Editing a Shout: Only Administer Shout Permission Can Moderate

Another note on permissions -- a 'view shouts' permission is needed for the block and page which I've already added myself.

I'm not sure how to write patches but I'll show how I fixed both issues above.

Here is my corrected shoutbox_edit_form() function. Now users with 'moderate shoutbox' will have the appropriate options shown, etc.

function shoutbox_edit_form(&$form_state, $shout) {
  global $user;
  if (_shoutbox_user_access('administer shoutbox') || _shoutbox_user_access('moderate shoutbox')) {
    $form[] = array(
      '#type' => 'item',
      '#title' => t('Created'),
      '#value' => date('m/d/y h:i:sa', $shout->created),
    );
    $form[] = array(
      '#type' => 'item',
      '#title' => t('Changed'),
      '#value' => date('m/d/y h:i:sa', $shout->changed),
    );
    $form['moderate'] = array(
      '#type' => 'radios',
      '#title' => t('Moderation Status'),
      '#default_value' => $shout->moderate,
      '#options' => array('published', 'not published'),
    );
  }  
    
  if (_shoutbox_user_access('administer shoutbox')) {
    $users[0] = variable_get('anonymous', 'Anonymous');
    $result = db_query("SELECT uid, name FROM {users} WHERE name <> '' ORDER BY name");
    while ($usr = db_fetch_object($result)) {
      $users[$usr->uid] = $usr->name;
    }
    $form['uid'] = array(
      '#type' => 'select',
      '#title' => t('Author'),
      '#default_value' => $shout->uid,
      '#options' => $users,
    );
  }
  if (_shoutbox_user_access('edit own shouts', $shout)) {
    if (!variable_get('shoutbox_shownamefield', 1) && $user->uid) {
      $form['nick'] = array(
        '#type' => 'hidden',
        '#value' => $shout->nick,
      );
    }
    else {
      $form['nick'] = array(
        '#type' => 'textfield',
        '#title' => t('Name/Nick'),
        '#default_value' => $shout->nick,
        '#size' => 16,
        '#maxlength' => 55,
      );
    }
    $form['shout'] = array(
      '#type' => 'textarea',
      '#title' => t('Shout'),
      '#default_value' => $shout->shout,
      '#cols' => 13,
      '#rows' => 7,
    );
    if (variable_get('shoutbox_showurlfield', 1)) {
      $form['url'] = array(
        '#type' => 'textfield',
        '#title' => t('URL'),
        '#default_value' => $shout->url,
        '#size' => 16,
        '#maxlength' => 55,
      );
    }
    $form['shout_id'] = array(
      '#type' => 'hidden',
      '#value' => $shout->shout_id,
    );
  }

  $form = confirm_form($form, t(''), t(''), t(''), t('Update'), t('Cancel'));
  return $form;
}

New shoutbox_perm() function. I added a 'view shouts' permission:

function shoutbox_perm() {
  return array('post shouts', 'administer shoutbox', 'moderate shoutbox',
               'post shouts without approval', 'delete own shouts',
               'edit own shouts', 'view shouts');
}

Edit the access_arguments in hook_menu() now..

function shoutbox_menu() {
  $items = array();

  $items['shoutbox'] = array(
    'title' => 'All Shouts',
    'page callback' => 'shoutbox_page_view',
    'access arguments' => array('view shouts'),
    'type' => MENU_CALLBACK,
  );
  $items['shoutbox/js/view'] = array(
    'title' => 'View Shouts',
    'page callback' => 'shoutbox_js_view',
    'access arguments' => array('view shouts'),
    'type' => MENU_CALLBACK,
  );
  $items['shoutbox/%shoutbox/edit'] = array(
    'title' => 'Edit Shout',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('shoutbox_edit_form', 1),
    'access callback' => '_shoutbox_user_access',
    'access arguments' => array('edit own shouts', 1),
    'type' => MENU_CALLBACK,
  );
  $items['shoutbox/%shoutbox/delete'] = array(
    'title' => 'Delete Shout',
    'page callback' => 'theme',
    'page arguments' => array('shoutbox_delete_form', 1),
    'access callback' => '_shoutbox_user_access',
    'access arguments' => array('delete own shouts', 1),
    'type' => MENU_CALLBACK,
  );
  $items['shoutbox/%shoutbox/publish'] = array(
    'title' => 'Publish Shout',
    'page callback' => 'theme',
    'page arguments' => array('shoutbox_publish_form', 1),
    'access callback' => '_shoutbox_user_access',
    'access arguments' => array('moderate shoutbox'),
    'type' => MENU_CALLBACK,
  );
  $items['shoutbox/%shoutbox/unpublish'] = array(
    'title' => 'Unpublish Shout',
    'page callback' => 'theme',
    'page arguments' => array('shoutbox_unpublish_form', 1),
    'access callback' => '_shoutbox_user_access',
    'access arguments' => array('moderate shoutbox'),
    'type' => MENU_CALLBACK,
  );

  $items['admin/settings/shoutbox'] = array(
    'title' => 'Shoutbox',
    'description' => 'Settings for displaying and deleting shouts',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('shoutbox_admin_settings'),
    'access arguments' => array('administer site configuration'),
    'type' => MENU_NORMAL_ITEM,
  );
  return $items;
}

And now change the user_access in hook_block()...

function shoutbox_block($op = 'list', $delta = 0, $edit = array()) {
  switch ($op) {
    case 'list':
      $blocks[0]["info"] = t("Shoutbox");
      return $blocks;
      break;

    case 'view':
      $block = array();
      drupal_add_css(drupal_get_path('module', 'shoutbox') .'/shoutbox.css');
      switch ($delta) {
        case 0:
          if (user_access("view shouts")) {
            // BUGBUG - why are we looking at $_GET
            if (!stristr($_GET['q'], 'shoutbox')) {
              // Bind submission to submit.
              drupal_add_js('misc/jquery.form.js');
              drupal_add_js(drupal_get_path('module', 'shoutbox') .'/shoutbox-form.js', 'module');
              $block["subject"] = t("Shout Box");
              $block["content"] = _shoutbox_block_view();
            }
          }
      }
      return $block;
      break;
    default :
      break;
  }
  return;
}