Index: userprotect.install =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/userprotect/userprotect.install,v retrieving revision 1.11 diff -u -F^f -u -F^f -r1.11 userprotect.install --- userprotect.install 26 Jul 2008 11:54:59 -0000 1.11 +++ userprotect.install 15 Oct 2009 21:02:56 -0000 @@ -17,11 +17,11 @@ function userprotect_install() { } if (empty($failed)) { // Default settings - $q1 = db_query("INSERT INTO {userprotect} VALUES (0, 0, 0, 0, 0, 0, 1, 1, 'user')"); - $q2 = db_query("INSERT INTO {userprotect} VALUES (1, 0, 0, 0, 0, 0, 1, 1, 'user')"); - $q3 = db_query("INSERT INTO {userprotect} VALUES (1, 1, 1, 1, 1, 1, 1, 1, 'admin')"); + $q1 = db_query("INSERT INTO {userprotect} (uid, up_name, up_mail, up_pass, up_status, up_roles, up_delete, up_edit, up_type, up_openid) VALUES (0, 0, 0, 0, 0, 0, 1, 1, 'user', 1)"); + $q2 = db_query("INSERT INTO {userprotect} (uid, up_name, up_mail, up_pass, up_status, up_roles, up_delete, up_edit, up_type, up_openid) VALUES (1, 0, 0, 0, 0, 0, 1, 1, 'user', 1)"); + $q3 = db_query("INSERT INTO {userprotect} (uid, up_name, up_mail, up_pass, up_status, up_roles, up_delete, up_edit, up_type, up_openid) VALUES (1, 1, 1, 1, 1, 1, 1, 1, 'admin', 1)"); $q4 = db_result(db_query('SELECT perm FROM {permission} WHERE rid = %d', DRUPAL_AUTHENTICATED_RID)); - $q5 = db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $q4 .', change own e-mail, change own password', DRUPAL_AUTHENTICATED_RID); + $q5 = db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $q4 .', change own e-mail, change own password, change own openid', DRUPAL_AUTHENTICATED_RID); if ($q1 && $q2 && $q3 && $q4 && $q5) { drupal_set_message(t('User Protect module installed successfully.')); } @@ -100,6 +100,13 @@ function userprotect_schema() { 'default' => '', 'description' => t('Protection type.'), ), + 'up_openid' => array( + 'type' => 'int', + 'size' => 'small', + 'not null' => TRUE, + 'default' => 0, + 'description' => t("OpenID protection."), + ), ), 'unique keys' => array('uid_up_type' => array('uid', 'up_type')), ); @@ -108,6 +115,31 @@ function userprotect_schema() { } /** + * Add protections for OpenID. + */ +function userprotect_update_6001() { + $ret = array(); + $spec = array( + 'type' => 'int', + 'size' => 'small', + 'not null' => TRUE, + 'default' => 0, + 'description' => t("OpenID protection."), + ); + db_add_field($ret, 'userprotect', 'up_openid', $spec); + // Protect OpenID editing for the anonymous user and uid 1 by default, and + // allow uid 1 to bypass the protections. + $ret[] = update_sql("UPDATE {userprotect} SET up_openid = 1 WHERE up_type = 'user' AND uid IN (0, 1)"); + $ret[] = update_sql("UPDATE {userprotect} SET up_openid = 1 WHERE up_type = 'admin' AND uid = 1"); + // Allow users to edit their own OpenID identities by default. + $perms = db_result(db_query('SELECT perm FROM {permission} WHERE rid = %d', DRUPAL_AUTHENTICATED_RID)); + db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $perms .', change own openid', DRUPAL_AUTHENTICATED_RID); + $ret[] = array('success' => TRUE, 'query' => "Authenticated users have been granted the 'change own openid' permission by default."); + + return $ret; +} + +/** * Implementation of hook_uninstall(). */ function userprotect_uninstall() { Index: userprotect.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/userprotect/userprotect.module,v retrieving revision 1.38 diff -u -F^f -u -F^f -r1.38 userprotect.module --- userprotect.module 12 Jul 2009 15:31:34 -0000 1.38 +++ userprotect.module 15 Oct 2009 21:02:57 -0000 @@ -237,11 +237,7 @@ function userprotect_form_alter(&$form, $form['delete']['#disabled'] = TRUE; $protected['up_delete'] = TRUE; } - // If we're initially displaying the user's edit form, throw a message if - // there are any protected fields, so the editor has a clue. - if (!empty($protected) && !$_POST) { - drupal_set_message(userprotect_display_protections($account, $protected)); - } + userprotect_form_display_protections($account, $protected); break; // These are complex cases, and are best handled by manipulating the form values @@ -251,7 +247,29 @@ function userprotect_form_alter(&$form, $validate = isset($form['#validate']) ? $form['#validate'] : NULL; $form['#validate'] = userprotect_add_validation($validate, array('userprotect_user_admin_account_validate')); break; - + case 'openid_user_add': + case 'openid_user_delete_form': + $account = user_load(array('uid' => arg(1))); + $protected = array(); + if (!userprotect_check_bypass('up_openid') && userprotect_get_user_protection($account, 'up_openid')) { + switch ($form_id) { + case 'openid_user_add': + if (isset($form['openid_identifier'])) { + $form['openid_identifier']['#disabled'] = TRUE; + $form['submit']['#disabled'] = TRUE; + } + break; + case 'openid_user_delete_form': + if (isset($form['actions']['submit'])) { + $form['actions']['submit']['#disabled'] = TRUE; + $form['confirm']['#value'] = 0; + } + break; + } + $protected['up_openid'] = TRUE; + } + userprotect_form_display_protections($account, $protected); + break; } } @@ -436,7 +454,12 @@ function userprotect_user_delete_access( * Implementation of hook_perm(). */ function userprotect_perm() { - return array('change own e-mail', 'change own password', 'administer userprotect'); + return array( + 'change own e-mail', + 'change own password', + 'change own openid', + 'administer userprotect', + ); } /** @@ -905,6 +928,7 @@ function userprotect_user_protection_def 'up_pass' => 0, 'up_status' => 1, 'up_roles' => 0, + 'up_openid' => 0, 'up_delete' => 1, 'up_edit' => 0, ); @@ -937,12 +961,28 @@ function userprotect_get_protection_disp 'up_pass' => t('password'), 'up_status' => t('status'), 'up_roles' => t('roles'), + 'up_openid' => t('openid'), 'up_delete' => t('deletion'), 'up_edit' => t('all account edits'), ); } /** + * Conditionally displays a user message on edit forms listing current + * protections. + * + * @param $account The user account object. + * @param $protected An array of protections the current user is receiving. + */ +function userprotect_form_display_protections($account, $protected) { + // If we're initially displaying an edit form, throw a message if + // there are any protected fields, so the editor has a clue. + if (!empty($protected) && !$_POST) { + drupal_set_message(userprotect_display_protections($account, $protected)); + } +} + +/** * Builds a displayable text string of the protections currently in effect for * the specified user. * @@ -977,6 +1017,7 @@ function userprotect_display_protections * Adds a user to the protections table. * * @param $uid The UID of the user to be added. + * @param $type The type of protection to add, either 'user', or 'admin'. */ function userprotect_add_user($uid, $type) { // Grab the default protections to enable for this user. @@ -1083,7 +1124,7 @@ function userprotect_get_user_protection // and password determined by the role-based setting in the userprotect // section at admin/user/access. This is done for consistency with the // way core handles the self-editing of usernames. - if ($uid == $user->uid && in_array($protection, array('up_name', 'up_mail', 'up_pass', 'up_edit'))) { + if ($uid == $user->uid && in_array($protection, array('up_name', 'up_mail', 'up_pass', 'up_openid', 'up_edit'))) { switch ($protection) { case 'up_name': return !user_access('change own username'); @@ -1091,6 +1132,8 @@ function userprotect_get_user_protection return !user_access('change own e-mail'); case 'up_pass': return !user_access('change own password'); + case 'up_openid': + return !user_access('change own openid'); // Always let user access their own edit page. case 'up_edit': return FALSE; @@ -1125,4 +1168,4 @@ function userprotect_get_user_protection // No protection enabled. return FALSE; -} \ No newline at end of file +}