--- recent_changes.module.old	2008-02-26 18:44:02.703125000 +0100
+++ recent_changes.module	2008-02-26 18:49:48.546875000 +0100
@@ -6,12 +6,6 @@
  * List of recent changes over all node revisions and comments
  */
 
-/**
- * Implementation of hook_perm().
- */
-function recent_changes_perm() {
-  return array('access recent changes');
-}
 
 /**
  * Implementation of hook_help().
@@ -35,7 +29,7 @@ function recent_changes_menu($may_cache)
       'title' => t('Recent changes'),
       'path' => 'recent_changes',
       'callback' => 'recent_changes_view',
-      'access' => user_access('access recent changes'),
+      'access' => user_access('access content'),
       'type' => MENU_NORMAL_ITEM
     );
     $items[] = array(
@@ -126,15 +120,15 @@ function recent_changes_admin_settings()
     '#type' => 'checkbox',
     '#title' => t('List inaccessible revisions'),
     '#return_value' => 1,
-    '#default_value' => variable_get('recent_changes_list_inacces_revisions_in_feeds', TRUE),
+    '#default_value' => variable_get('recent_changes_list_inacces_revisions_in_feeds', FALSE),
     '#description' => t('Usually no login takes place when the recent changes feed is accessed, which means that older revisions might not be accessible. Enable this option to list revisions in feeds even if the \'view revisions\' permission is disabled for anonymous users. Note that titles of inaccessible content can be replaced by \'access denied\' messages by disabling the checkbox below.'),
   );
   $form['feed_settings']['recent_changes_list_inacces_nodes_in_feeds']= array(
     '#type' => 'checkbox',
     '#title' => t('List inaccessible nodes'),
     '#return_value' => 1,
-    '#default_value' => variable_get('recent_changes_list_inacces_nodes_in_feeds', TRUE),
-    '#description' => t('Usually no login takes place when the recent changes feed is accessed, which means certain content types might be inaccessible. Enable this option to list inaccessible nodes in feeds. Note that titles of inaccessible content can be replaced by \'access denied\' messages by disabling the checkbox below.'),
+    '#default_value' => variable_get('recent_changes_list_inacces_nodes_in_feeds', FALSE),
+    '#description' => t('Usually no login takes place when the recent changes feed is accessed, which means certain nodes or nodes with certain content types might be inaccessible. Enable this option to list inaccessible nodes in feeds. Note that titles of inaccessible content can be replaced by \'access denied\' messages by disabling the checkbox below.'),
   );
   $form['feed_settings']['recent_changes_show_access_denied_titles']= array(
     '#type' => 'checkbox',
@@ -217,7 +211,7 @@ function recent_changes_page() {
   $header = array('', '', t('Type'), t('Title'), t('User'), t('Log'));
 
   // SQL results provided by pager implementation
-  list($sql, $count_sql) = _recent_changes_query($node_types, user_access('view revisions'));
+  list($sql, $count_sql) = _recent_changes_query($node_types, user_access('view revisions'), FALSE);
   $sql_results = pager_query($sql, variable_get('recent_changes_entries_per_page', 50), 0, $count_sql);
 
   // put database results in $results
@@ -266,15 +260,15 @@ function recent_changes_page() {
 function recent_changes_feed($node_types = NULL) {
   global $base_url;
 
-  $list_inaccess_content = variable_get('recent_changes_list_inacces_nodes_in_feeds', TRUE);
+  $list_inaccess_content = variable_get('recent_changes_list_inacces_nodes_in_feeds', FALSE);
   $node_types = ($list_inaccess_content) ? _recent_changes_array_node_types($node_types) : _recent_changes_parse_node_types($node_types);
   $show_access_denied_titles = variable_get('recent_changes_show_access_denied_titles', TRUE);
   $item_type = variable_get('recent_changes_feed_item_type', 'teaser');
   $teaser = ($item_type == 'teaser');
-  $load_revisions = user_access('view revisions') || variable_get('recent_changes_list_inacces_revisions_in_feeds', TRUE);
-
+  $load_revisions = user_access('view revisions') || variable_get('recent_changes_list_inacces_revisions_in_feeds', FALSE);
+  
   // perform sql query
-  list($sql, $count_sql) = _recent_changes_query($node_types, $load_revisions);
+  list($sql, $count_sql) = _recent_changes_query($node_types, $load_revisions, $list_inaccess_content);
   $sql_results = db_query($sql . " LIMIT %d", variable_get('recent_changes_feed_default_items', 10));
 
   // put database results in $results
@@ -495,17 +489,19 @@ function _recent_changes_parse_results($
 
 /**
  * Build SQL query depending on node type filter and comments filter.
- * Inaccessible node types should already have been filtered out by this stage.
- * If the load_revisions is false, only the recent changes from the {node} table are used, otherwise older revisions might also show up if they were recently changed.
+ * Inaccessible node_types should already have been filtered out by this stage.
+ * If $load_revisions is false, only the recent changes from the {node} table are used, otherwise older revisions might also show up if they were recently changed.
+ * Note that db_rewrite_sql is used on queries when $load_inaccess is FALSE. Otherwise all nodes are selected whose types are in $node_types 
 */
-function _recent_changes_query($node_types, $load_revisions) {
+function _recent_changes_query($node_types, $load_revisions, $load_inaccess) {
   // show comments
   $comment_index = array_search('comment', $node_types);
   $show_comments = (!is_bool($comment_index) && !is_null($comment_index));
 
   // if only comments is selected, show comments for all allowed node types
+  $allowed_node_types = ($load_inaccess) ? _recent_changes_array_node_types() : _recent_changes_parse_node_types();
   $comments_only = (count($node_types) == 1 && $node_types[0] === 'comment');
-  $node_types = $comments_only ? _recent_changes_parse_node_types() : $node_types;
+  $node_types = ($comments_only) ? $allowed_node_types : $node_types;
 
   // construct node type query (note that leading and trailing single quotes (') need to be added later)
   $where_type = implode("', '", $node_types);
@@ -516,14 +512,24 @@ function _recent_changes_query($node_typ
   $comment_where = ($where_type && $show_comments) ? "WHERE n.type IN ('$where_type')" : "WHERE FALSE";
 
   // queries to get the selected nodes, comments and revisions for the selected node types
-  $nodes_query     = db_rewrite_sql("SELECT n.nid, n.vid, n.vid AS cvid, n.uid, u.name, r.title, '' AS log, n.created, r.timestamp, n.type, 0 AS cid, '' AS subject, '' AS comment, r.uid AS auid, a.name AS aname FROM {node} n LEFT JOIN {node_revisions} r ON n.vid = r.vid LEFT JOIN {users} u ON n.uid = u.uid LEFT JOIN {users} a ON r.uid = a.uid $node_where AND n.status >= 1");
-  $revisions_query = db_rewrite_sql("SELECT r.nid, r.vid, n.vid AS cvid, n.uid, u.name, r.title, r.log, n.created, r.timestamp, n.type, 0 AS cid, '' AS subject, '' AS comment, r.uid AS auid, a.name AS aname FROM {node_revisions} r LEFT JOIN {node} n ON r.nid = n.nid LEFT JOIN {users} u ON n.uid = u.uid LEFT JOIN {users} a ON r.uid = a.uid $revision_where AND n.status >= 1");
-  $comments_query  = db_rewrite_sql("SELECT c.nid, n.vid, n.vid AS cvid, n.uid, u.name, n.title, '' AS log, c.timestamp AS created, c.timestamp, n.type, c.cid, c.subject, c.comment, c.uid AS auid, c.name AS aname FROM {comments} c LEFT JOIN {node} n ON c.nid = n.nid LEFT JOIN {users} u ON n.uid = u.uid $comment_where AND n.status >= 1");
+  $nodes_query     = "SELECT n.nid, n.vid, n.vid AS cvid, n.uid, u.name, r.title, '' AS log, n.created, r.timestamp, n.type, 0 AS cid, '' AS subject, '' AS comment, r.uid AS auid, a.name AS aname FROM {node} n LEFT JOIN {node_revisions} r ON n.vid = r.vid LEFT JOIN {users} u ON n.uid = u.uid LEFT JOIN {users} a ON r.uid = a.uid $node_where AND n.status >= 1";
+  $revisions_query = "SELECT r.nid, r.vid, n.vid AS cvid, n.uid, u.name, r.title, r.log, n.created, r.timestamp, n.type, 0 AS cid, '' AS subject, '' AS comment, r.uid AS auid, a.name AS aname FROM {node_revisions} r LEFT JOIN {node} n ON r.nid = n.nid LEFT JOIN {users} u ON n.uid = u.uid LEFT JOIN {users} a ON r.uid = a.uid $revision_where AND n.status >= 1";
+  $comments_query  = "SELECT c.nid, n.vid, n.vid AS cvid, n.uid, u.name, n.title, '' AS log, c.timestamp AS created, c.timestamp, n.type, c.cid, c.subject, c.comment, c.uid AS auid, c.name AS aname FROM {comments} c LEFT JOIN {node} n ON c.nid = n.nid LEFT JOIN {users} u ON n.uid = u.uid $comment_where AND n.status >= 1";
 
   // counter queries
-  $node_count = db_rewrite_sql("SELECT COUNT(*) FROM {node} n $node_where AND n.status >= 1");
-  $revision_count = db_rewrite_sql("SELECT COUNT(*) FROM {node_revisions} r JOIN {node} n ON r.nid = n.nid $revision_where AND n.status >= 1");
-  $comment_count = db_rewrite_sql("SELECT COUNT(*) FROM {comments} c LEFT JOIN {node} n ON c.nid = n.nid $comment_where AND n.status >= 1");
+  $node_count = "SELECT COUNT(*) FROM {node} n $node_where AND n.status >= 1";
+  $revision_count = "SELECT COUNT(*) FROM {node_revisions} r JOIN {node} n ON r.nid = n.nid $revision_where AND n.status >= 1";
+  $comment_count = "SELECT COUNT(*) FROM {comments} c LEFT JOIN {node} n ON c.nid = n.nid $comment_where AND n.status >= 1";
+
+  // rewrite if necessary
+  if (!$load_inaccess) {
+    $nodes_query = db_rewrite_sql($nodes_query);
+    $revisions_query = db_rewrite_sql($revisions_query);
+    $comments_query = db_rewrite_sql($comments_query);
+    $node_count = db_rewrite_sql($node_count);
+    $revision_count = db_rewrite_sql($revision_count);
+    $comment_count = db_rewrite_sql($comment_count);
+  }
 
   // unify queries
   $sql = "($nodes_query) UNION ALL ($revisions_query) UNION ALL ($comments_query) ORDER BY timestamp DESC";
@@ -619,6 +625,13 @@ function _recent_changes_get_diff($node,
  */
 function _recent_changes_access_check($node_types) {
 
+  // Check with db_rewrite_sql which node types are not allowed (i.e. WHERE n.type NOT IN ('module_node_type_name'))
+  $tsql = db_rewrite_sql('SELECT * FROM node n');
+  $tpattern = '/n\.type\s*NOT\s*IN\s*(\(+)([\s*\'\w\'\,\s*]+)(\)+)/';
+  $tmatches = array();
+  preg_match_all($tpattern, $tsql, $tmatches);
+  $dbrw_node_types = preg_split("/[\s*\,\s*]+/", implode(',', $tmatches[2]));
+
   // Check for each node type (and comments) whether current user has 'view' access to it
   foreach ($node_types as $key=>$type) {
     $access = FALSE;
@@ -631,7 +644,7 @@ function _recent_changes_access_check($n
         $access = user_access('access content');
       }
       else {
-        // this would be the right way to implement access checks, but unfortunately most modules don't implement it
+        // This would be the right way to implement access checks, but unfortunately most modules don't implement it
         $access = module_invoke($module, 'access', 'view', NULL);
 
         // If $access is empty, we try it another way:
@@ -648,6 +661,9 @@ function _recent_changes_access_check($n
       }
     }
 
+    // Check if the node type is in db_rewrite_sql disallowed node types
+    $access &= !(in_array("'$type'", $dbrw_node_types));
+
     // If the user has no access, remove the content type from the list
     if (!$access) {
       unset($node_types[$key]);