Index: modules/aggregator/aggregator.module =================================================================== RCS file: /cvs/drupal/drupal/modules/aggregator/aggregator.module,v retrieving revision 1.374 diff -u -p -r1.374 aggregator.module --- modules/aggregator/aggregator.module 15 Jan 2008 08:06:32 -0000 1.374 +++ modules/aggregator/aggregator.module 9 Apr 2008 23:21:26 -0000 @@ -201,6 +201,7 @@ function aggregator_menu() { $items['aggregator/sources/%aggregator_feed'] = array( 'page callback' => 'aggregator_page_source', 'page arguments' => array(2), + 'access arguments' => array('access news feeds'), 'type' => MENU_CALLBACK, 'file' => 'aggregator.pages.inc', ); Index: modules/block/block.module =================================================================== RCS file: /cvs/drupal/drupal/modules/block/block.module,v retrieving revision 1.299 diff -u -p -r1.299 block.module --- modules/block/block.module 3 Feb 2008 19:12:57 -0000 1.299 +++ modules/block/block.module 9 Apr 2008 23:21:26 -0000 @@ -132,6 +132,7 @@ function block_menu() { $items['admin/build/block/list/js'] = array( 'title' => 'JavaScript List Form', 'page callback' => 'block_admin_display_js', + 'access arguments' => array('administer blocks'), 'type' => MENU_CALLBACK, 'file' => 'block.admin.inc', ); @@ -139,6 +140,7 @@ function block_menu() { 'title' => 'Configure block', 'page callback' => 'drupal_get_form', 'page arguments' => array('block_admin_configure'), + 'access arguments' => array('administer blocks'), 'type' => MENU_CALLBACK, 'file' => 'block.admin.inc', ); @@ -146,6 +148,7 @@ function block_menu() { 'title' => 'Delete block', 'page callback' => 'drupal_get_form', 'page arguments' => array('block_box_delete'), + 'access arguments' => array('administer blocks'), 'type' => MENU_CALLBACK, 'file' => 'block.admin.inc', ); @@ -153,6 +156,7 @@ function block_menu() { 'title' => 'Add block', 'page callback' => 'drupal_get_form', 'page arguments' => array('block_add_block_form'), + 'access arguments' => array('administer blocks'), 'type' => MENU_LOCAL_TASK, 'file' => 'block.admin.inc', ); Index: modules/blog/blog.module =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.module,v retrieving revision 1.297 diff -u -p -r1.297 blog.module --- modules/blog/blog.module 9 Jan 2008 09:51:34 -0000 1.297 +++ modules/blog/blog.module 9 Apr 2008 23:21:26 -0000 @@ -140,19 +140,20 @@ function blog_menu() { 'type' => MENU_SUGGESTED_ITEM, 'file' => 'blog.pages.inc', ); - $items['blog/%user_current'] = array( + $items['blog/%user_uid_optional'] = array( 'title' => 'My blog', 'page callback' => 'blog_page_user', 'page arguments' => array(1), - 'access callback' => 'user_access', - 'access arguments' => array('create blog entries', 1), + 'access callback' => 'blog_page_user_access', + 'access arguments' => array(1), 'file' => 'blog.pages.inc', ); $items['blog/%user/feed'] = array( 'title' => 'Blogs', 'page callback' => 'blog_feed_user', 'page arguments' => array(1), - 'access arguments' => array('access content'), + 'access callback' => 'blog_page_user_access', + 'access arguments' => array(1), 'type' => MENU_CALLBACK, 'file' => 'blog.pages.inc', ); @@ -168,6 +169,23 @@ function blog_menu() { } /** + * Access callback for user blog pages. + */ +function blog_page_user_access($account) { + // The visitor must be able to access the site's content. + // For a blog to 'exist' the user must either be able to + // create new blog entries, or it must have existing posts. + return $account->uid && user_access('access content') && (user_access('create blog entries', $account) || _blog_post_exists($account)); +} + +/** + * Helper function to determine if a user has blog posts already. + */ +function _blog_post_exists($account) { + return (bool)db_result(db_query_range(db_rewrite_sql("SELECT 1 FROM {node} n WHERE n.type = 'blog' AND n.uid = %d AND n.status = 1"), $account->uid, 0, 1)); +} + +/** * Implementation of hook_block(). * * Displays the most recent 10 blog titles. Index: modules/comment/comment.module =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v retrieving revision 1.617 diff -u -p -r1.617 comment.module --- modules/comment/comment.module 25 Jan 2008 16:19:12 -0000 1.617 +++ modules/comment/comment.module 9 Apr 2008 23:21:26 -0000 @@ -211,6 +211,7 @@ function comment_menu() { $items['admin/content/comment/approval'] = array( 'title' => 'Approval queue', 'page arguments' => array('approval'), + 'access arguments' => array('administer comments'), 'type' => MENU_LOCAL_TASK, 'file' => 'comment.admin.inc', ); Index: modules/contact/contact.module =================================================================== RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v retrieving revision 1.103 diff -u -p -r1.103 contact.module --- modules/contact/contact.module 16 Jan 2008 12:46:52 -0000 1.103 +++ modules/contact/contact.module 9 Apr 2008 23:21:26 -0000 @@ -59,6 +59,7 @@ function contact_menu() { 'title' => 'Add category', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_edit', 3), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_LOCAL_TASK, 'weight' => 1, 'file' => 'contact.admin.inc', @@ -67,6 +68,7 @@ function contact_menu() { 'title' => 'Edit contact category', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_edit', 3, 4), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_CALLBACK, 'file' => 'contact.admin.inc', ); @@ -74,6 +76,7 @@ function contact_menu() { 'title' => 'Delete contact', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_delete', 4), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_CALLBACK, 'file' => 'contact.admin.inc', ); @@ -81,6 +84,7 @@ function contact_menu() { 'title' => 'Settings', 'page callback' => 'drupal_get_form', 'page arguments' => array('contact_admin_settings'), + 'access arguments' => array('administer site-wide contact form'), 'type' => MENU_LOCAL_TASK, 'weight' => 2, 'file' => 'contact.admin.inc', Index: modules/dblog/dblog.module =================================================================== RCS file: /cvs/drupal/drupal/modules/dblog/dblog.module,v retrieving revision 1.21 diff -u -p -r1.21 dblog.module --- modules/dblog/dblog.module 8 Jan 2008 10:35:41 -0000 1.21 +++ modules/dblog/dblog.module 9 Apr 2008 23:21:26 -0000 @@ -47,6 +47,7 @@ function dblog_menu() { 'description' => 'Settings for logging to the Drupal database logs. This is the most common method for small to medium sites on shared hosting. The logs are viewable from the admin pages.', 'page callback' => 'drupal_get_form', 'page arguments' => array('dblog_admin_settings'), + 'access arguments' => array('administer site configuration'), 'file' => 'dblog.admin.inc', ); @@ -54,6 +55,7 @@ function dblog_menu() { 'title' => 'Recent log entries', 'description' => 'View events that have recently been logged.', 'page callback' => 'dblog_overview', + 'access arguments' => array('access site reports'), 'weight' => -1, 'file' => 'dblog.admin.inc', ); @@ -62,6 +64,7 @@ function dblog_menu() { 'description' => "View 'page not found' errors (404s).", 'page callback' => 'dblog_top', 'page arguments' => array('page not found'), + 'access arguments' => array('access site reports'), 'file' => 'dblog.admin.inc', ); $items['admin/reports/access-denied'] = array( @@ -69,12 +72,14 @@ function dblog_menu() { 'description' => "View 'access denied' errors (403s).", 'page callback' => 'dblog_top', 'page arguments' => array('access denied'), + 'access arguments' => array('access site reports'), 'file' => 'dblog.admin.inc', ); $items['admin/reports/event/%'] = array( 'title' => 'Details', 'page callback' => 'dblog_event', 'page arguments' => array(3), + 'access arguments' => array('access site reports'), 'type' => MENU_CALLBACK, 'file' => 'dblog.admin.inc', ); Index: modules/filter/filter.module =================================================================== RCS file: /cvs/drupal/drupal/modules/filter/filter.module,v retrieving revision 1.204 diff -u -p -r1.204 filter.module --- modules/filter/filter.module 21 Jan 2008 15:08:24 -0000 1.204 +++ modules/filter/filter.module 9 Apr 2008 23:21:26 -0000 @@ -82,6 +82,7 @@ function filter_menu() { $items['admin/settings/filters/add'] = array( 'title' => 'Add input format', 'page callback' => 'filter_admin_format_page', + 'access arguments' => array('administer filters'), 'type' => MENU_LOCAL_TASK, 'weight' => 1, 'file' => 'filter.admin.inc', @@ -90,6 +91,7 @@ function filter_menu() { 'title' => 'Delete input format', 'page callback' => 'drupal_get_form', 'page arguments' => array('filter_admin_delete'), + 'access arguments' => array('administer filters'), 'type' => MENU_CALLBACK, 'file' => 'filter.admin.inc', ); @@ -120,6 +122,7 @@ function filter_menu() { 'title' => 'Configure', 'page callback' => 'filter_admin_configure_page', 'page arguments' => array(3), + 'access arguments' => array('administer filters'), 'type' => MENU_LOCAL_TASK, 'weight' => 1, 'file' => 'filter.admin.inc', @@ -128,6 +131,7 @@ function filter_menu() { 'title' => 'Rearrange', 'page callback' => 'filter_admin_order_page', 'page arguments' => array(3), + 'access arguments' => array('administer filters'), 'type' => MENU_LOCAL_TASK, 'weight' => 2, 'file' => 'filter.admin.inc', Index: modules/forum/forum.module =================================================================== RCS file: /cvs/drupal/drupal/modules/forum/forum.module,v retrieving revision 1.448.2.2 diff -u -p -r1.448.2.2 forum.module --- modules/forum/forum.module 13 Feb 2008 14:06:36 -0000 1.448.2.2 +++ modules/forum/forum.module 9 Apr 2008 23:21:26 -0000 @@ -106,6 +106,7 @@ function forum_menu() { 'title' => 'Add container', 'page callback' => 'forum_form_main', 'page arguments' => array('container'), + 'access arguments' => array('administer forums'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/forum', 'file' => 'forum.admin.inc', @@ -114,6 +115,7 @@ function forum_menu() { 'title' => 'Add forum', 'page callback' => 'forum_form_main', 'page arguments' => array('forum'), + 'access arguments' => array('administer forums'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/forum', 'file' => 'forum.admin.inc', @@ -122,6 +124,7 @@ function forum_menu() { 'title' => 'Settings', 'page callback' => 'drupal_get_form', 'page arguments' => array('forum_admin_settings'), + 'access arguments' => array('administer forums'), 'weight' => 5, 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/forum', @@ -129,6 +132,7 @@ function forum_menu() { ); $items['admin/content/forum/edit/%forum_term'] = array( 'page callback' => 'forum_form_main', + 'access arguments' => array('administer forums'), 'type' => MENU_CALLBACK, 'file' => 'forum.admin.inc', ); @@ -136,6 +140,7 @@ function forum_menu() { 'title' => 'Edit container', 'page callback' => 'forum_form_main', 'page arguments' => array('container', 5), + 'access arguments' => array('administer forums'), 'type' => MENU_CALLBACK, 'file' => 'forum.admin.inc', ); @@ -143,6 +148,7 @@ function forum_menu() { 'title' => 'Edit forum', 'page callback' => 'forum_form_main', 'page arguments' => array('forum', 5), + 'access arguments' => array('administer forums'), 'type' => MENU_CALLBACK, 'file' => 'forum.admin.inc', ); Index: modules/help/help.module =================================================================== RCS file: /cvs/drupal/drupal/modules/help/help.module,v retrieving revision 1.78 diff -u -p -r1.78 help.module --- modules/help/help.module 14 Dec 2007 18:08:46 -0000 1.78 +++ modules/help/help.module 9 Apr 2008 23:21:26 -0000 @@ -23,6 +23,7 @@ function help_menu() { 'title' => $module, 'page callback' => 'help_page', 'page arguments' => array(2), + 'access arguments' => array('access administration pages'), 'type' => MENU_CALLBACK, 'file' => 'help.admin.inc', ); Index: modules/locale/locale.module =================================================================== RCS file: /cvs/drupal/drupal/modules/locale/locale.module,v retrieving revision 1.212 diff -u -p -r1.212 locale.module --- modules/locale/locale.module 28 Jan 2008 17:16:34 -0000 1.212 +++ modules/locale/locale.module 9 Apr 2008 23:21:26 -0000 @@ -99,6 +99,7 @@ function locale_menu() { 'title' => 'Add language', 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_languages_add_screen'), // two forms concatenated + 'access arguments' => array('administer languages'), 'weight' => 5, 'type' => MENU_LOCAL_TASK, ); @@ -106,6 +107,7 @@ function locale_menu() { 'title' => 'Configure', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_languages_configure_form'), + 'access arguments' => array('administer languages'), 'weight' => 10, 'type' => MENU_LOCAL_TASK, ); @@ -113,12 +115,14 @@ function locale_menu() { 'title' => 'Edit language', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_languages_edit_form', 4), + 'access arguments' => array('administer languages'), 'type' => MENU_CALLBACK, ); $items['admin/settings/language/delete/%'] = array( 'title' => 'Confirm', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_languages_delete_form', 4), + 'access arguments' => array('administer languages'), 'type' => MENU_CALLBACK, ); @@ -141,11 +145,13 @@ function locale_menu() { 'type' => MENU_LOCAL_TASK, 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_translate_seek_screen'), // search results and form concatenated + 'access arguments' => array('translate interface'), ); $items['admin/build/translate/import'] = array( 'title' => 'Import', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_translate_import_form'), + 'access arguments' => array('translate interface'), 'weight' => 20, 'type' => MENU_LOCAL_TASK, ); @@ -153,6 +159,7 @@ function locale_menu() { 'title' => 'Export', 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_translate_export_screen'), // possibly multiple forms concatenated + 'access arguments' => array('translate interface'), 'weight' => 30, 'type' => MENU_LOCAL_TASK, ); @@ -160,12 +167,14 @@ function locale_menu() { 'title' => 'Edit string', 'page callback' => 'locale_inc_callback', 'page arguments' => array('drupal_get_form', 'locale_translate_edit_form', 4), + 'access arguments' => array('translate interface'), 'type' => MENU_CALLBACK, ); $items['admin/build/translate/delete/%'] = array( 'title' => 'Delete string', 'page callback' => 'locale_inc_callback', 'page arguments' => array('locale_translate_delete', 4), // directly deletes, no confirmation + 'access arguments' => array('translate interface'), 'type' => MENU_CALLBACK, ); Index: modules/menu/menu.module =================================================================== RCS file: /cvs/drupal/drupal/modules/menu/menu.module,v retrieving revision 1.157.2.1 diff -u -p -r1.157.2.1 menu.module --- modules/menu/menu.module 11 Feb 2008 15:12:53 -0000 1.157.2.1 +++ modules/menu/menu.module 9 Apr 2008 23:21:27 -0000 @@ -63,6 +63,7 @@ function menu_menu() { 'title' => 'Add menu', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_menu', 'add'), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'file' => 'menu.admin.inc', ); @@ -70,6 +71,7 @@ function menu_menu() { 'title' => 'Settings', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_configure'), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'weight' => 5, 'file' => 'menu.admin.inc', @@ -94,6 +96,7 @@ function menu_menu() { 'title' => 'Add item', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_item', 'add', NULL, 3), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'file' => 'menu.admin.inc', ); @@ -101,6 +104,7 @@ function menu_menu() { 'title' => 'Edit menu', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_menu', 'edit', 3), + 'access arguments' => array('administer menu'), 'type' => MENU_LOCAL_TASK, 'file' => 'menu.admin.inc', ); @@ -108,6 +112,7 @@ function menu_menu() { 'title' => 'Delete menu', 'page callback' => 'menu_delete_menu_page', 'page arguments' => array(3), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); @@ -115,6 +120,7 @@ function menu_menu() { 'title' => 'Edit menu item', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_edit_item', 'edit', 4, NULL), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); @@ -122,6 +128,7 @@ function menu_menu() { 'title' => 'Reset menu item', 'page callback' => 'drupal_get_form', 'page arguments' => array('menu_reset_item_confirm', 4), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); @@ -129,6 +136,7 @@ function menu_menu() { 'title' => 'Delete menu item', 'page callback' => 'menu_item_delete_page', 'page arguments' => array(4), + 'access arguments' => array('administer menu'), 'type' => MENU_CALLBACK, 'file' => 'menu.admin.inc', ); Index: modules/node/node.module =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.module,v retrieving revision 1.947.2.3 diff -u -p -r1.947.2.3 node.module --- modules/node/node.module 27 Feb 2008 17:12:58 -0000 1.947.2.3 +++ modules/node/node.module 9 Apr 2008 23:21:27 -0000 @@ -1447,6 +1447,7 @@ function node_menu() { 'title' => 'Add content type', 'page callback' => 'drupal_get_form', 'page arguments' => array('node_type_form'), + 'access arguments' => array('administer content types'), 'file' => 'content_types.inc', 'type' => MENU_LOCAL_TASK, ); @@ -1485,6 +1486,7 @@ function node_menu() { 'title' => $type->name, 'page callback' => 'drupal_get_form', 'page arguments' => array('node_type_form', $type), + 'access arguments' => array('administer content types'), 'file' => 'content_types.inc', 'type' => MENU_CALLBACK, ); @@ -1495,6 +1497,7 @@ function node_menu() { $items['admin/content/node-type/'. $type_url_str .'/delete'] = array( 'title' => 'Delete', 'page arguments' => array('node_type_delete_confirm', $type), + 'access arguments' => array('administer content types'), 'file' => 'content_types.inc', 'type' => MENU_CALLBACK, ); @@ -1545,6 +1548,8 @@ function node_menu() { 'load arguments' => array(3), 'page callback' => 'node_show', 'page arguments' => array(1, NULL, TRUE), + 'access callback' => '_node_revision_access', + 'access arguments' => array(1), 'type' => MENU_CALLBACK, ); $items['node/%node/revisions/%/revert'] = array( Index: modules/openid/openid.module =================================================================== RCS file: /cvs/drupal/drupal/modules/openid/openid.module,v retrieving revision 1.19 diff -u -p -r1.19 openid.module --- modules/openid/openid.module 30 Jan 2008 22:11:22 -0000 1.19 +++ modules/openid/openid.module 9 Apr 2008 23:21:27 -0000 @@ -30,6 +30,8 @@ function openid_menu() { 'title' => 'Delete OpenID', 'page callback' => 'openid_user_delete', 'page arguments' => array(1), + 'access callback' => 'user_edit_access', + 'access arguments' => array(1), 'type' => MENU_CALLBACK, 'file' => 'openid.pages.inc', ); Index: modules/path/path.module =================================================================== RCS file: /cvs/drupal/drupal/modules/path/path.module,v retrieving revision 1.138 diff -u -p -r1.138 path.module --- modules/path/path.module 3 Feb 2008 19:20:35 -0000 1.138 +++ modules/path/path.module 9 Apr 2008 23:21:27 -0000 @@ -46,6 +46,7 @@ function path_menu() { $items['admin/build/path/edit'] = array( 'title' => 'Edit alias', 'page callback' => 'path_admin_edit', + 'access arguments' => array('administer url aliases'), 'type' => MENU_CALLBACK, 'file' => 'path.admin.inc', ); @@ -53,6 +54,7 @@ function path_menu() { 'title' => 'Delete alias', 'page callback' => 'drupal_get_form', 'page arguments' => array('path_admin_delete_confirm'), + 'access arguments' => array('administer url aliases'), 'type' => MENU_CALLBACK, 'file' => 'path.admin.inc', ); Index: modules/profile/profile.module =================================================================== RCS file: /cvs/drupal/drupal/modules/profile/profile.module,v retrieving revision 1.236 diff -u -p -r1.236 profile.module --- modules/profile/profile.module 3 Feb 2008 19:36:46 -0000 1.236 +++ modules/profile/profile.module 9 Apr 2008 23:21:27 -0000 @@ -95,12 +95,14 @@ function profile_menu() { 'title' => 'Add field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_form'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); $items['admin/user/profile/autocomplete'] = array( 'title' => 'Profile category autocomplete', 'page callback' => 'profile_admin_settings_autocomplete', + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -108,6 +110,7 @@ function profile_menu() { 'title' => 'Edit field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_form'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -115,6 +118,7 @@ function profile_menu() { 'title' => 'Delete field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_delete'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -453,7 +457,7 @@ function profile_categories() { 'title' => $category->category, 'weight' => 3, 'access callback' => 'profile_category_access', - 'access arguments' => array($category->category) + 'access arguments' => array(1, $category->category) ); } return $data; @@ -462,12 +466,12 @@ function profile_categories() { /** * Menu item access callback - check if a user has access to a profile category. */ -function profile_category_access($category) { - if (user_access('administer users')) { +function profile_category_access($account, $category) { + if (user_access('administer users') && $account->uid > 0) { return TRUE; } else { - return db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN)); + return user_edit_access($account) && db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN)); } } Index: modules/search/search.module =================================================================== RCS file: /cvs/drupal/drupal/modules/search/search.module,v retrieving revision 1.250.2.1 diff -u -p -r1.250.2.1 search.module --- modules/search/search.module 7 Feb 2008 16:42:03 -0000 1.250.2.1 +++ modules/search/search.module 9 Apr 2008 23:21:27 -0000 @@ -194,6 +194,7 @@ function search_menu() { 'description' => 'View most popular search phrases.', 'page callback' => 'dblog_top', 'page arguments' => array('search'), + 'access arguments' => array('access site reports'), 'file' => 'dblog.admin.inc', 'file path' => drupal_get_path('module', 'dblog'), ); Index: modules/syslog/syslog.module =================================================================== RCS file: /cvs/drupal/drupal/modules/syslog/syslog.module,v retrieving revision 1.14 diff -u -p -r1.14 syslog.module --- modules/syslog/syslog.module 14 Dec 2007 18:08:48 -0000 1.14 +++ modules/syslog/syslog.module 9 Apr 2008 23:21:27 -0000 @@ -32,6 +32,7 @@ function syslog_menu() { 'description' => 'Settings for syslog logging. Syslog is an operating system administrative logging tool used in systems management and security auditing. Most suited to medium and large sites, syslog provides filtering tools that allow messages to be routed by type and severity.', 'page callback' => 'drupal_get_form', 'page arguments' => array('syslog_admin_settings'), + 'access arguments' => array('administer site configuration'), ); return $items; } Index: modules/system/system.module =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.module,v retrieving revision 1.585.2.8 diff -u -p -r1.585.2.8 system.module --- modules/system/system.module 27 Feb 2008 19:44:44 -0000 1.585.2.8 +++ modules/system/system.module 9 Apr 2008 23:21:27 -0000 @@ -212,18 +212,21 @@ function system_menu() { $items['admin/compact'] = array( 'title' => 'Compact mode', 'page callback' => 'system_admin_compact_page', + 'access arguments' => array('access administration pages'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); $items['admin/by-task'] = array( 'title' => 'By task', 'page callback' => 'system_main_admin_page', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', 'type' => MENU_DEFAULT_LOCAL_TASK, ); $items['admin/by-module'] = array( 'title' => 'By module', 'page callback' => 'system_admin_by_module', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', 'type' => MENU_LOCAL_TASK, 'weight' => 2, @@ -234,6 +237,7 @@ function system_menu() { 'position' => 'left', 'weight' => -10, 'page callback' => 'system_admin_menu_block_page', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', ); @@ -244,6 +248,7 @@ function system_menu() { 'position' => 'right', 'weight' => -5, 'page callback' => 'system_settings_overview', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', ); $items['admin/build'] = array( @@ -252,6 +257,7 @@ function system_menu() { 'position' => 'right', 'weight' => -10, 'page callback' => 'system_admin_menu_block_page', + 'access arguments' => array('access administration pages'), 'file' => 'system.admin.inc', ); $items['admin/settings/admin'] = array( @@ -282,6 +288,7 @@ function system_menu() { $items['admin/build/themes/settings'] = array( 'title' => 'Configure', 'page arguments' => array('system_theme_settings'), + 'access arguments' => array('administer site configuration'), 'type' => MENU_LOCAL_TASK, ); // Theme configuration subtabs @@ -316,15 +323,18 @@ function system_menu() { ); $items['admin/build/modules/list/confirm'] = array( 'title' => 'List', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, ); $items['admin/build/modules/uninstall'] = array( 'title' => 'Uninstall', 'page arguments' => array('system_modules_uninstall'), + 'access arguments' => array('administer site configuration'), 'type' => MENU_LOCAL_TASK, ); $items['admin/build/modules/uninstall/confirm'] = array( 'title' => 'Uninstall', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, ); @@ -346,6 +356,7 @@ function system_menu() { 'title' => 'Configure an advanced action', 'page callback' => 'drupal_get_form', 'page arguments' => array('system_actions_configure'), + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, ); $items['admin/settings/actions/delete/%actions'] = array( @@ -353,11 +364,13 @@ function system_menu() { 'description' => 'Delete an action.', 'page callback' => 'drupal_get_form', 'page arguments' => array('system_actions_delete_form', 4), + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, ); $items['admin/settings/actions/orphan'] = array( 'title' => 'Remove orphans', 'page callback' => 'system_actions_remove_orphans', + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, ); @@ -429,6 +442,7 @@ function system_menu() { 'title' => 'Date and time lookup', 'type' => MENU_CALLBACK, 'page callback' => 'system_date_time_lookup', + 'access arguments' => array('administer site configuration'), 'file' => 'system.admin.inc', ); $items['admin/settings/site-maintenance'] = array( @@ -485,18 +499,21 @@ function system_menu() { $items['admin/reports/status/run-cron'] = array( 'title' => 'Run cron', 'page callback' => 'system_run_cron', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); $items['admin/reports/status/php'] = array( 'title' => 'PHP', 'page callback' => 'system_php', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); $items['admin/reports/status/sql'] = array( 'title' => 'SQL', 'page callback' => 'system_sql', + 'access arguments' => array('administer site configuration'), 'type' => MENU_CALLBACK, 'file' => 'system.admin.inc', ); Index: modules/taxonomy/taxonomy.module =================================================================== RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.module,v retrieving revision 1.414 diff -u -p -r1.414 taxonomy.module --- modules/taxonomy/taxonomy.module 27 Jan 2008 17:55:15 -0000 1.414 +++ modules/taxonomy/taxonomy.module 9 Apr 2008 23:21:27 -0000 @@ -128,6 +128,7 @@ function taxonomy_menu() { 'title' => 'Add vocabulary', 'page callback' => 'drupal_get_form', 'page arguments' => array('taxonomy_form_vocabulary'), + 'access arguments' => array('administer taxonomy'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/taxonomy', 'file' => 'taxonomy.admin.inc', @@ -137,6 +138,7 @@ function taxonomy_menu() { 'title' => 'Edit vocabulary', 'page callback' => 'taxonomy_admin_vocabulary_edit', 'page arguments' => array(5), + 'access arguments' => array('administer taxonomy'), 'type' => MENU_CALLBACK, 'file' => 'taxonomy.admin.inc', ); @@ -144,6 +146,7 @@ function taxonomy_menu() { $items['admin/content/taxonomy/edit/term'] = array( 'title' => 'Edit term', 'page callback' => 'taxonomy_admin_term_edit', + 'access arguments' => array('administer taxonomy'), 'type' => MENU_CALLBACK, 'file' => 'taxonomy.admin.inc', ); @@ -183,6 +186,7 @@ function taxonomy_menu() { 'title' => 'Add term', 'page callback' => 'taxonomy_add_term_page', 'page arguments' => array(3), + 'access arguments' => array('administer taxonomy'), 'type' => MENU_LOCAL_TASK, 'parent' => 'admin/content/taxonomy/%taxonomy_vocabulary', 'file' => 'taxonomy.admin.inc', Index: modules/tracker/tracker.module =================================================================== RCS file: /cvs/drupal/drupal/modules/tracker/tracker.module,v retrieving revision 1.154 diff -u -p -r1.154 tracker.module --- modules/tracker/tracker.module 14 Dec 2007 18:08:49 -0000 1.154 +++ modules/tracker/tracker.module 9 Apr 2008 23:21:27 -0000 @@ -33,11 +33,11 @@ function tracker_menu() { $items['tracker/all'] = array( 'title' => 'All recent posts', 'type' => MENU_DEFAULT_LOCAL_TASK, - 'access callback' => 'user_is_logged_in', ); - $items['tracker/%user_current'] = array( + $items['tracker/%user_uid_optional'] = array( 'title' => 'My recent posts', - 'access callback' => 'user_is_logged_in', + 'access callback' => '_tracker_myrecent_access', + 'access arguments' => array(1), 'page arguments' => array(1), 'type' => MENU_LOCAL_TASK, ); @@ -46,6 +46,8 @@ function tracker_menu() { 'title' => 'Track', 'page callback' => 'tracker_page', 'page arguments' => array(1, TRUE), + 'access callback' => '_tracker_user_access', + 'access arguments' => array(1), 'type' => MENU_LOCAL_TASK, 'file' => 'tracker.pages.inc', ); @@ -55,3 +57,19 @@ function tracker_menu() { ); return $items; } + +/** + * Access callback for tracker/%user_uid_optional + */ +function _tracker_myrecent_access($account) { + // This path is only allowed for authenticated users looking at their own posts. + return $account->uid && ($GLOBALS['user']->uid == $account->uid) && user_access('access content'); +} + +/** + * Access callback for user/%user/track + */ +function _tracker_user_access($account) { + return user_view_access($account) && user_access('access content'); +} + Index: modules/trigger/trigger.module =================================================================== RCS file: /cvs/drupal/drupal/modules/trigger/trigger.module,v retrieving revision 1.13 diff -u -p -r1.13 trigger.module --- modules/trigger/trigger.module 21 Jan 2008 20:08:15 -0000 1.13 +++ modules/trigger/trigger.module 9 Apr 2008 23:21:27 -0000 @@ -49,6 +49,7 @@ function trigger_menu() { 'title' => 'Content', 'page callback' => 'trigger_assign', 'page arguments' => array('node'), + 'access callback' => 'trigger_access_check', 'access arguments' => array('node'), 'type' => MENU_LOCAL_TASK, 'file' => 'trigger.admin.inc', @@ -57,6 +58,7 @@ function trigger_menu() { 'title' => 'Users', 'page callback' => 'trigger_assign', 'page arguments' => array('user'), + 'access callback' => 'trigger_access_check', 'access arguments' => array('user'), 'type' => MENU_LOCAL_TASK, 'file' => 'trigger.admin.inc', @@ -83,6 +85,7 @@ function trigger_menu() { 'title' => 'Cron', 'page callback' => 'trigger_assign', 'page arguments' => array('cron'), + 'access arguments' => array('administer actions'), 'type' => MENU_LOCAL_TASK, 'file' => 'trigger.admin.inc', ); @@ -112,6 +115,7 @@ function trigger_menu() { 'description' => 'Unassign an action from a trigger.', 'page callback' => 'drupal_get_form', 'page arguments' => array('trigger_unassign'), + 'access arguments' => array('administer actions'), 'type' => MENU_CALLBACK, 'file' => 'trigger.admin.inc', ); Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.892 diff -u -p -r1.892 user.module --- modules/user/user.module 3 Feb 2008 19:23:01 -0000 1.892 +++ modules/user/user.module 9 Apr 2008 23:21:28 -0000 @@ -867,6 +867,9 @@ function user_view_access($account) { ); } +/** + * Access callback for user account editing. + */ function user_edit_access($account) { return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0; } @@ -956,6 +959,7 @@ function user_menu() { $items['admin/user/user/create'] = array( 'title' => 'Add user', 'page arguments' => array('create'), + 'access arguments' => array('administer users'), 'type' => MENU_LOCAL_TASK, 'file' => 'user.admin.inc', ); @@ -988,6 +992,7 @@ function user_menu() { $items['admin/user/roles/edit'] = array( 'title' => 'Edit role', 'page arguments' => array('user_admin_role'), + 'access arguments' => array('administer permissions'), 'type' => MENU_CALLBACK, 'file' => 'user.admin.inc', ); @@ -1006,18 +1011,21 @@ function user_menu() { $items['admin/user/rules/add'] = array( 'title' => 'Add rule', 'page callback' => 'user_admin_access_add', + 'access arguments' => array('administer permissions'), 'type' => MENU_LOCAL_TASK, 'file' => 'user.admin.inc', ); $items['admin/user/rules/check'] = array( 'title' => 'Check rules', 'page callback' => 'user_admin_access_check', + 'access arguments' => array('administer permissions'), 'type' => MENU_LOCAL_TASK, 'file' => 'user.admin.inc', ); $items['admin/user/rules/edit'] = array( 'title' => 'Edit rule', 'page callback' => 'user_admin_access_edit', + 'access arguments' => array('administer permissions'), 'type' => MENU_CALLBACK, 'file' => 'user.admin.inc', ); @@ -1025,6 +1033,7 @@ function user_menu() { 'title' => 'Delete rule', 'page callback' => 'drupal_get_form', 'page arguments' => array('user_admin_access_delete_confirm'), + 'access arguments' => array('administer permissions'), 'type' => MENU_CALLBACK, 'file' => 'user.admin.inc', ); @@ -1037,7 +1046,7 @@ function user_menu() { 'file' => 'user.pages.inc', ); - $items['user/%user_current'] = array( + $items['user/%user_uid_optional'] = array( 'title' => 'My account', 'title callback' => 'user_page_title', 'title arguments' => array(1), @@ -1092,8 +1101,8 @@ function user_menu() { 'title arguments' => array($category['title']), 'page callback' => 'user_edit', 'page arguments' => array(1, 3), - 'access callback' => isset($category['access callback']) ? $category['access callback'] : TRUE, - 'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(), + 'access callback' => isset($category['access callback']) ? $category['access callback'] : 'user_edit_access', + 'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(1), 'type' => MENU_LOCAL_TASK, 'weight' => $category['weight'], 'load arguments' => array('%map', '%index'), @@ -1110,8 +1119,8 @@ function user_init() { drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module'); } -function user_current_load($arg) { - return user_load($arg ? $arg : $GLOBALS['user']->uid); +function user_uid_optional_load($arg) { + return user_load(isset($arg) ? $arg : $GLOBALS['user']->uid); } /** @@ -1156,7 +1165,7 @@ function user_category_load($uid, &$map, /** * Returns the user id of the currently logged in user. */ -function user_current_to_arg($arg) { +function user_uid_optional_to_arg($arg) { // Give back the current user uid when called from eg. tracker, aka. // with an empty arg. Also use the current user uid when called from // the menu with a % for the current account link.