Index: modules/user/user.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.admin.inc,v retrieving revision 1.75 diff -u -r1.75 user.admin.inc --- modules/user/user.admin.inc 24 Aug 2009 00:14:23 -0000 1.75 +++ modules/user/user.admin.inc 26 Aug 2009 05:08:10 -0000 @@ -663,19 +663,8 @@ */ function user_admin_permissions_submit($form, &$form_state) { foreach ($form_state['values']['role_names'] as $rid => $name) { - $checked = array_filter($form_state['values'][$rid]); - // Delete existing permissions for the role. This handles "unchecking" checkboxes. - db_delete('role_permission') - ->condition('rid', $rid) - ->execute(); - $query = db_insert('role_permission')->fields(array('rid', 'permission')); - foreach ($checked as $permission) { - $query->values(array( - 'rid' => $rid, - 'permission' => $permission, - )); - } - $query->execute(); + $permissions = array_filter($form_state['values'][$rid]); + user_role_set_permissions($rid, $permissions); } drupal_set_message(t('The changes have been saved.')); @@ -776,13 +765,13 @@ function user_admin_role_validate($form, &$form_state) { if ($form_state['values']['name']) { if ($form_state['values']['op'] == t('Save role')) { - $existing_role = (bool) db_query_range("SELECT 1 FROM {role} WHERE name = :name AND rid <> :rid", array(':name' => $form_state['values']['name'], ':rid' => $form_state['values']['rid']), 0, 1)->fetchField(); - if ($existing_role) { + $role = user_role_load($form_state['values']['name']); + if ($role && $role->rid != $form_state['values']['rid']) { form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name']))); } } elseif ($form_state['values']['op'] == t('Add role')) { - if ((bool) db_query_range('SELECT 1 FROM {role} WHERE name = :name', array(':name' => $form_state['values']['name']), 0, 1)->fetchField()) { + if (user_role_load($form_state['values']['name'])) { form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name']))); } } @@ -793,31 +782,17 @@ } function user_admin_role_submit($form, &$form_state) { + $role = (object)$form_state['values']; if ($form_state['values']['op'] == t('Save role')) { - db_update('role') - ->fields(array('name' => $form_state['values']['name'])) - ->condition('rid', $form_state['values']['rid']) - ->execute(); + user_role_save($role); drupal_set_message(t('The role has been renamed.')); } elseif ($form_state['values']['op'] == t('Delete role')) { - db_delete('role') - ->condition('rid', $form_state['values']['rid']) - ->execute(); - db_delete('role_permission') - ->condition('rid', $form_state['values']['rid']) - ->execute(); - // Update the users who have this role set: - db_delete('users_roles') - ->condition('rid', $form_state['values']['rid']) - ->execute(); - + user_role_delete($form_state['values']['rid']); drupal_set_message(t('The role has been deleted.')); } elseif ($form_state['values']['op'] == t('Add role')) { - db_insert('role') - ->fields(array('name' => $form_state['values']['name'])) - ->execute(); + user_role_save($role); drupal_set_message(t('The role has been added.')); } $form_state['redirect'] = 'admin/config/people/roles'; Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.1031 diff -u -r1.1031 user.module --- modules/user/user.module 25 Aug 2009 21:53:48 -0000 1.1031 +++ modules/user/user.module 26 Aug 2009 05:08:29 -0000 @@ -2207,6 +2207,114 @@ } /** + * Fetch a user role from database. + * + * @param $role + * A string with the role name, or an integer with the role ID. + * @return + * A fully-loaded role object if a role with the given name or ID + * exists, FALSE otherwise. + */ +function user_role_load($role) { + $field = is_int($role) ? 'rid' : 'name'; + return db_select('role', 'r') + ->fields('r') + ->condition($field, $role) + ->execute() + ->fetchObject(); +} +/** + * Save a user role to the database. + * + * @param $role + * A role object to modify or add. If $role->rid is not specified, a new + * role will be created. + * @return + * Status constant indicating if role was created or updated. + * Failure to write the user role record will return FALSE. Otherwise. + * SAVED_NEW or SAVED_UPDATED is returned depending on the operation + * performed. + */ +function user_role_save($role) { + if ($role->name) { + // Prevent leading and trailing spaces in role names. + $role->name = trim($role->name); + } + if (!empty($role->rid) && $role->name) { + $status = drupal_write_record('role', $role, 'rid'); + module_invoke_all('user_role_update', $role); + } + else { + $status = drupal_write_record('role', $role); + module_invoke_all('user_role_insert', $role); + } + + return $status; +} + +/** + * Delete a user role from database. + * + * @param $role + * A string with the role name, or an integer with the role ID. + */ +function user_role_delete($role) { + $role = user_role_load($role); + + db_delete('role') + ->condition('rid', $role->rid) + ->execute(); + db_delete('role_permission') + ->condition('rid', $role->rid) + ->execute(); + // Update the users who have this role set: + db_delete('users_roles') + ->condition('rid', $role->rid) + ->execute(); + + // Clear the user access cache. + user_access(NULL, NULL, TRUE); + + module_invoke_all('user_role_delete', $role); +} + +/** + * Assign permissions to a user role. + * + * @param $role + * A string with the role name, or an integer with the role ID. + * @param $permissions + * An array of permissions strings. + * @param $merge + * A boolean indicating whether to add permissions or to merge + * with all existing permissions. + */ +function user_role_set_permissions($role, array $permissions = array(), $merge = FALSE) { + $role = user_role_load($role); + if (!$merge) { + // Delete existing permissions for the role. + db_delete('role_permission') + ->condition('rid', $role->rid) + ->execute(); + } + + // Assign the new permissions for the role. + foreach ($permissions as $permission_string) { + db_merge('role_permission') + ->key(array( + 'rid' => $role->rid, + 'permission' => $permission_string, + )) + ->execute(); + } + + // Clear the user access cache. + user_access(NULL, NULL, TRUE); + + return TRUE; +} + +/** * Implement hook_user_operations(). */ function user_user_operations($form_state = array()) { Index: modules/user/user.api.php =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.api.php,v retrieving revision 1.11 diff -u -r1.11 user.api.php --- modules/user/user.api.php 22 Aug 2009 14:34:23 -0000 1.11 +++ modules/user/user.api.php 26 Aug 2009 05:08:12 -0000 @@ -423,5 +423,65 @@ } /** + * Inform other modules that a user role has been added. + * + * Modules implementing this hook can act on the user role object when saved to + * the database. It's recommended that you implement this hook if your module + * adds additional data to user roles object. The module should save its custom + * additions to the database. + * + * @param $role + * A user role object. + */ +function hook_user_role_insert($role) { + // Save extra fields provided by the module to user roles. + db_insert('my_module_table') + ->fields(array( + 'rid' => $role->rid, + 'role_description' => $role->description, + )) + ->execute(); +} + +/** + * Inform other modules that a user role has been updated. + * + * Modules implementing this hook can act on the user role object when updated. + * It's recommended that you implement this hook if your module adds additional + * data to user roles object. The module should save its custom additions to + * the database. + * + * @param $role + * A user role object. + */ +function hook_user_role_update($role) { + // Save extra fields provided by the module to user roles. + db_merge('my_module_table') + ->key(array('rid' => $role->rid)) + ->fields(array( + 'role_description' => $role->description + )) + ->execute(); +} + +/** + * Inform other modules that a user role has been deleted. + * + * This hook allows you act when a user role has been deleted. + * If your module stores references to roles, it's recommended that you + * implement this hook and delete existing instances of the deleted role + * in your module database tables. + * + * @param $role + * The $role object being deleted. + */ +function hook_user_role_delete($role) { + // Delete existing instances of the deleted role. + db_delete('my_module_table') + ->condition('rid', $role->rid) + ->execute(); +} + +/** * @} End of "addtogroup hooks". */ Index: profiles/default/default.install =================================================================== RCS file: /cvs/drupal/drupal/profiles/default/default.install,v retrieving revision 1.1 diff -u -r1.1 default.install --- profiles/default/default.install 21 Aug 2009 07:50:08 -0000 1.1 +++ profiles/default/default.install 26 Aug 2009 05:08:30 -0000 @@ -183,20 +183,18 @@ ))->execute(); db_insert('taxonomy_vocabulary_node_type')->fields(array('vid' => $vid, 'type' => 'article'))->execute(); - // Create a default role for site administrators. - $rid = db_insert('role')->fields(array('name' => 'administrator'))->execute(); + // Enable default permissions for system roles. + user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content')); + user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval')); - // Set this as the administrator role. - variable_set('user_admin_role', $rid); - // Assign all available permissions to this role. - foreach (module_invoke_all('permission') as $key => $value) { - db_insert('role_permission') - ->fields(array( - 'rid' => $rid, - 'permission' => $key, - ))->execute(); - } + // Create a default role for site administrators, with all available permissions assigned. + $admin_role = new stdClass(); + $admin_role->name = 'administrator'; + user_role_save($admin_role); + user_role_set_permissions($admin_role->name, array_keys(module_invoke_all('permission'))); + // Set this as the administrator role. + variable_set('user_admin_role', $admin_role->rid); // Update the menu router information. menu_rebuild(); Index: profiles/expert/expert.install =================================================================== RCS file: /cvs/drupal/drupal/profiles/expert/expert.install,v retrieving revision 1.1 diff -u -r1.1 expert.install --- profiles/expert/expert.install 21 Aug 2009 07:50:08 -0000 1.1 +++ profiles/expert/expert.install 26 Aug 2009 05:08:30 -0000 @@ -66,6 +66,10 @@ $query->values($record); } $query->execute(); + + // Enable default permissions for system roles. + user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content')); + user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval')); } Index: modules/block/block.module =================================================================== RCS file: /cvs/drupal/drupal/modules/block/block.module,v retrieving revision 1.366 diff -u -r1.366 block.module --- modules/block/block.module 24 Aug 2009 00:14:19 -0000 1.366 +++ modules/block/block.module 26 Aug 2009 05:07:31 -0000 @@ -855,3 +855,15 @@ $variables['template_files'][] = 'block-' . $variables['block']->module; $variables['template_files'][] = 'block-' . $variables['block']->module . '-' . $variables['block']->delta; } + +/** + * Implement hook_user_role_delete(). + * + * Remove deleted role from blocks that use it. + * * + */ +function block_user_role_delete($role) { + db_delete('block_role') + ->condition('rid', $role->rid) + ->execute(); +} \ No newline at end of file Index: modules/filter/filter.module =================================================================== RCS file: /cvs/drupal/drupal/modules/filter/filter.module,v retrieving revision 1.280 diff -u -r1.280 filter.module --- modules/filter/filter.module 26 Aug 2009 04:59:26 -0000 1.280 +++ modules/filter/filter.module 26 Aug 2009 05:07:38 -0000 @@ -964,3 +964,15 @@ /** * @} End of "Standard filters". */ + +/** + * Implement hook_user_role_delete(). + * + * Remove deleted role from formats that use it. + */ +function filter_user_role_delete($role) { + db_update('filter_format') + ->expression('roles', 'REPLACE(roles, :rid, :replacement)', array(':rid' => ',' . $role->rid, ':replacement' => '')) + ->condition('roles', '%,' . $role->rid . '%', 'LIKE') + ->execute(); +} \ No newline at end of file Index: modules/system/system.install =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.install,v retrieving revision 1.379 diff -u -r1.379 system.install --- modules/system/system.install 24 Aug 2009 00:14:22 -0000 1.379 +++ modules/system/system.install 26 Aug 2009 05:08:03 -0000 @@ -385,21 +385,6 @@ ->execute(); } - $query = db_insert('role_permission')->fields(array('rid', 'permission')); - // Anonymous role permissions. - $query->values(array( - 'rid' => DRUPAL_ANONYMOUS_RID, - 'permission' => 'access content', - )); - - // Authenticated role permissions. - foreach (array('access comments', 'access content', 'post comments', 'post comments without approval', 'view own unpublished content') as $permission) { - $query->values(array( - 'rid' => DRUPAL_AUTHENTICATED_RID, - 'permission' => $permission, - )); - } - $query->execute(); variable_set('theme_default', 'garland'); Index: modules/simpletest/drupal_web_test_case.php =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/drupal_web_test_case.php,v retrieving revision 1.144 diff -u -r1.144 drupal_web_test_case.php --- modules/simpletest/drupal_web_test_case.php 24 Aug 2009 00:14:21 -0000 1.144 +++ modules/simpletest/drupal_web_test_case.php 26 Aug 2009 05:07:49 -0000 @@ -892,26 +892,19 @@ $name = $this->randomName(); } + // Check the all the permissions strings are valid. if (!$this->checkPermissions($permissions)) { return FALSE; } // Create new role. - db_insert('role') - ->fields(array('name' => $name)) - ->execute(); - $role = db_query('SELECT * FROM {role} WHERE name = :name', array(':name' => $name))->fetchObject(); - $this->assertTrue($role, t('Created role of name: @name, id: @rid', array('@name' => $name, '@rid' => (isset($role->rid) ? $role->rid : t('-n/a-')))), t('Role')); + $role = new stdClass(); + $role->name = $name; + user_role_save($role); + user_role_set_permissions($role->name, $permissions); + + $this->assertTrue(isset($role->rid), t('Created role of name: @name, id: @rid', array('@name' => $name, '@rid' => (isset($role->rid) ? $role->rid : t('-n/a-')))), t('Role')); if ($role && !empty($role->rid)) { - // Assign permissions to role and mark it for clean-up. - $query = db_insert('role_permission')->fields(array('rid', 'permission')); - foreach ($permissions as $permission_string) { - $query->values(array( - 'rid' => $role->rid, - 'permission' => $permission_string, - )); - } - $query->execute(); $count = db_query('SELECT COUNT(*) FROM {role_permission} WHERE rid = :rid', array(':rid' => $role->rid))->fetchField(); $this->assertTrue($count == count($permissions), t('Created permissions: @perms', array('@perms' => implode(', ', $permissions))), t('Role')); return $role->rid;