From 95bde872271796ef8214883c1215919e40ebafcf Mon Sep 17 00:00:00 2001
From: Joe Shindelar <eojthebrave@gmail.com>
Date: Thu, 31 May 2012 15:43:57 -0500
Subject: [PATCH] [#14] Cleanup permissions / menu items for oauth_common.

- Make authorizations and consumers into their own tabs rather than grouping
  both under Authorizations.
- Adds two permissions for oauth_common that can then be used by the menu
  system to allows the authorizations and consumers tabs to be only displayed
  to users that have permission to view them vs. just displaying them to anyone
  who has permission to edit the user account.
- Allows for scenario where admin can add/administer API keys but general user's
  can not.
- See: http://drupal.org/node/1133778
---
 oauth_common.module            |    8 ++++++++
 oauth_common_providerui.module |   34 ++++++++++++----------------------
 2 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/oauth_common.module b/oauth_common.module
index 7008096..326c4d6 100644
--- a/oauth_common.module
+++ b/oauth_common.module
@@ -19,6 +19,14 @@ define('OAUTH_COMMON_VERSION_1_RFC', 2); // The RFC 5849 1.0 spec
  */
 function oauth_common_permission() {
   $permissions = array(
+    'access own authorizations' => array(
+      'title' => t('Access own OAuth authorizations'),
+      'restrict access' => TRUE,
+    ),
+    'access own consumers' => array(
+      'title' => t('Access own OAuth consumers'),
+      'restrict access' => TRUE,
+    ),
     'oauth authorize any consumers' => array(
       'title' => t('Authorize any OAuth consumers'),
       'restrict access' => TRUE,
diff --git a/oauth_common_providerui.module b/oauth_common_providerui.module
index cdca860..a4a2e9d 100644
--- a/oauth_common_providerui.module
+++ b/oauth_common_providerui.module
@@ -68,24 +68,14 @@ function oauth_common_providerui_menu() {
   // Authorization administration
   ////////////
 
-  $menu['user/%user/oauth'] = array(
-    'title' => 'Authorization',
-    'page callback' => 'oauth_common_page_user_authorizations',
-    'page arguments' => array(1, TRUE),
-    'access callback' => '_oauth_common_user_access',
-    'access arguments' => array(1),
-    'file' => 'oauth_common.authorizations.inc',
-    'type' => MENU_LOCAL_TASK,
-  );
-
   $menu['user/%user/oauth/authorizations'] = array(
-    'title' => 'Authorizations',
+    'title' => 'OAuth Authorizations',
     'page callback' => 'oauth_common_page_user_authorizations',
     'page arguments' => array(1, TRUE),
     'access callback' => '_oauth_common_user_access',
-    'access arguments' => array(1),
+    'access arguments' => array(1, 'access own authorizations'),
     'file' => 'oauth_common.authorizations.inc',
-    'type' => MENU_DEFAULT_LOCAL_TASK,
+    'type' => MENU_LOCAL_TASK,
   );
 
   $menu['user/%user/oauth/authorizations/%oauth_common_provider_token'] = array(
@@ -95,7 +85,7 @@ function oauth_common_providerui_menu() {
     'access callback' => '_oauth_common_user_access',
     'access arguments' => array(1, 'oauth authorize any consumers'),
     'file' => 'oauth_common.authorizations.inc',
-    'type' => MENU_LOCAL_TASK,
+    'type' => MENU_LOCAL_ACTION,
   );
 
   $menu['user/%user/oauth/authorizations/%oauth_common_provider_token/delete'] = array(
@@ -107,19 +97,19 @@ function oauth_common_providerui_menu() {
     'access callback' => 'user_edit_access',
     'access arguments' => array(1),
     'file' => 'oauth_common.authorizations.inc',
-    'type' => MENU_LOCAL_TASK,
+    'type' => MENU_LOCAL_ACTION,
   );
 
   ////////////
   // Consumer administration
   ////////////
 
-  $menu['user/%user/oauth/consumers'] = array(
-    'title' => 'Consumers',
+  $menu['user/%user/oauth/consumer'] = array(
+    'title' => 'OAuth Consumers',
     'page callback' => 'oauth_common_page_user_consumers',
     'page arguments' => array(1),
     'access callback' => '_oauth_common_user_access',
-    'access arguments' => array(1),
+    'access arguments' => array(1, 'access own consumers'),
     'file' => 'oauth_common.consumers.inc',
     'type' => MENU_LOCAL_TASK,
   );
@@ -130,7 +120,7 @@ function oauth_common_providerui_menu() {
     'page arguments' => array(1),
     'access callback' => 'oauth_common_can_create_consumers',
     'file' => 'oauth_common.consumers.inc',
-    'type' => MENU_LOCAL_TASK,
+    'type' => MENU_LOCAL_ACTION,
     'weight' => 10,
   );
 
@@ -141,7 +131,7 @@ function oauth_common_providerui_menu() {
     'access callback' => 'oauth_common_can_edit_consumer',
     'access arguments' => array(4),
     'file' => 'oauth_common.consumers.inc',
-    'type' => MENU_LOCAL_TASK,
+    'type' => MENU_LOCAL_ACTION,
   );
 
   $menu['user/%user/oauth/consumer/%oauth_common_consumer/delete'] = array(
@@ -151,7 +141,7 @@ function oauth_common_providerui_menu() {
     'access callback' => 'oauth_common_can_edit_consumer',
     'access arguments' => array(4),
     'file' => 'oauth_common.consumers.inc',
-    'type' => MENU_LOCAL_TASK,
+    'type' => MENU_LOCAL_ACTION,
   );
 
   $menu['user/%user/oauth/consumer/%oauth_common_consumer/add-authorization'] = array(
@@ -161,7 +151,7 @@ function oauth_common_providerui_menu() {
     'access callback' => 'oauth_common_can_authorize_consumer',
     'access arguments' => array(4),
     'file' => 'oauth_common.authorizations.inc',
-    'type' => MENU_LOCAL_TASK,
+    'type' => MENU_LOCAL_ACTION,
   );
 
   return $menu;
-- 
1.7.10