--- webform.install 2008-02-27 22:21:40.000000000 -0500
+++ webform.install 2008-04-01 00:37:07.000000000 -0400
@@ -42,6 +42,13 @@ function webform_install() {
) TYPE=MyISAM /*!40100 DEFAULT CHARACTER SET utf8 */"
);
+ $success = $success && db_query("CREATE TABLE if not exists {webform_roles} (
+ nid int(10) unsigned NOT NULL default '0',
+ rid int(10) unsigned NOT NULL default '0',
+ PRIMARY KEY (nid, rid)
+ ) TYPE=MyISAM /*!40100 DEFAULT CHARACTER SET utf8 */"
+ );
+
$success = $success && db_query("CREATE TABLE if not exists {webform_submissions} (
sid int(10) unsigned NOT NULL default '0',
nid int(10) unsigned NOT NULL default '0',
@@ -99,6 +106,13 @@ function webform_install() {
)"
);
+ $success = $success && db_query("CREATE TABLE {webform_roles} (
+ nid integer NOT NULL default '0',
+ rid integer NOT NULL default '0',
+ PRIMARY KEY (nid, rid)
+ )"
+ );
+
$success = $success && db_query("CREATE TABLE {webform_submissions} (
sid serial UNIQUE,
nid integer NOT NULL default '0',
@@ -161,6 +175,7 @@ function webform_uninstall() {
// Drop tables.
db_query("DROP TABLE IF EXISTS {webform}");
db_query("DROP TABLE IF EXISTS {webform_component}");
+ db_query("DROP TABLE IF EXISTS {webform_roles}");
db_query("DROP TABLE IF EXISTS {webform_submissions}");
db_query("DROP TABLE IF EXISTS {webform_submitted_data}");
}
@@ -655,6 +670,41 @@ function webform_update_20() {
}
/**
+ * Per-webform submission access control based on roles.
+ */
+function webform_update_21() {
+ $ret = array();
+ switch ($GLOBALS['db_type']) {
+ case 'mysqli':
+ case 'mysql':
+ $ret[] = update_sql("CREATE TABLE {webform_roles} (
+ nid int(10) unsigned NOT NULL default '0',
+ rid int(10) unsigned NOT NULL default '0',
+ PRIMARY KEY (nid, rid)
+ ) TYPE=MyISAM /*!40100 DEFAULT CHARACTER SET utf8 */"
+ );
+ break;
+
+ case 'pgsql':
+ $ret[] = update_sql("CREATE TABLE {webform_roles} (
+ nid integer NOT NULL default '0',
+ rid integer NOT NULL default '0',
+ PRIMARY KEY (nid, rid)
+ )"
+ );
+ break;
+ }
+
+ $result = db_query("SELECT nid FROM {node} WHERE type = 'webform'");
+ while ($node = db_fetch_object($result)) {
+ db_query("INSERT INTO {webform_roles} (nid, rid) VALUES (%d, 1)", $node->nid);
+ db_query("INSERT INTO {webform_roles} (nid, rid) VALUES (%d, 2)", $node->nid);
+ }
+
+ return $ret;
+}
+
+/**
* Recursively delete all files and folders in the specified filepath, then
* delete the containing folder.
*
--- webform.module 2008-03-31 16:31:58.000000000 -0400
+++ webform.module 2008-04-02 02:35:04.000000000 -0400
@@ -324,6 +324,11 @@ function webform_insert($node) {
);
}
}
+
+ // Set the per-role submission access control.
+ foreach (array_filter($node->webform['roles']) as $rid) {
+ db_query("INSERT INTO {webform_roles} (nid, rid) VALUES (%d, %d)", $node->nid, $rid);
+ }
}
/**
@@ -333,6 +338,7 @@ function webform_update($node) {
// Update the webform by deleting existing data and replacing with the new.
db_query("DELETE FROM {webform} WHERE nid = %d", $node->nid);
db_query("DELETE FROM {webform_component} WHERE nid = %d", $node->nid);
+ db_query('DELETE FROM {webform_roles} WHERE nid = %d', $node->nid);
webform_insert($node);
}
@@ -342,6 +348,7 @@ function webform_update($node) {
function webform_delete(&$node) {
db_query("DELETE FROM {webform} WHERE nid = %d", $node->nid);
db_query("DELETE FROM {webform_component} WHERE nid = %d", $node->nid);
+ db_query('DELETE FROM {webform_roles} WHERE nid = %d', $node->nid);
watchdog('webform', 'webform "'. $node->title .'" deleted', WATCHDOG_NOTICE);
}
@@ -353,6 +360,12 @@ function webform_load($node) {
if ($webform = db_fetch_array(db_query("SELECT * FROM {webform} WHERE nid = %d", $node->nid))) {
$additions->webform = $webform;
+
+ $additions->webform['roles'] = array();
+ $result = db_query("SELECT rid FROM {webform_roles} WHERE nid = %d", $node->nid);
+ while ($role = db_fetch_object($result)) {
+ $additions->webform['roles'][] = $role->rid;
+ }
}
else {
$additions->webform = array(
@@ -367,6 +380,7 @@ function webform_load($node) {
'email_subject' => 'default',
'additional_validate' => '',
'additional_submit' => '',
+ 'roles' => array(1, 2),
);
}
@@ -483,6 +497,26 @@ function webform_form(&$node, &$param) {
$form['webform']['settings']['format'] = filter_form($node->format);
/* End Edit Form */
+ /* Start per-role submission control */
+ $form['webform']['role_control'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Webform access control'),
+ '#collapsible' => TRUE,
+ '#collapsed' => FALSE,
+ '#weight' => -3,
+ '#parents' => array('webform'),
+ '#description' => t('These permissions affect which roles can submit webforms. It does not prevent access to the webform page. If needing to prevent access to the webform page entirely, use a content access module such as Taxonomy Access or Node Privacy by Role.'),
+ );
+ $user_roles = user_roles();
+ $form['webform']['role_control']['roles'] = array(
+ '#default_value' => $node->webform['roles'],
+ '#options' => $user_roles,
+ '#type' => 'checkboxes',
+ '#title' => t('Roles that can submit this webform'),
+ '#description' => t('Uncheck all roles to prevent new submissions. The %authenticated role applies to any user signed into the site, regardless of other assigned roles.', array('%authenticated' => $user_roles[2])),
+ );
+ /* End per-role submission control */
+
/* Start E-mail Settings Form */
$form['webform']['mail_settings'] = array(
'#type' => 'fieldset',
@@ -792,8 +826,8 @@ function webform_form_alter($form_id, &$
}
/**
- * Submit handler for the webform node form.
- *
+ * Submit handler for the webform node form.
+ *
* Redirect the user to the components form on new node inserts. Note that this
* fires after the hook_submit() function above.
*/
@@ -801,7 +835,7 @@ function webform_form_submit($form_id, $
// There should be a more effective way to find the new node ID.
$nid = db_result(db_query_range("SELECT nid FROM {node} WHERE type = 'webform' ORDER BY nid DESC", 0, 1));
- // Remove the the submitted message added by node module.
+ // Remove the submitted message added by node module.
unset($_SESSION['messages']['status']);
drupal_set_message(t('The new webform %title has been created. Add new fields to your webform with the form below.', array('%title' => $form_values['title'])));
@@ -826,7 +860,7 @@ function webform_view(&$node, $teaser =
$sid_to_display = isset($_GET['sid']) ? $_GET['sid'] : NULL;
$submission = array();
- $enabled = FALSE;
+ $enabled = TRUE;
$preview = FALSE;
if ($_POST['op'] == t('Preview')) {
@@ -848,7 +882,29 @@ function webform_view(&$node, $teaser =
}
}
- $output = drupal_get_form('webform_client_form_'. $node->nid, $node, $submission, $enabled, $preview);
+ // Check if the user's role can submit this webform.
+ $capable_roles = array();
+ foreach ($node->webform['roles'] as $rid) {
+ $capable_roles[$rid] = $user->roles[$rid] ? TRUE : FALSE;
+ }
+
+ $capable_role = ($user->uid == 1) || (array_search(TRUE, $capable_roles) != FALSE);
+
+ if ($capable_role) {
+ $output = drupal_get_form('webform_client_form_'. $node->nid, $node, $submission, $enabled, $preview);
+ }
+ elseif (empty($capable_roles)) {
+ // No roles are allowed to submit the form.
+ $output = t('Submissions for this form are closed.
');
+ }
+ elseif (isset($capable_roles[2]) || !$user->uid) {
+ // The "authenticated user" role is allowed to submit or the user is currently logged-out.
+ $output = t('', array('!login' => url('user/login'), '!register' => url('user/register')));
+ }
+ else {
+ // The user must be some other role to submit.
+ $output = t('You do not have permission to view this form.
');
+ }
// Remove the surrounding