Index: modules/node/node.module =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.module,v retrieving revision 1.776.2.21 diff -u -p -r1.776.2.21 node.module --- modules/node/node.module 29 Sep 2007 23:41:28 -0000 1.776.2.21 +++ modules/node/node.module 16 Oct 2007 02:53:24 -0000 @@ -798,6 +798,8 @@ function node_perm() { if ($type->module == 'node') { $name = check_plain($type->type); $perms[] = 'create '. $name .' content'; + $perms[] = 'delete own '. $name .' content'; + $perms[] = 'delete '. $name .' content'; $perms[] = 'edit own '. $name .' content'; $perms[] = 'edit '. $name .' content'; } @@ -2998,11 +3000,17 @@ function node_content_access($op, $node) return user_access('create '. $type .' content'); } - if ($op == 'update' || $op == 'delete') { + if ($op == 'update') { if (user_access('edit '. $type .' content') || (user_access('edit own '. $type .' content') && ($user->uid == $node->uid))) { return TRUE; } } + + if ($op == 'delete') { + if (user_access('delete '. $type .' content') || (user_access('delete own '. $type .' content') && ($user->uid == $node->uid))) { + return TRUE; + } + } } /** Index: modules/system/system.install =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.install,v retrieving revision 1.69.2.5 diff -u -p -r1.69.2.5 system.install --- modules/system/system.install 17 Sep 2007 01:21:11 -0000 1.69.2.5 +++ modules/system/system.install 16 Oct 2007 02:53:27 -0000 @@ -3515,6 +3515,52 @@ function system_update_1022() { } /** + * Set new delete permissions to same values as edit permissions. + */ +function system_update_1023() { + $ret = array(); + + $edit_perms = array(); + $edit_delete_perms = array(); + + foreach (node_get_types() as $type) { + if ($type->module == 'node') { + $name = check_plain($type->type); + + // Build an array containing edit permissions for each node type. + $edit_perms[] = $edit_text = ', edit '. $name .' content, '; + $edit_perms[] = $edit_own_text = ', edit own '. $name .' content, '; + + // For each existing edit permission, the replacement string containing + // both the edit and delete permissions. + $edit_delete_perms[] = $edit_text .'delete '. $name .' content, '; + $edit_delete_perms[] = $edit_own_text .'delete own '. $name .' content, '; + } + } + + if (!empty($edit_perms)) { + // Get all roles and permissions from the database. + $result = db_query("SELECT rid, perm FROM {permission}"); + + // Add corresponding delete permissions everywhere there is an edit + // permission. + while ($data = db_fetch_object($result)) { + $old_perm = ', '. $data->perm .', '; + $new_perm = str_replace($edit_perms, $edit_delete_perms, $old_perm); + if (strcmp($old_perm, $new_perm)) { + // Remove leading and trailing commas. + $new_perm = substr($new_perm, 2, strlen($new_perm)-4); + $ret[] = update_sql("UPDATE {permission} SET perm = '$new_perm' WHERE rid = $data->rid"); + } + } + + drupal_set_message(t('Drupal now has separate edit and delete permissions. Previously, users who were able to edit content were automatically allowed to delete it. Your database has been updated so your site continues to behave as it did before. However, if you would like to restrict which roles are allowed to delete content, you can modify the permissions at the Access control page.', array('@access_url' => url('admin/user/access', NULL, 'module-node'))), 'error'); + } + + return $ret; +} + +/** * @} End of "defgroup updates-5.x-extra" */