Index: install.php
===================================================================
RCS file: /cvs/drupal/drupal/install.php,v
retrieving revision 1.168
diff -u -p -r1.168 install.php
--- install.php	12 May 2009 08:37:44 -0000	1.168
+++ install.php	20 May 2009 21:02:49 -0000
@@ -806,6 +806,19 @@ function install_tasks($profile, $task) 
 
   // The end of the install process. Remember profile used.
   if ($task == 'done') {
+    // Make sure that the first user account has the role that is supposed to
+    // be assigned to newly-registered users. This is necessary since this
+    // account is not created via the normal user_save() process.
+    $registration_rid = variable_get('drupal_registration_rid');
+    if (!empty($registration_rid)) {
+      db_insert('users_roles')
+        ->fields(array(
+          'uid' => 1,
+          'rid' => $registration_rid,
+        ))
+        ->execute();
+    }
+
     // Rebuild menu and registry to get content type links registered by the
     // profile, and possibly any other menu items created through the tasks.
     menu_rebuild();
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.280
diff -u -p -r1.280 bootstrap.inc
--- includes/bootstrap.inc	12 May 2009 18:08:42 -0000	1.280
+++ includes/bootstrap.inc	20 May 2009 21:02:49 -0000
@@ -120,14 +120,14 @@ define('DRUPAL_BOOTSTRAP_DATABASE', 2);
 define('DRUPAL_BOOTSTRAP_ACCESS', 3);
 
 /**
- * Fifth bootstrap phase: initialize session handling.
+ * Fifth bootstrap phase: initialize the variable system.
  */
-define('DRUPAL_BOOTSTRAP_SESSION', 4);
+define('DRUPAL_BOOTSTRAP_VARIABLES', 4);
 
 /**
- * Sixth bootstrap phase: initialize the variable system.
+ * Sixth bootstrap phase: initialize session handling.
  */
-define('DRUPAL_BOOTSTRAP_VARIABLES', 5);
+define('DRUPAL_BOOTSTRAP_SESSION', 5);
 
 /**
  * Seventh bootstrap phase: load bootstrap.inc and module.inc, start
@@ -152,16 +152,6 @@ define('DRUPAL_BOOTSTRAP_PATH', 8);
 define('DRUPAL_BOOTSTRAP_FULL', 9);
 
 /**
- * Role ID for anonymous users; should match what's in the "role" table.
- */
-define('DRUPAL_ANONYMOUS_RID', 1);
-
-/**
- * Role ID for authenticated users; should match what's in the "role" table.
- */
-define('DRUPAL_AUTHENTICATED_RID', 2);
-
-/**
  * The number of bytes in a kilobyte. For more information, visit
  * http://en.wikipedia.org/wiki/Kilobyte.
  */
@@ -1255,13 +1245,36 @@ function drupal_anonymous_user($session 
   $user->uid = 0;
   $user->hostname = ip_address();
   $user->roles = array();
-  $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
+  $anonymous_role = drupal_anonymous_role();
+  if (!empty($anonymous_role)) {
+    $user->roles[$anonymous_role->rid] = $anonymous_role->name;
+  }
   $user->session = $session;
   $user->cache = 0;
   return $user;
 }
 
 /**
+ * Returns the anonymous user role, if there is one.
+ */
+function drupal_anonymous_role() {
+  $anonymous_rid = variable_get('drupal_anonymous_rid');
+  if (!empty($anonymous_rid)) {
+    return db_query("SELECT * FROM {role} WHERE rid = :rid", array(':rid' => $anonymous_rid))->fetchObject();
+  }
+}
+
+/**
+ * Returns the role that users get upon registration, if there is one.
+ */
+function drupal_registration_role() {
+  $registration_rid = variable_get('drupal_registration_rid');
+  if (!empty($registration_rid)) {
+    return db_query("SELECT * FROM {role} WHERE rid = :rid", array(':rid' => $registration_rid))->fetchObject();
+  }
+}
+
+/**
  * A string describing a phase of Drupal to load. Each phase adds to the
  * previous one, so invoking a later phase automatically runs the earlier
  * phases too. The most important usage is that if you want to access the
@@ -1274,8 +1287,8 @@ function drupal_anonymous_user($session 
  *     DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE: try to call a non-database cache fetch routine.
  *     DRUPAL_BOOTSTRAP_DATABASE: initialize database layer.
  *     DRUPAL_BOOTSTRAP_ACCESS: identify and reject banned hosts.
- *     DRUPAL_BOOTSTRAP_SESSION: initialize session handling.
  *     DRUPAL_BOOTSTRAP_VARIABLES: initialize variable handling.
+ *     DRUPAL_BOOTSTRAP_SESSION: initialize session handling.
  *     DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE: load bootstrap.inc and module.inc, start
  *       the variable system and try to serve a page from the cache.
  *     DRUPAL_BOOTSTRAP_LANGUAGE: identify the language used on the page.
@@ -1288,8 +1301,8 @@ function drupal_bootstrap($phase = NULL)
     DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE,
     DRUPAL_BOOTSTRAP_DATABASE,
     DRUPAL_BOOTSTRAP_ACCESS,
-    DRUPAL_BOOTSTRAP_SESSION,
     DRUPAL_BOOTSTRAP_VARIABLES,
+    DRUPAL_BOOTSTRAP_SESSION,
     DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE,
     DRUPAL_BOOTSTRAP_LANGUAGE,
     DRUPAL_BOOTSTRAP_PATH,
@@ -1362,6 +1375,11 @@ function _drupal_bootstrap($phase) {
       }
       break;
 
+    case DRUPAL_BOOTSTRAP_VARIABLES:
+      // Initialize configuration variables, using values from settings.php if available.
+      $conf = variable_init(isset($conf) ? $conf : array());
+      break;
+
     case DRUPAL_BOOTSTRAP_SESSION:
       require_once DRUPAL_ROOT . '/' . variable_get('session_inc', 'includes/session.inc');
       session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy_sid', '_sess_gc');
@@ -1377,11 +1395,6 @@ function _drupal_bootstrap($phase) {
       }
       break;
 
-    case DRUPAL_BOOTSTRAP_VARIABLES:
-      // Initialize configuration variables, using values from settings.php if available.
-      $conf = variable_init(isset($conf) ? $conf : array());
-      break;
-
     case DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE:
       $cache_mode = variable_get('cache', CACHE_DISABLED);
       // Get the page from the cache.
Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.68
diff -u -p -r1.68 session.inc
--- includes/session.inc	3 Apr 2009 17:41:32 -0000	1.68
+++ includes/session.inc	20 May 2009 21:02:49 -0000
@@ -92,7 +92,6 @@ function _sess_read($key) {
 
     // Add roles element to $user.
     $user->roles = array();
-    $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
     $user->roles += db_query("SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed(0, 1);
   }
   // We didn't find the client's record (session has expired), or they
Index: modules/block/block.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/block/block.module,v
retrieving revision 1.332
diff -u -p -r1.332 block.module
--- modules/block/block.module	16 May 2009 15:23:15 -0000	1.332
+++ modules/block/block.module	20 May 2009 21:02:49 -0000
@@ -408,13 +408,15 @@ function block_box_save($edit, $delta) {
 function block_user_form(&$edit, &$account, $category = NULL) {
   if ($category == 'account') {
     $rids = array_keys($account->roles);
-    $result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom <> 0 AND (r.rid IN (:rids) OR r.rid IS NULL) ORDER BY b.weight, b.module", array(':rids' => $rids));
-    $form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
-    while ($block = db_fetch_object($result)) {
-      $data = module_invoke($block->module, 'block_list');
-      if ($data[$block->delta]['info']) {
-        $return = TRUE;
-        $form['block'][$block->module][$block->delta] = array('#type' => 'checkbox', '#title' => check_plain($data[$block->delta]['info']), '#default_value' => isset($account->block[$block->module][$block->delta]) ? $account->block[$block->module][$block->delta] : ($block->custom == 1));
+    if (!empty($rids)) {
+      $result = db_query("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom <> 0 AND (r.rid IN (:rids) OR r.rid IS NULL) ORDER BY b.weight, b.module", array(':rids' => $rids));
+      $form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
+      while ($block = db_fetch_object($result)) {
+        $data = module_invoke($block->module, 'block_list');
+        if ($data[$block->delta]['info']) {
+          $return = TRUE;
+          $form['block'][$block->module][$block->delta] = array('#type' => 'checkbox', '#title' => check_plain($data[$block->delta]['info']), '#default_value' => isset($account->block[$block->module][$block->delta]) ? $account->block[$block->module][$block->delta] : ($block->custom == 1));
+        }
       }
     }
 
@@ -572,6 +574,10 @@ function _block_load_blocks() {
 
   $blocks = array();
   $rids = array_keys($user->roles);
+  if (empty($rids)) {
+    // TODO: Actually rewrite the query in this case, rather than this hack.
+    $rids = array(0);
+  }
   $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {block} b LEFT JOIN {block_role} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (" . db_placeholders($rids) . ") OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), array_merge(array($theme_key), $rids));
   while ($block = db_fetch_object($result)) {
     if (!isset($blocks[$block->region])) {
@@ -711,7 +717,10 @@ function _block_get_cache_id($block) {
     // resource drag for sites with many users, so when a module is being
     // equivocal, we favor the less expensive 'PER_ROLE' pattern.
     if ($block->cache & BLOCK_CACHE_PER_ROLE) {
-      $cid_parts[] = 'r.' . implode(',', array_keys($user->roles));
+      $rids = array_keys($user->roles);
+      if (!empty($rids)) {
+        $cid_parts[] = 'r.' . implode(',', $rids);
+      }
     }
     elseif ($block->cache & BLOCK_CACHE_PER_USER) {
       $cid_parts[] = "u.$user->uid";
@@ -763,4 +772,4 @@ function template_preprocess_block(&$var
   $variables['template_files'][] = 'block-' . $variables['block']->region;
   $variables['template_files'][] = 'block-' . $variables['block']->module;
   $variables['template_files'][] = 'block-' . $variables['block']->module . '-' . $variables['block']->delta;
-}
\ No newline at end of file
+}
Index: modules/blogapi/blogapi.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/blogapi/blogapi.module,v
retrieving revision 1.150
diff -u -p -r1.150 blogapi.module
--- modules/blogapi/blogapi.module	9 May 2009 18:28:11 -0000	1.150
+++ modules/blogapi/blogapi.module	20 May 2009 21:02:49 -0000
@@ -422,7 +422,7 @@ function blogapi_metaweblog_new_media_ob
   $usersize = 0;
   $uploadsize = 0;
 
-  $roles = array_intersect(user_roles(FALSE, 'administer content with blog api'), $user->roles);
+  $roles = array_intersect(user_roles('administer content with blog api'), $user->roles);
 
   foreach ($roles as $rid => $name) {
     $extensions .= ' ' . strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
@@ -770,7 +770,7 @@ function blogapi_admin_settings() {
 
   $form['settings_general']['upload_max_size'] = array('#value' => '<p>'. t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))).'</p>');
 
-  $roles = user_roles(FALSE, 'administer content with blog api');
+  $roles = user_roles('administer content with blog api');
   $form['roles'] = array('#type' => 'value', '#value' => $roles);
 
   foreach ($roles as $rid => $role) {
Index: modules/comment/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v
retrieving revision 1.709
diff -u -p -r1.709 comment.module
--- modules/comment/comment.module	12 May 2009 08:37:44 -0000	1.709
+++ modules/comment/comment.module	20 May 2009 21:02:49 -0000
@@ -1915,16 +1915,17 @@ function theme_comment_thread_expanded($
  */
 function theme_comment_post_forbidden($node) {
   global $user;
-  static $authenticated_post_comments;
+  static $registered_post_comments;
 
-  if (!$user->uid) {
-    if (!isset($authenticated_post_comments)) {
-      // We only output any link if we are certain, that users get permission
-      // to post comments by logging in. We also locally cache this information.
-      $authenticated_post_comments = array_key_exists(DRUPAL_AUTHENTICATED_RID, user_roles(TRUE, 'post comments') + user_roles(TRUE, 'post comments without approval'));
+  if (!$user->uid && variable_get('user_register', 1)) {
+    // We only output the link if we are certain that new users get permission
+    // to post comments by registering. We also locally cache this information.
+    if (!isset($registered_post_comments)) {
+      $registration_rid = variable_get('drupal_registration_rid');
+      $registered_post_comments = !empty($registration_rid) && array_key_exists($registration_rid, user_roles('post comments') + user_roles('post comments without approval'));
     }
 
-    if ($authenticated_post_comments) {
+    if ($registered_post_comments) {
       // We cannot use drupal_get_destination() because these links
       // sometimes appear on /node and taxonomy listing pages.
       if (variable_get('comment_form_location_' . $node->type, COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
@@ -1933,15 +1934,7 @@ function theme_comment_post_forbidden($n
       else {
         $destination = 'destination=' . drupal_urlencode("node/$node->nid#comment-form");
       }
-
-      if (variable_get('user_register', 1)) {
-        // Users can register themselves.
-        return t('<a href="@login">Login</a> or <a href="@register">register</a> to post comments', array('@login' => url('user/login', array('query' => $destination)), '@register' => url('user/register', array('query' => $destination))));
-      }
-      else {
-        // Only admins can add new users, no public registration.
-        return t('<a href="@login">Login</a> to post comments', array('@login' => url('user/login', array('query' => $destination))));
-      }
+      return t('You may <a href="@register">register for an account</a> to post comments', array('@register' => url('user/register', array('query' => $destination))));
     }
   }
 }
Index: modules/search/search.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/search/search.test,v
retrieving revision 1.19
diff -u -p -r1.19 search.test
--- modules/search/search.test	20 May 2009 05:07:02 -0000	1.19
+++ modules/search/search.test	20 May 2009 21:02:50 -0000
@@ -465,15 +465,16 @@ class SearchCommentTestCase extends Drup
     );
     $this->drupalPost('admin/settings/filter/1', $edit, t('Save configuration'));
     // Allow anonymous users to search content.
+    // TODO: Only works for default installation profile.
     $edit = array(
-      DRUPAL_ANONYMOUS_RID . '[search content]' => 1,
+      '1[search content]' => 1,
       // @todo Comments are added to search index without checking first whether
       //   anonymous users are allowed to access comments.
-      DRUPAL_ANONYMOUS_RID . '[access comments]' => 1,
+      '1[access comments]' => 1,
       // @todo Without this permission, "Login or register to post comments" is
       //   added to the search index.  Comment.module is not guilty; that text
       //   seems to be added via node links.
-      DRUPAL_ANONYMOUS_RID . '[post comments]' => 1,
+      '1[post comments]' => 1,
     );
     $this->drupalPost('admin/user/permissions', $edit, t('Save permissions'));
 
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.327
diff -u -p -r1.327 system.install
--- modules/system/system.install	16 May 2009 20:25:20 -0000	1.327
+++ modules/system/system.install	20 May 2009 21:02:50 -0000
@@ -370,19 +370,6 @@ function system_install() {
   // This sets uid 1 (superuser). We skip uid 2 but that's not a big problem.
   db_query("UPDATE {users} SET uid = 1 WHERE name = '%s'", 'placeholder-for-uid-1');
 
-  // Built-in roles.
-  db_query("INSERT INTO {role} (name) VALUES ('%s')", 'anonymous user');
-  db_query("INSERT INTO {role} (name) VALUES ('%s')", 'authenticated user');
-
-  // Anonymous role permissions.
-  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 1, 'access content');
-
-  // Authenticated role permissions.
-  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'access comments');
-  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'access content');
-  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'post comments');
-  db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", 2, 'post comments without approval');
-
   db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", 'theme_default', 's:7:"garland";');
   db_query("UPDATE {system} SET status = %d WHERE type = '%s' AND name = '%s'", 1, 'theme', 'garland');
 
Index: modules/upload/upload.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/upload/upload.admin.inc,v
retrieving revision 1.11
diff -u -p -r1.11 upload.admin.inc
--- modules/upload/upload.admin.inc	11 Jan 2009 21:19:19 -0000	1.11
+++ modules/upload/upload.admin.inc	20 May 2009 21:02:50 -0000
@@ -109,7 +109,7 @@ function upload_admin_settings() {
 
   $form['settings_general']['upload_max_size'] = array('#markup' => '<p>' . t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))) . '</p>');
 
-  $roles = user_roles(FALSE, 'upload files');
+  $roles = user_roles('upload files');
   $form['roles'] = array('#type' => 'value', '#value' => $roles);
 
   foreach ($roles as $rid => $role) {
Index: modules/user/user.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.admin.inc,v
retrieving revision 1.49
diff -u -p -r1.49 user.admin.inc
--- modules/user/user.admin.inc	16 May 2009 20:10:50 -0000	1.49
+++ modules/user/user.admin.inc	20 May 2009 21:02:50 -0000
@@ -182,7 +182,7 @@ function user_admin_account() {
   $destination = drupal_get_destination();
 
   $status = array(t('blocked'), t('active'));
-  $roles = user_roles(TRUE);
+  $roles = user_roles();
   $accounts = array();
   foreach ($result as $account) {
     $accounts[$account->uid] = '';
@@ -278,6 +278,21 @@ function user_admin_settings() {
     '#default_value' => variable_get('user_email_verification', TRUE),
     '#description' => t('New users will be required to validate their e-mail address prior to logging into the site, and will be assigned a system-generated password. If disabled, users will be logged in immediately upon registering, and may select their own passwords during registration.')
   );
+  $user_roles = array(0 => t('<none>')) + user_roles();
+  $form['registration_cancellation']['drupal_anonymous_rid'] = array(
+    '#type' => 'select',
+    '#title' => t('Role to assign to users who are not logged in'),
+    '#default_value' => variable_get('drupal_anonymous_rid'),
+    '#options' => $user_roles,
+    '#description' => t('Visitors to the site who have not yet registered for an account or logged in will be given the permissions associated with this role, if one is selected.'),
+  );
+  $form['registration_cancellation']['drupal_registration_rid'] = array(
+    '#type' => 'select',
+    '#title' => t('Role to assign to users when they register for an account'),
+    '#default_value' => variable_get('drupal_registration_rid'),
+    '#options' => $user_roles,
+    '#description' => t('New users who register for an account on the site will be given this role when their account is first created. Note that if you change this role after your site is in operation, your site may no longer have a single role that all logged-in users are guaranteed to have.'),
+  );
   module_load_include('inc', 'user', 'user.pages');
   $form['registration_cancellation']['user_cancel_method'] = array(
     '#type' => 'item',
@@ -574,12 +589,19 @@ function user_admin_settings() {
  * @see theme_user_admin_perm()
  */
 function user_admin_perm($form_state, $rid = NULL) {
-
   // Retrieve role names for columns.
   $role_names = user_roles();
   if (is_numeric($rid)) {
     $role_names = array($rid => $role_names[$rid]);
   }
+
+  // Show a message if no roles exist.
+  $form = array();
+  if (empty($role_names)) {
+    $form['no_roles'] = array('#markup' => t('This site does not have any user roles. You can create new ones on the <a href="@role_url">role administration page</a>.', array('@role_url' => url('admin/user/roles'))));
+    return $form;
+  }
+
   // Fetch permissions for all roles or the one selected role.
   $role_permissions = user_role_permissions($role_names);
 
@@ -622,8 +644,6 @@ function user_admin_perm($form_state, $r
   }
   $form['submit'] = array('#type' => 'submit', '#value' => t('Save permissions'));
 
-  $form['#attached_js'] = array(drupal_get_path('module', 'user') . '/user.permissions.js');
-
   return $form;
 }
 
@@ -662,6 +682,9 @@ function user_admin_perm_submit($form, &
  */
 function theme_user_admin_perm($form) {
   $roles = user_roles();
+  if (empty($roles)) {
+    return drupal_render_children($form);
+  }
   foreach (element_children($form['permission']) as $key) {
     // Don't take form control structures
     if (is_array($form['permission'][$key])) {
@@ -708,9 +731,6 @@ function theme_user_admin_perm($form) {
 function user_admin_role() {
   $rid = arg(4);
   if ($rid) {
-    if ($rid == DRUPAL_ANONYMOUS_RID || $rid == DRUPAL_AUTHENTICATED_RID) {
-      drupal_goto('admin/user/roles');
-    }
     // Display the edit role form.
     $role = db_query('SELECT * FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchObject();
     $form['name'] = array(
@@ -856,12 +876,7 @@ function theme_user_admin_new_role($form
   $header = array(t('Name'), array('data' => t('Operations'), 'colspan' => 2));
   foreach (user_roles() as $rid => $name) {
     $edit_permissions = l(t('edit permissions'), 'admin/user/permissions/' . $rid);
-    if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
-      $rows[] = array($name, l(t('edit role'), 'admin/user/roles/edit/' . $rid), $edit_permissions);
-    }
-    else {
-      $rows[] = array($name, t('locked'), $edit_permissions);
-    }
+    $rows[] = array($name, l(t('edit role'), 'admin/user/roles/edit/' . $rid), $edit_permissions);
   }
   $rows[] = array(drupal_render($form['name']), array('data' => drupal_render($form['submit']), 'colspan' => 2));
 
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.987
diff -u -p -r1.987 user.module
--- modules/user/user.module	16 May 2009 15:23:16 -0000	1.987
+++ modules/user/user.module	20 May 2009 21:02:50 -0000
@@ -231,11 +231,8 @@ function user_load_multiple($uids = arra
       $picture_fids[] = $record->picture;
       $queried_users[$record->uid] = drupal_unpack($record);
       $queried_users[$record->uid]->roles = array();
-      if ($record->uid) {
-        $queried_users[$record->uid]->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
-      }
-      else {
-        $queried_users[$record->uid]->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
+      if (!$record->uid && ($anonymous_role = drupal_anonymous_role())) {
+        $queried_users[$record->uid]->roles[$anonymous_role->rid] = $anonymous_role->name;
       }
     }
 
@@ -462,12 +459,10 @@ function user_save($account, $edit = arr
 
       $query = db_insert('users_roles')->fields(array('uid', 'rid'));
       foreach (array_keys($edit['roles']) as $rid) {
-        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
-          $query->values(array(
-            'uid' => $account->uid,
-            'rid' => $rid,
-          ));
-        }
+        $query->values(array(
+          'uid' => $account->uid,
+          'rid' => $rid,
+        ));
       }
       $query->execute();
     }
@@ -551,12 +546,19 @@ function user_save($account, $edit = arr
         ->execute();
       $query = db_insert('users_roles')->fields(array('uid', 'rid'));
       foreach (array_keys($edit['roles']) as $rid) {
-        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
-          $query->values(array(
-            'uid' => $edit['uid'],
-            'rid' => $rid,
-          ));
-        }
+        $query->values(array(
+          'uid' => $edit['uid'],
+          'rid' => $rid,
+        ));
+      }
+      // Make sure that the user gets the role they were supposed to be
+      // assigned when they registered.
+      $registration_rid = variable_get('drupal_registration_rid');
+      if (!empty($registration_rid) && !isset($edit['roles'][$registration_rid])) {
+        $query->values(array(
+          'uid' => $edit['uid'],
+          'rid' => $registration_rid,
+        ));
       }
       $query->execute();
     }
@@ -1830,29 +1832,20 @@ function user_edit_form(&$form_state, $u
     );
   }
   if (user_access('administer permissions')) {
-    $roles = user_roles(TRUE);
-
-    // The disabled checkbox subelement for the 'authenticated user' role
-    // must be generated separately and added to the checkboxes element,
-    // because of a limitation in D6 FormAPI not supporting a single disabled
-    // checkbox within a set of checkboxes.
-    // TODO: This should be solved more elegantly. See issue #119038.
-    $checkbox_authenticated = array(
-      '#type' => 'checkbox',
-      '#title' => $roles[DRUPAL_AUTHENTICATED_RID],
-      '#default_value' => TRUE,
-      '#disabled' => TRUE,
-    );
-
-    unset($roles[DRUPAL_AUTHENTICATED_RID]);
+    $roles = user_roles();
     if ($roles) {
       $default = empty($edit['roles']) ? array() : array_keys($edit['roles']);
+      if ($register) {
+        $registration_rid = variable_get('drupal_registration_rid');
+        if (!empty($registration_rid) && !in_array($registration_rid, $default)) {
+          $default[] = $registration_rid;
+        }
+      }
       $form['account']['roles'] = array(
         '#type' => 'checkboxes',
         '#title' => t('Roles'),
         '#default_value' => $default,
         '#options' => $roles,
-        DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
       );
     }
   }
@@ -2126,8 +2119,6 @@ Your account on !site has been canceled.
 /**
  * Retrieve an array of roles matching specified conditions.
  *
- * @param $membersonly
- *   Set this to TRUE to exclude the 'anonymous' role.
  * @param $permission
  *   A string containing a permission. If set, only roles containing that
  *   permission are returned.
@@ -2136,38 +2127,18 @@ Your account on !site has been canceled.
  *   An associative array with the role id as the key and the role name as
  *   value.
  */
-function user_roles($membersonly = FALSE, $permission = NULL) {
-  // System roles take the first two positions.
-  $roles = array(
-    DRUPAL_ANONYMOUS_RID => NULL,
-    DRUPAL_AUTHENTICATED_RID => NULL,
-  );
-
+function user_roles($permission = NULL) {
   if (!empty($permission)) {
     $result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = :permission ORDER BY r.name", array(':permission' => $permission));
   }
   else {
     $result = db_query('SELECT * FROM {role} ORDER BY name');
   }
-
+  $roles = array();
   foreach ($result as $role) {
-    switch ($role->rid) {
-      // We only translate the built in role names
-      case DRUPAL_ANONYMOUS_RID:
-        if (!$membersonly) {
-          $roles[$role->rid] = t($role->name);
-        }
-        break;
-      case DRUPAL_AUTHENTICATED_RID:
-        $roles[$role->rid] = t($role->name);
-        break;
-      default:
-        $roles[$role->rid] = $role->name;
-    }
+    $roles[$role->rid] = $role->name;
   }
-
-  // Filter to remove unmatched system roles.
-  return array_filter($roles);
+  return $roles;
 }
 
 /**
@@ -2189,8 +2160,7 @@ function user_user_operations($form_stat
   );
 
   if (user_access('administer permissions')) {
-    $roles = user_roles(TRUE);
-    unset($roles[DRUPAL_AUTHENTICATED_RID]);  // Can't edit authenticated role.
+    $roles = user_roles();
 
     $add_roles = array();
     foreach ($roles as $key => $value) {
@@ -2429,8 +2399,7 @@ function _user_sort($a, $b) {
 function user_filters() {
   // Regular filters
   $filters = array();
-  $roles = user_roles(TRUE);
-  unset($roles[DRUPAL_AUTHENTICATED_RID]); // Don't list authorized role.
+  $roles = user_roles();
   if (count($roles)) {
     $filters['role'] = array(
       'title' => t('role'),
@@ -2475,22 +2444,7 @@ function user_build_filter_query(SelectQ
   // Extend Query with filter conditions.
   foreach ($_SESSION['user_overview_filter'] as $filter) {
     list($key, $value) = $filter;
-    // This checks to see if this permission filter is an enabled permission for
-    // the authenticated role. If so, then all users would be listed, and we can
-    // skip adding it to the filter query.
-    if ($key == 'permission') {
-      $account = new stdClass();
-      $account->uid = 'user_filter';
-      $account->roles = array(DRUPAL_AUTHENTICATED_RID => 1);
-      if (user_access($value, $account)) {
-        continue;
-      }
-      $query->leftJoin('role_permission', 'p', 'ur.rid = p.rid');
-      $query->condition(db_or()->condition('u.uid', 1)->condition('p.permission', $value));
-    }
-    else {
-      $query->condition($filters[$key]['field'], $value);
-    }
+    $query->condition($filters[$key]['field'], $value);
   }
 }
 
Index: modules/user/user.permissions.js
===================================================================
RCS file: modules/user/user.permissions.js
diff -N modules/user/user.permissions.js
--- modules/user/user.permissions.js	12 May 2009 08:33:19 -0000	1.1
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-// $Id: user.permissions.js,v 1.1 2009/05/12 08:33:19 dries Exp $
-(function ($) {
-
-/**
- * Shows checked and disabled checkboxes for inherited permissions.
- */
-Drupal.behaviors.permissions = {
-  attach: function (context) {
-    $('table#permissions:not(.permissions-processed)').each(function () {
-      // Create dummy checkboxes. We use dummy checkboxes instead of reusing
-      // the existing checkboxes here because new checkboxes don't alter the
-      // submitted form. If we'd automatically check existing checkboxes, the
-      // permission table would be polluted with redundant entries. This
-      // is deliberate, but desirable when we automatically check them.
-      $(':checkbox', this).not('[name^="2["]').not('[name^="1["]').each(function () {
-        $(this).addClass('real-checkbox');
-        $('<input type="checkbox" class="dummy-checkbox" disabled="disabled" checked="checked" />')
-          .attr('title', Drupal.t("This permission is inherited from the authenticated user role."))
-          .hide()
-          .insertAfter(this);
-      });
-
-      // Helper function toggles all dummy checkboxes based on the checkboxes'
-      // state. If the "authenticated user" checkbox is checked, the checked
-      // and disabled checkboxes are shown, the real checkboxes otherwise.
-      var toggle = function () {
-        $(this).closest('tr')
-          .find('.real-checkbox')[this.checked ? 'hide' : 'show']().end()
-          .find('.dummy-checkbox')[this.checked ? 'show' : 'hide']();
-      };
-
-      // Initialize the authenticated user checkbox.
-      $(':checkbox[name^="2["]', this)
-        .click(toggle)
-        .each(function () { toggle.call(this); });
-    }).addClass('permissions-processed');
-  }
-};
-
-})(jQuery);
Index: profiles/default/default.profile
===================================================================
RCS file: /cvs/drupal/drupal/profiles/default/default.profile,v
retrieving revision 1.41
diff -u -p -r1.41 default.profile
--- profiles/default/default.profile	30 Apr 2009 21:44:20 -0000	1.41
+++ profiles/default/default.profile	20 May 2009 21:02:50 -0000
@@ -90,7 +90,42 @@ function default_profile_task_list() {
  *   modify the $task, otherwise discarded.
  */
 function default_profile_tasks(&$task, $url) {
-  
+  // Create two standard roles and assign them to anonymous users and newly
+  // registered users, respectively.
+  $anonymous_rid = db_insert('role')
+    ->fields(array(
+      'name' => st('Guest'),
+    ))
+    ->execute();
+  variable_set('drupal_anonymous_rid', $anonymous_rid);
+  $registration_rid = db_insert('role')
+    ->fields(array(
+      'name' => st('Member'),
+    ))
+    ->execute();
+  variable_set('drupal_registration_rid', $registration_rid);
+
+  // Grant the roles appropriate starting permissions.
+  $permission_assignments = array(
+    $anonymous_rid => array('access content'),
+    $registration_rid => array(
+      'access comments',
+      'access content',
+      'post comments',
+      'post comments without approval',
+    ),
+  );
+  foreach ($permission_assignments as $rid => $permissions) {
+    foreach ($permissions as $permission) {
+      db_insert('role_permission')
+        ->fields(array(
+          'rid' => $rid,
+          'permission' => $permission,
+        ))
+      ->execute();
+    }
+  }
+
   // Enable 5 standard blocks.
   $values = array(
     array(
