'. $type] = array( '#admin' => $uid != $user->uid, '#theme' => 'content_profile_display_add_link',