Index: openid_provider.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.inc,v
retrieving revision 1.3.2.6
diff -u -u -r1.3.2.6 openid_provider.inc
--- openid_provider.inc	11 Mar 2009 18:15:02 -0000	1.3.2.6
+++ openid_provider.inc	13 Mar 2009 19:28:13 -0000
@@ -136,12 +136,24 @@
   $response = array_merge($response, module_invoke_all('openid_provider', 'response', $response, $request));
   
   $rp = _openid_provider_rp_load($user->uid, $realm);
-  if ($rp->auto_release) {
+  if (!$rp) {
+    /* never seen this relaying party, set some sane defaults */
+    $rp = new stdClass();
+    $rp->access = OPENID_PROVIDER_ASK;
+  }
+  switch ($rp->access) {
+  case OPENID_PROVIDER_DENY:
+    watchdog('openid_provider', "denying access to %realm", array("%realm" => $realm));
+    $response = openid_provider_cancel_authentication_response($request['openid.mode']);
+    return openid_redirect_http($request['openid.return_to'], $response);
+  case OPENID_PROVIDER_ALLOW:
+    watchdog('openid_provider', "allowing access to %realm", array("%realm" => $realm));
     $response = _openid_provider_sign($response);
     _openid_provider_rp_save($user->uid, $realm, TRUE);
     return openid_redirect_http($response['openid.return_to'], $response); 
-  }
-  else {
+  case OPENID_PROVIDER_ASK:
+  default:
+    watchdog('openid_provider', "asking user for access to %realm", array("%realm" => $realm));
     return drupal_get_form('openid_provider_form', $response, $realm);
   }
 }
@@ -281,13 +293,13 @@
   }
 }
   
-function _openid_provider_rp_save($uid, $realm, $auto_release = FALSE) {
+function _openid_provider_rp_save($uid, $realm, $access = OPENID_PROVIDER_ASK) {
   $rpid = db_result(db_query("SELECT rpid FROM {openid_provider_relying_party} WHERE uid=%d AND realm='%s'", $uid, $realm));
   if ($rpid) {
-    db_query("UPDATE {openid_provider_relying_party} SET auto_release=%d, last_time=%d WHERE rpid=%d", $auto_release, time(), $rpid);  
+    db_query("UPDATE {openid_provider_relying_party} SET access=%d, last_time=%d WHERE rpid=%d", $access, time(), $rpid);  
   }
   else {
-    db_query("INSERT INTO {openid_provider_relying_party} (uid, realm, first_time, last_time, auto_release) VALUES (%d, '%s', %d, %d, %d)", $uid, $realm, time(), time(), $auto_release);
+    db_query("INSERT INTO {openid_provider_relying_party} (uid, realm, first_time, last_time, access) VALUES (%d, '%s', %d, %d, %d)", $uid, $realm, time(), time(), $access);
   }
 }
 function _openid_provider_nonce() {
Index: openid_provider.install
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.install,v
retrieving revision 1.2.2.1
diff -u -u -r1.2.2.1 openid_provider.install
--- openid_provider.install	11 Mar 2009 18:15:02 -0000	1.2.2.1
+++ openid_provider.install	13 Mar 2009 19:28:13 -0000
@@ -54,7 +54,7 @@
         'default' => 0,
         'description' => t('Timestamp of the most recent access'),
       ),
-      'auto_release' => array(
+      'access' => array(
         'type' => 'int',
         'not null' => TRUE,
         'default' => 0,
@@ -107,4 +107,12 @@
   );
 
   return $schema;
-}
\ No newline at end of file
+}
+
+function openid_provider_update_6100() {
+  $ret = array();
+  db_change_field($ret, 'openid_provider_relying_party', 'auto_release', 'access', array('type' => 'int', 'not null' => TRUE,'default' => 0));
+  /* the field changed semantics: 0 now means deny (instead of ask), 1 means ask (instead of allow) and 2 means allow, so we just bump everyone by one */
+  $ret[] = update_sql("UPDATE {openid_provider_relying_party} SET access = access + 1;");
+  return $ret;
+}
Index: openid_provider.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.module,v
retrieving revision 1.3.2.3
diff -u -u -r1.3.2.3 openid_provider.module
--- openid_provider.module	11 Mar 2009 18:15:02 -0000	1.3.2.3
+++ openid_provider.module	13 Mar 2009 19:28:13 -0000
@@ -7,6 +7,18 @@
  */
 
 /**
+ * access control constants
+ *
+ * those are used to identify how to let the sites access this provider and
+ * are stored in the database, in the openid_provider_relying_party table.
+ *
+ * Do not assume truth or numeric value here and always use the constants.
+ */
+define('OPENID_PROVIDER_DENY', 0);
+define('OPENID_PROVIDER_ASK', 1);
+define('OPENID_PROVIDER_ALLOW', 2);
+
+/**
  * Implementation of hook_menu().
  */
 function openid_provider_menu() {
@@ -74,6 +86,17 @@
 }
 
 /**
+ * Implementation of hook_theme()
+ */
+function openid_provider_theme($existing, $type, $theme, $path) {
+  return array(
+    'openid_provider_sites' => array(
+      'arguments' => array('form' => NULL),
+    ),
+  );
+}
+
+/**
  * Implementation of hook_init()
  *
  * Add appropriate HTML headers for XRDS and Link discovery.
@@ -224,19 +247,24 @@
   
   $form['#action'] = url('openid/provider/send');
 
-  $form['submit_once'] = array(
+  $form['submit_allow_always'] = array(
+    '#type' => 'submit',
+    '#value' => t('Yes; always'),
+    '#submit' => array('openid_provider_form_submit_allow_always')
+  );
+  $form['submit_allow_once'] = array(
     '#type' => 'submit',
     '#value' => t('Yes; just this once'),
   );
-  $form['submit_always'] = array(
+  $form['submit_deny_once'] = array(
     '#type' => 'submit',
-    '#value' => t('Yes; always'),
-    '#submit' => array('openid_provider_form_submit_always')
+    '#value' => t('No'),
+    '#submit' => array('openid_provider_form_submit_deny_once')
   );
-  $form['cancel'] = array(
+  $form['submit_always_deny'] = array(
     '#type' => 'submit',
-    '#value' => t('Cancel'),
-    '#submit' => array('openid_provider_form_submit_cancel')
+    '#value' => t('No; never allow access'),
+    '#submit' => array('openid_provider_form_submit_deny_always')
   );
 
   return $form;
@@ -245,28 +273,28 @@
 /**
  * Once submit handler
  */
-function openid_provider_form_submit(&$form, $form_state, $auto_release = FALSE) {
+function openid_provider_form_submit(&$form, $form_state, $access = OPENID_PROVIDER_ASK) {
   global $user;
 
   module_load_include('inc', 'openid');
   module_load_include('inc', 'openid_provider');
   
   $response = _openid_provider_sign($form_state['storage']['response']);
-  _openid_provider_rp_save($user->uid, $form_state['storage']['realm'], $auto_release);
+  _openid_provider_rp_save($user->uid, $form_state['storage']['realm'], $access);
   openid_redirect_http($response['openid.return_to'], $response);
 }
 
 /**
  * Always submit handler
  */
-function openid_provider_form_submit_always(&$form, $form_state) {
-  return openid_provider_form_submit($form, $form_state, TRUE);
+function openid_provider_form_submit_allow_always(&$form, $form_state) {
+  return openid_provider_form_submit($form, $form_state, OPENID_PROVIDER_ALLOW);
 }
  
 /**
- * Cancel submit handler
+ * Deny submit handler
  */
-function openid_provider_form_submit_cancel(&$form, $form_state) {
+function openid_provider_form_submit_deny_once(&$form, $form_state) {
   module_load_include('inc', 'openid_provider');
   module_load_include('inc', 'openid');
   
@@ -276,6 +304,14 @@
 }
 
 /**
+ * Deny always submit handler
+ */
+function openid_provider_form_submit_deny_always(&$form, $form_state) {
+  _openid_provider_rp_save($user->uid, $form_state['storage']['realm'], OPENID_PROVIDER_DENY);
+  return openid_provider_form_submit($form, $form_state);
+}
+
+/**
  * Implementation of hook_pathauto() for OpenID Provider aliases.
  */
 function openid_provider_pathauto($op) {
Index: openid_provider.pages.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/openid_provider/openid_provider.pages.inc,v
retrieving revision 1.1.2.3
diff -u -u -r1.1.2.3 openid_provider.pages.inc
--- openid_provider.pages.inc	11 Mar 2009 18:15:02 -0000	1.1.2.3
+++ openid_provider.pages.inc	13 Mar 2009 19:28:14 -0000
@@ -71,7 +71,7 @@
 
 /**
  * Page callback for OpenID Sites form where users can configure the
- * auto_release status of RP's they have logged into.
+ * access status of RP's they have logged into.
  *
  * @param object $account User account object for the user.
  */
@@ -89,26 +89,35 @@
   
   module_load_include('inc', 'openid_provider');
   
-  $rps = _openid_provider_rp_load($user->uid);
-  if (count($rps)) {
-    $form = array('#tree' => TRUE);
-    foreach ($rps as $rp) {
-      $form['rpid'][$rp->rpid] = array(
-        '#type' => 'checkbox',
-        '#title' => $rp->realm,
-        '#default_value' => $rp->auto_release,
-        '#description' => t('Last accessed @time', array('@time' => format_date($rp->last_time)))
-      );
-    }
+  $result = pager_query("SELECT * FROM {openid_provider_relying_party} WHERE uid=%d ORDER BY last_time DESC", 50, 0, NULL, $user->uid);
+  
+  $form['description'] = array(
+    '#type' => 'item',
+    '#description' => t('Those are the sites you have used your OpenID on. Access control determines determines if you will be asked for approval when login into those sites using your OpenID. You can also completely deny access to those sites if you think they are malicious.'),
+  );
+  
+  $form['submit'] = array(
+    '#type' => 'submit',
+    '#value' => t('Update'),
+  );
   
-    $form['submit'] = array(
-      '#type' => 'submit',
-      '#value' => t('Save')
+  $access_options = array(OPENID_PROVIDER_DENY => t('Deny'), OPENID_PROVIDER_ASK => t('Ask'), OPENID_PROVIDER_ALLOW => t('Allow'));
+  while ($rp = db_fetch_object($result)) {
+    $rps[$rp->rpid] = '';
+    $form['site'][$rp->rpid] = array(
+      '#value' => l($rp->realm, $rp->realm),
+    );
+    $form['last_access'][$rp->rpid] = array(
+      '#value' => $rp->last_time,
+    );
+    $form['access'][$rp->rpid] = array(
+      '#type' => 'radios',
+      '#options' => $access_options,
+      '#default_value' => $rp->access,
     );
   }
-  else {
-    $form['none']['#value'] = t('No sites yet');
-  }
+  $form['pager'] = array('#value' => theme('pager', NULL, 50, 0));
+  $form['#theme'] = 'openid_provider_sites';
   return $form;
 }
 
@@ -116,8 +125,38 @@
  * Form submit callback for openid_provider_sites.
  */
 function openid_provider_sites_form_submit($form, &$form_state) {
-  foreach ($form_state['values']['rpid'] as $key => $value) {
-    db_query("UPDATE {openid_provider_relying_party} SET auto_release=%d WHERE rpid=%d", $value, $key);
+  foreach ($form_state['values'] as $key => $value) {
+    if (is_numeric($key)) {
+      db_query("UPDATE {openid_provider_relying_party} SET access=%d WHERE rpid=%d", $value, $key);
+    }
   }
   drupal_set_message(t('Settings saved.'));
 }
+
+/**
+ * Theme openid sites overview.
+ *
+ * @ingroup themeable
+ */
+function theme_openid_provider_sites($form) {
+  // If there are rows in this form, then $form['title'] contains a list of
+  // the title form elements.
+  $header = array(t('Access control'), t('Site'), t('Last access'));
+  foreach (element_children($form['site']) as $key) {
+    $row = array();
+    $row[] = drupal_render($form['access'][$key]);
+    $row[] = drupal_render($form['site'][$key]);
+    $row[] = format_date(drupal_render(($form['last_access'][$key])));
+    $rows[] = $row;
+  }
+
+  unset($form['last_access']);
+  $output .= theme('table', $header, $rows);
+  if ($form['pager']['#value']) {
+    $output .= drupal_render($form['pager']);
+  }
+
+  $output .= drupal_render($form);
+
+  return $output;
+}