Index: modules/node/node.module =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.module,v retrieving revision 1.776.2.21 diff -u -p -r1.776.2.21 node.module --- modules/node/node.module 29 Sep 2007 23:41:28 -0000 1.776.2.21 +++ modules/node/node.module 15 Oct 2007 03:50:19 -0000 @@ -798,6 +798,8 @@ function node_perm() { if ($type->module == 'node') { $name = check_plain($type->type); $perms[] = 'create '. $name .' content'; + $perms[] = 'delete own '. $name .' content'; + $perms[] = 'delete '. $name .' content'; $perms[] = 'edit own '. $name .' content'; $perms[] = 'edit '. $name .' content'; } @@ -2998,11 +3000,17 @@ function node_content_access($op, $node) return user_access('create '. $type .' content'); } - if ($op == 'update' || $op == 'delete') { + if ($op == 'update') { if (user_access('edit '. $type .' content') || (user_access('edit own '. $type .' content') && ($user->uid == $node->uid))) { return TRUE; } } + + if ($op == 'delete') { + if (user_access('delete '. $type .' content') || (user_access('delete own '. $type .' content') && ($user->uid == $node->uid))) { + return TRUE; + } + } } /** Index: modules/system/system.install =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.install,v retrieving revision 1.69.2.5 diff -u -p -r1.69.2.5 system.install --- modules/system/system.install 17 Sep 2007 01:21:11 -0000 1.69.2.5 +++ modules/system/system.install 15 Oct 2007 03:50:21 -0000 @@ -3514,6 +3514,47 @@ function system_update_1022() { return $ret; } +/** + * Set new delete permissions to same values as edit permissions. + */ +function system_update_1023() { + $ret = array(); + + foreach (node_get_types() as $type) { + if ($type->module == 'node') { + $name = check_plain($type->type); + + // Get an array containing edit permissions for each node type. + $edit_perms[] = $edit_text = ', edit '. $name .' content, '; + $edit_perms[] = $edit_own_text = ', edit own '. $name .' content, '; + + // Get an array containing edit and delete permissions for each node type. + $edit_delete_perms[] = $edit_text .'delete '. $name .' content, '; + $edit_delete_perms[] = $edit_own_text .'delete own '. $name .' content, '; + + } + } + + if (isset($edit_perms)) { + + // Get all roles and permissions from the database. + $result = db_query("SELECT rid, perm FROM {permission}"); + + // Add corresponding delete permissions everywhere there is an edit permission. + while ($data = db_fetch_object($result)) { + $old_perm = ', '. $data->perm .', '; //add leading and trailing commas + $new_perm = str_replace($edit_perms, $edit_delete_perms, $old_perm); + $new_perm = substr($new_perm, 2, strlen($new_perm)-4); //remove leading and trailing commas + $ret[] = update_sql("UPDATE {permission} SET perm = '$new_perm' WHERE rid = $data->rid"); + } + + drupal_set_message(t('Drupal now has separate edit and delete permissions (previously, users who were able to edit content were automatically allowed to delete it). Your database has been updated so your site continues to behave as it did before. However, if you would like to take advantage of the new features, you can set the relevant permissions now.', array('@permissions' => url('admin/user/access', NULL, 'module-node'))), 'error'); + + } + + return $ret; +} + /** * @} End of "defgroup updates-5.x-extra" */