? rss_disabling_with_permission_with_tests_08042009.patch ? sites/all/modules/devel ? sites/default/files ? sites/default/settings.php Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.894 diff -u -p -r1.894 common.inc --- includes/common.inc 8 May 2009 12:23:31 -0000 1.894 +++ includes/common.inc 8 May 2009 13:44:35 -0000 @@ -182,6 +182,10 @@ function drupal_clear_path_cache() { function drupal_add_feed($url = NULL, $title = '') { static $stored_feed_links = array(); + if (!user_access('access rss content')) { + return array(); + } + if (!is_null($url) && !isset($stored_feed_links[$url])) { $stored_feed_links[$url] = theme('feed_icon', $url, $title); Index: modules/aggregator/aggregator.test =================================================================== RCS file: /cvs/drupal/drupal/modules/aggregator/aggregator.test,v retrieving revision 1.23 diff -u -p -r1.23 aggregator.test --- modules/aggregator/aggregator.test 29 Apr 2009 12:08:27 -0000 1.23 +++ modules/aggregator/aggregator.test 8 May 2009 13:44:36 -0000 @@ -9,7 +9,7 @@ class AggregatorTestCase extends DrupalWebTestCase { function setUp() { parent::setUp('aggregator', 'aggregator_test'); - $web_user = $this->drupalCreateUser(array('administer news feeds', 'access news feeds', 'create article content')); + $web_user = $this->drupalCreateUser(array('administer news feeds', 'access news feeds', 'create article content', 'access rss content')); $this->drupalLogin($web_user); } Index: modules/blog/blog.module =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.module,v retrieving revision 1.319 diff -u -p -r1.319 blog.module --- modules/blog/blog.module 3 May 2009 10:11:33 -0000 1.319 +++ modules/blog/blog.module 8 May 2009 13:44:36 -0000 @@ -133,14 +133,14 @@ function blog_menu() { 'title' => 'Blogs', 'page callback' => 'blog_feed_user', 'page arguments' => array(1), - 'access callback' => 'blog_page_user_access', + 'access callback' => 'blog_feed_user_access', 'access arguments' => array(1), 'type' => MENU_CALLBACK, ); $items['blog/feed'] = array( 'title' => 'Blogs', 'page callback' => 'blog_feed_last', - 'access arguments' => array('access content'), + 'access arguments' => array('access rss content'), 'type' => MENU_CALLBACK, ); @@ -158,6 +158,16 @@ function blog_page_user_access($account) } /** + * Access callback for user blog feeds. + */ +function blog_feed_user_access($account) { + // The visitor must be able to access the site's content. + // For a blog to 'exist' the user must either be able to + // create new blog entries, or it must have existing posts. + return $account->uid && user_access('access rss content') && (user_access('create blog content', $account) || _blog_post_exists($account)); +} + +/** * Helper function to determine if a user has blog posts already. */ function _blog_post_exists($account) { Index: modules/blog/blog.test =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.test,v retrieving revision 1.11 diff -u -p -r1.11 blog.test --- modules/blog/blog.test 8 May 2009 12:19:52 -0000 1.11 +++ modules/blog/blog.test 8 May 2009 13:44:36 -0000 @@ -21,8 +21,8 @@ class BlogTestCase extends DrupalWebTest parent::setUp('blog'); // Create users. $this->big_user = $this->drupalCreateUser(array('administer blocks')); - $this->own_user = $this->drupalCreateUser(array('create blog content', 'edit own blog content', 'delete own blog content')); - $this->any_user = $this->drupalCreateUser(array('create blog content', 'edit any blog content', 'delete any blog content', 'access administration pages')); + $this->own_user = $this->drupalCreateUser(array('create blog content', 'edit own blog content', 'delete own blog content', 'access rss content')); + $this->any_user = $this->drupalCreateUser(array('create blog content', 'edit any blog content', 'delete any blog content', 'access administration pages', 'access rss content')); } /** Index: modules/comment/comment.test =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.test,v retrieving revision 1.28 diff -u -p -r1.28 comment.test --- modules/comment/comment.test 31 Mar 2009 01:49:50 -0000 1.28 +++ modules/comment/comment.test 8 May 2009 13:44:36 -0000 @@ -11,6 +11,7 @@ class CommentHelperCase extends DrupalWe // Create users. $this->admin_user = $this->drupalCreateUser(array('administer content types', 'administer comments', 'administer permissions', 'administer blocks')); $this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content')); + $this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content', 'access rss content')); $this->drupalLogin($this->web_user); $this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1)); Index: modules/node/node.module =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.module,v retrieving revision 1.1044 diff -u -p -r1.1044 node.module --- modules/node/node.module 3 May 2009 10:11:34 -0000 1.1044 +++ modules/node/node.module 8 May 2009 13:44:38 -0000 @@ -1335,6 +1335,10 @@ function node_perm() { 'title' => t('Access content'), 'description' => t('View published content.'), ), + 'access rss content' => array( + 'title' => t('Access RSS content'), + 'description' => t('View published content through RSS.'), + ), 'bypass node access' => array( 'title' => t('Bypass node access'), 'description' => t('View, edit and delete all site content. Users with this permission will bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))), @@ -1771,7 +1775,7 @@ function node_menu() { $items['rss.xml'] = array( 'title' => 'RSS feed', 'page callback' => 'node_feed', - 'access arguments' => array('access content'), + 'access arguments' => array('access rss content'), 'type' => MENU_CALLBACK, ); foreach (node_get_types('types', NULL, TRUE) as $type) { @@ -1936,6 +1940,10 @@ function node_block_view($delta = '') { function node_feed($nids = FALSE, $channel = array()) { global $base_url, $language; + if (!user_access('access rss content')) { + return drupal_not_found(); + } + if ($nids === FALSE) { $nids = db_select('node', 'n') ->fields('n', array('nid', 'created')) Index: modules/node/node.test =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.test,v retrieving revision 1.24 diff -u -p -r1.24 node.test --- modules/node/node.test 6 May 2009 19:56:21 -0000 1.24 +++ modules/node/node.test 8 May 2009 13:44:38 -0000 @@ -648,6 +648,7 @@ class NodeRSSContentTestCase extends Dru function setUp() { // Enable dummy module that implements hook_node_view. parent::setUp('node_test'); + $this->anonym = $this->drupalCreateUser(array('access rss content')); } /** @@ -655,6 +656,7 @@ class NodeRSSContentTestCase extends Dru * to an RSS feed. */ function testNodeRSSContent() { + $this->drupalLogin($this->anonym); // Create a node. $node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1)); Index: modules/system/system.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v retrieving revision 1.140 diff -u -p -r1.140 system.admin.inc --- modules/system/system.admin.inc 3 May 2009 07:35:37 -0000 1.140 +++ modules/system/system.admin.inc 8 May 2009 13:44:39 -0000 @@ -1471,8 +1471,8 @@ function system_rss_feeds_settings() { '#type' => 'select', '#title' => t('Number of items in each feed'), '#default_value' => 10, - '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30)), - '#description' => t('Default number of items to include in each feed.') + '#options' => drupal_map_assoc(array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30)), + '#description' => t('Default number of items to include in each feed. You can turn the RSS feed off on the !permission_page.', array('!permission_page' => l('permission page', "admin/user/permissions"))) ); $form['feed_item_length'] = array( '#type' => 'select', Index: modules/system/system.install =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.install,v retrieving revision 1.321 diff -u -p -r1.321 system.install --- modules/system/system.install 7 May 2009 15:29:08 -0000 1.321 +++ modules/system/system.install 8 May 2009 13:44:42 -0000 @@ -371,10 +371,12 @@ function system_install() { // Anonymous role permissions. db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access content'); + db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access rss content'); // Authenticated role permissions. db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'access comments'); db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'access content'); + db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'access rss content'); db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'post comments'); db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'post comments without approval'); Index: modules/taxonomy/taxonomy.module =================================================================== RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.module,v retrieving revision 1.472 diff -u -p -r1.472 taxonomy.module --- modules/taxonomy/taxonomy.module 3 May 2009 10:44:04 -0000 1.472 +++ modules/taxonomy/taxonomy.module 8 May 2009 13:44:44 -0000 @@ -145,6 +145,14 @@ function taxonomy_menu() { 'type' => MENU_CALLBACK, ); + $items['taxonomy/term/%taxonomy_terms/%depth/feed'] = array( + 'title' => 'Taxonomy term feed', + 'page callback' => 'taxonomy_term_page', + 'page arguments' => array(2, 3, 4), + 'access arguments' => array('access rss content'), + 'type' => MENU_CALLBACK, + ); + $items['taxonomy/term/%taxonomy_terms/view'] = array( 'title' => 'View', 'type' => MENU_DEFAULT_LOCAL_TASK,