From 8d32aa84a58c70e94e4488b8c0e8dff1287ec810 Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Sat, 20 Jan 2007 13:38:06 +0000
Subject: [PATCH] "une vague d'autorisations suppression des fonctions
acces_rubrique, acces_article ... au profit d'autoriser il reste un
acces_rubrique_restreinte que je ne sais pas remplacer"
---
ecrire/action/editer_breve.php | 6 +-
ecrire/action/editer_site.php | 8 +--
ecrire/exec/articles.php | 1 -
ecrire/exec/articles_forum.php | 1 -
ecrire/exec/articles_ortho.php | 1 -
ecrire/exec/articles_versions.php | 1 -
ecrire/exec/breves.php | 3 +-
ecrire/exec/breves_edit.php | 2 +-
ecrire/exec/breves_voir.php | 6 +-
ecrire/exec/controle_forum.php | 2 +-
ecrire/exec/controle_petition.php | 1 -
ecrire/exec/dater.php | 2 +-
ecrire/exec/documents_colonne.php | 4 +-
ecrire/exec/editer_auteurs.php | 2 +-
ecrire/exec/editer_mot.php | 6 +-
ecrire/exec/iconifier.php | 4 +-
ecrire/exec/legender.php | 4 +-
ecrire/exec/meme_rubrique.php | 2 +-
ecrire/exec/mots_edit.php | 8 +--
ecrire/exec/mots_tous.php | 6 +-
ecrire/exec/naviguer.php | 12 +++-
ecrire/exec/petitionner.php | 2 +-
ecrire/exec/puce_statut_article.php | 1 -
ecrire/exec/referencer_traduction.php | 2 +-
ecrire/exec/regler_moderation.php | 2 +-
ecrire/exec/rubriques_edit.php | 2 +-
ecrire/exec/sites.php | 2 +-
ecrire/exec/statistiques_visites.php | 1 -
ecrire/exec/tourner.php | 4 +-
ecrire/exec/virtualiser.php | 2 +-
ecrire/inc/admin.php | 1 -
ecrire/inc/article_select.php | 1 -
ecrire/inc/auth.php | 34 ------------
ecrire/inc/autoriser.php | 8 +++
ecrire/inc/chercher_rubrique.php | 2 +-
ecrire/inc/editer_mot.php | 4 +-
ecrire/inc/export.php | 2 +-
ecrire/inc/grouper_mots.php | 2 +-
ecrire/inc/notifications.php | 2 -
ecrire/inc/presentation.php | 79 ++++++++++++++-------------
ecrire/inc_version.php | 4 +-
41 files changed, 101 insertions(+), 138 deletions(-)
diff --git a/ecrire/action/editer_breve.php b/ecrire/action/editer_breve.php
index e6690b961d..7784a9dd49 100644
--- a/ecrire/action/editer_breve.php
+++ b/ecrire/action/editer_breve.php
@@ -123,12 +123,8 @@ function revisions_breves ($id_breve, $c=false) {
// et que le demandeur n'est pas admin de la rubrique
// repasser la breve en statut 'prop'.
if ($statut == 'publie') {
- if ($GLOBALS['auteur_session']['statut'] != '0minirezo')
+ if (!autoriser('publierdans','rubrique',$id_parent))
$champs['statut'] = $statut = 'prop';
- else {
- if (!acces_rubrique($id_parent))
- $champs['statut'] = $statut = 'prop';
- }
}
}
diff --git a/ecrire/action/editer_site.php b/ecrire/action/editer_site.php
index fdb5a092b3..251fd22ebc 100644
--- a/ecrire/action/editer_site.php
+++ b/ecrire/action/editer_site.php
@@ -150,7 +150,7 @@ function revisions_sites ($id_syndic, $c=false) {
if (_request('statut', $c)
AND _request('statut', $c) != $statut
- AND acces_rubrique($id_rubrique)) {
+ AND autoriser('publierdans','rubrique',$id_rubrique)) {
$statut = $champs['statut'] = _request('statut', $c);
}
@@ -166,12 +166,8 @@ function revisions_sites ($id_syndic, $c=false) {
// et que le demandeur n'est pas admin de la rubrique
// repasser le site en statut 'prop'.
if ($statut == 'publie') {
- if ($GLOBALS['auteur_session']['statut'] != '0minirezo')
+ if (!autoriser('publierdans','rubrique',$id_parent))
$champs['statut'] = $statut = 'prop';
- else {
- if (!acces_rubrique($id_parent))
- $champs['statut'] = $statut = 'prop';
- }
}
}
diff --git a/ecrire/exec/articles.php b/ecrire/exec/articles.php
index 7a7c23c7c9..94efc1f4cc 100644
--- a/ecrire/exec/articles.php
+++ b/ecrire/exec/articles.php
@@ -15,7 +15,6 @@ if (!defined("_ECRIRE_INC_VERSION")) return;
include_spip('inc/presentation');
include_spip('inc/texte');
include_spip('inc/actions');
-include_spip('inc/autoriser');
// http://doc.spip.org/@exec_articles_dist
function exec_articles_dist()
diff --git a/ecrire/exec/articles_forum.php b/ecrire/exec/articles_forum.php
index f144974029..a85a8e8375 100644
--- a/ecrire/exec/articles_forum.php
+++ b/ecrire/exec/articles_forum.php
@@ -13,7 +13,6 @@
if (!defined("_ECRIRE_INC_VERSION")) return;
include_spip('inc/presentation');
include_spip('inc/forum'); // pour boutons_controle_forum
-include_spip('inc/autoriser');
// http://doc.spip.org/@exec_articles_forum_dist
function exec_articles_forum_dist()
diff --git a/ecrire/exec/articles_ortho.php b/ecrire/exec/articles_ortho.php
index 9986d17f30..5db8cbbcd5 100644
--- a/ecrire/exec/articles_ortho.php
+++ b/ecrire/exec/articles_ortho.php
@@ -15,7 +15,6 @@ if (!defined("_ECRIRE_INC_VERSION")) return;
include_spip('inc/presentation');
include_spip('inc/distant');
include_spip('inc/ortho');
-include_spip('inc/autoriser');
// http://doc.spip.org/@exec_articles_ortho_dist
function exec_articles_ortho_dist()
diff --git a/ecrire/exec/articles_versions.php b/ecrire/exec/articles_versions.php
index 51230b2891..b3f4c80407 100644
--- a/ecrire/exec/articles_versions.php
+++ b/ecrire/exec/articles_versions.php
@@ -15,7 +15,6 @@ if (!defined("_ECRIRE_INC_VERSION")) return;
include_spip('inc/presentation');
include_spip('inc/revisions');
-include_spip('inc/autoriser');
// http://doc.spip.org/@exec_articles_versions_dist
function exec_articles_versions_dist()
diff --git a/ecrire/exec/breves.php b/ecrire/exec/breves.php
index 08147a8639..514c77af28 100644
--- a/ecrire/exec/breves.php
+++ b/ecrire/exec/breves.php
@@ -38,8 +38,7 @@ function exec_breves_dist()
$titre=typo($row['titre']);
$descriptif=$row['descriptif'];
$texte=$row['texte'];
- $editable = ($GLOBALS['connect_statut'] == "0minirezo")
- && acces_rubrique($id_rubrique);
+ $editable = autoriser('publierdans','rubrique',$id_rubrique);
$statuts = "'prop', 'publie'" . ($editable ? ", 'refuse'": "");
diff --git a/ecrire/exec/breves_edit.php b/ecrire/exec/breves_edit.php
index 24223f1154..f80848afce 100644
--- a/ecrire/exec/breves_edit.php
+++ b/ecrire/exec/breves_edit.php
@@ -164,7 +164,7 @@ if ($connect_statut=="0minirezo" OR $statut=="prop" OR $new == "oui") {
$form .= extra_saisie($extra, 'breves', $id_rubrique);
}
- if ($connect_statut=="0minirezo" AND acces_rubrique($id_rubrique)) {
+ if (autoriser('publierdans','rubrique',$id_rubrique)) {
$form .= debut_cadre_relief('', true)
. "<b>"._T('entree_breve_publiee')."</b>\n"
. "<select name='statut' size='1' class='fondl'>\n"
diff --git a/ecrire/exec/breves_voir.php b/ecrire/exec/breves_voir.php
index a4f442e791..fde965659e 100644
--- a/ecrire/exec/breves_voir.php
+++ b/ecrire/exec/breves_voir.php
@@ -40,7 +40,7 @@ function afficher_breves_voir($id_breve, $cherche_mot, $select_groupe)
exit;
}
- $flag_editable = (($connect_statut == '0minirezo' AND acces_rubrique($id_rubrique)) OR $statut == 'prop');
+ $flag_editable = (autoriser('publierdans','rubrique',$id_rubrique) OR $statut == 'prop');
// Est-ce que quelqu'un a deja ouvert la breve en edition ?
if ($flag_editable
@@ -87,7 +87,7 @@ function afficher_breves_voir($id_breve, $cherche_mot, $select_groupe)
// Logos de la breve
//
- if (($spip_display != 4) AND $id_breve>0 AND ($connect_statut == '0minirezo' AND acces_rubrique($id_rubrique))) {
+ if (($spip_display != 4) AND $id_breve>0 AND autoriser('publierdans','rubrique',$id_rubrique)) {
$iconifier = charger_fonction('iconifier', 'inc');
echo $iconifier('id_breve', $id_breve, 'breves_voir');
}
@@ -208,7 +208,7 @@ function afficher_breves_voir($id_breve, $cherche_mot, $select_groupe)
echo extra_affichage($extra, "breves");
}
- if ($connect_statut=="0minirezo" AND acces_rubrique($id_rubrique) AND ($statut=="prop" OR $statut=="prepa")){
+ if (autoriser('publierdans','rubrique',$id_rubrique) AND ($statut=="prop" OR $statut=="prepa")){
echo "<div align='right'>";
echo "<table><tr>";
diff --git a/ecrire/exec/controle_forum.php b/ecrire/exec/controle_forum.php
index 27ee2be3a2..9dee4089fc 100644
--- a/ecrire/exec/controle_forum.php
+++ b/ecrire/exec/controle_forum.php
@@ -228,7 +228,7 @@ function exec_controle_forum_dist()
# TODO autoriser
$droit = (($connect_statut != "0minirezo") OR
(!$connect_toutes_rubriques AND
- (!$id_rubrique OR !acces_rubrique($id_rubrique))));
+ (!$id_rubrique OR !autoriser('publierdans','rubrique',$id_rubrique))));
if (_request('var_ajaxcharset') AND !$droit) {
ajax_retour($mess);
diff --git a/ecrire/exec/controle_petition.php b/ecrire/exec/controle_petition.php
index d422ad6cce..60190bd456 100644
--- a/ecrire/exec/controle_petition.php
+++ b/ecrire/exec/controle_petition.php
@@ -18,7 +18,6 @@ function exec_controle_petition_dist()
{
include_spip('inc/presentation');
include_spip('inc/signatures');
- include_spip('inc/autoriser');
$id_article = intval(_request('id_article'));
diff --git a/ecrire/exec/dater.php b/ecrire/exec/dater.php
index 968cdcfbbd..61eca1e826 100644
--- a/ecrire/exec/dater.php
+++ b/ecrire/exec/dater.php
@@ -19,7 +19,7 @@ function exec_dater_dist()
$id = intval(_request('id'));
if (($GLOBALS['auteur_session']['statut'] != '0minirezo')
- OR ($type == 'article' AND !acces_article($id))
+ OR ($type == 'article' AND !autoriser('modifier','article',$id))
OR (!preg_match('/^\w+$/',$type))) { // securite
include_spip('inc/minipres');
echo minipres();
diff --git a/ecrire/exec/documents_colonne.php b/ecrire/exec/documents_colonne.php
index 48054f98a8..71a4dfd1e7 100644
--- a/ecrire/exec/documents_colonne.php
+++ b/ecrire/exec/documents_colonne.php
@@ -19,8 +19,8 @@ function exec_documents_colonne_dist()
$id = intval($id);
if (!($type == 'article'
- ? acces_article($id)
- : acces_rubrique($id))) {
+ ? autoriser('modifier','article',$id)
+ : autoriser('publierdans','rubrique',$id))) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/exec/editer_auteurs.php b/ecrire/exec/editer_auteurs.php
index c424221020..1fe709643e 100644
--- a/ecrire/exec/editer_auteurs.php
+++ b/ecrire/exec/editer_auteurs.php
@@ -21,7 +21,7 @@ function exec_editer_auteurs_dist()
$id = intval(_request("id_$type"));
- if (! acces_article($id_article)) {
+ if (! autoriser('modifier','article',$id_article)) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/exec/editer_mot.php b/ecrire/exec/editer_mot.php
index ef579cd6e3..d8cc6a782e 100644
--- a/ecrire/exec/editer_mot.php
+++ b/ecrire/exec/editer_mot.php
@@ -22,14 +22,14 @@ function exec_editer_mot_dist()
if ($GLOBALS['connect_toutes_rubriques']) // pour eviter SQL
$droit = true;
elseif ($objet == 'article')
- $droit = acces_article($id_objet);
+ $droit = autoriser('modifier','article',$id_objet);
elseif ($objet == 'rubrique')
- $droit = acces_rubrique($id_objet);
+ $droit = autoriser('publierdans','rubrique',$id_objet);
else {
if ($objet == 'breve')
$droit = spip_query("SELECT id_rubrique FROM spip_breves WHERE id_breve='$id_objet'");
else $droit = spip_query("SELECT id_rubrique FROM spip_syndic WHERE id_syndic=$id_objet");
- $droit = acces_rubrique($droit['id_rubrique']);
+ $droit = autoriser('publierdans','rubrique',$droit['id_rubrique']);
}
if (!$droit) {
diff --git a/ecrire/exec/iconifier.php b/ecrire/exec/iconifier.php
index fda9fedb25..ec3bc6f199 100644
--- a/ecrire/exec/iconifier.php
+++ b/ecrire/exec/iconifier.php
@@ -31,7 +31,7 @@ function exec_iconifier_dist()
}
if ($type == 'id_rubrique')
- $droit = acces_rubrique($id);
+ $droit = autoriser('publierdans','rubrique',$id);
elseif ($type == 'id_auteur')
$droit = (($id == $connect_id_auteur) OR $connect_toutes_rubriques);
elseif ($type == 'id_mot')
@@ -39,7 +39,7 @@ function exec_iconifier_dist()
else {
$table=substr($type, 3) . (($type == 'id_syndic') ? '' : 's');
$row = spip_fetch_array(spip_query("SELECT id_rubrique, statut FROM spip_$table WHERE $type=$id"));
- $droit = acces_rubrique($row['id_rubrique']);
+ $droit = autoriser('publierdans','rubrique',$row['id_rubrique']);
if (!$droit AND ($row['statut'] == 'prepa' OR $row['statut'] == 'prop' OR $row['statut'] == 'poubelle'))
$droit = spip_num_rows(determiner_auteurs_objet('article',$id, "id_auteur=$connect_id_auteur"));
}
diff --git a/ecrire/exec/legender.php b/ecrire/exec/legender.php
index 49b3b431ff..bb934bd926 100644
--- a/ecrire/exec/legender.php
+++ b/ecrire/exec/legender.php
@@ -20,8 +20,8 @@ function exec_legender_dist()
$id_document = intval($id_document);
if (!($type == 'article'
- ? acces_article($id)
- : acces_rubrique($id))) {
+ ? autoriser('modifier','article',$id)
+ : autoriser('publierdans','rubrique',$id))) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/exec/meme_rubrique.php b/ecrire/exec/meme_rubrique.php
index f04935ea04..eba2ac27c3 100644
--- a/ecrire/exec/meme_rubrique.php
+++ b/ecrire/exec/meme_rubrique.php
@@ -22,7 +22,7 @@ function exec_meme_rubrique_dist()
$order = _request('order');
if (($GLOBALS['auteur_session']['statut'] != '0minirezo')
- OR (!acces_rubrique($id))
+ OR (!autoriser('publierdans','rubrique',$id))
OR (!preg_match('/^[\w_-]+$/',$order))
OR (!preg_match('/^[\w_-]+$/',$type))) {
include_spip('inc/minipres');
diff --git a/ecrire/exec/mots_edit.php b/ecrire/exec/mots_edit.php
index f13c0e62c0..7063fbd96f 100644
--- a/ecrire/exec/mots_edit.php
+++ b/ecrire/exec/mots_edit.php
@@ -56,7 +56,7 @@ global
$id_groupe = $row['id_groupe'];
$onfocus ='';
} else {
- if (!$new OR !acces_mots()) {
+ if (!$new OR !autoriser('modifier','groupemots',$id_groupe)) {
echo minipres(_T('info_mot_sans_groupe'));
exit;
}
@@ -105,7 +105,7 @@ global
// Logos du mot-clef
- if (acces_mots() AND ($spip_display != 4)) {
+ if (autoriser('modifier','groupemots',$id_groupe) AND ($spip_display != 4)) {
$iconifier = charger_fonction('iconifier', 'inc');
$out .= $iconifier('id_mot', $id_mot, 'mots_edit','iconifier');
}
@@ -117,7 +117,7 @@ global
$res ='';
- if (acces_mots() AND $id_groupe) {
+ if ($id_groupe AND autoriser('modifier','groupemots',$id_groupe)) {
$res = icone_horizontale(_T('icone_modif_groupe_mots'), generer_url_ecrire("mots_type","id_groupe=$id_groupe"), "groupe-mot-24.gif", "edit.gif", false)
. icone_horizontale(_T('icone_creation_mots_cles'), generer_url_ecrire("mots_edit", "new=oui&id_groupe=$id_groupe&redirect=" . generer_url_retour('mots_tous')), "mot-cle-24.gif", "creer.gif", false);
}
@@ -188,7 +188,7 @@ global
$out .= fin_cadre_relief(true);
- if (acces_mots()){
+ if (autoriser('modifier','groupemots',$id_groupe)){
$out .= debut_cadre_formulaire('',true);
diff --git a/ecrire/exec/mots_tous.php b/ecrire/exec/mots_tous.php
index e0f9399a5a..a3417e1e7c 100644
--- a/ecrire/exec/mots_tous.php
+++ b/ecrire/exec/mots_tous.php
@@ -30,7 +30,7 @@ function exec_mots_tous_dist()
echo pipeline('affiche_gauche',array('args'=>array('exec'=>'mots_tous'),'data'=>''));
- if (acces_mots() AND !$conf_mot){
+ if (autoriser('modifier','groupemots',$id_groupe) AND !$conf_mot){
$res = icone_horizontale(_T('icone_creation_groupe_mots'), generer_url_ecrire("mots_type","new=oui"), "groupe-mot-24.gif", "creer.gif",false);
echo bloc_des_raccourcis($res);
@@ -42,7 +42,7 @@ function exec_mots_tous_dist()
debut_droite();
gros_titre(_T('titre_mots_tous'));
- if (acces_mots()) {
+ if (autoriser('modifier','groupemots',$id_groupe)) {
echo typo(_T('info_creation_mots_cles')) . aide ("mots") ;
}
echo "<br /><br />";
@@ -119,7 +119,7 @@ function exec_mots_tous_dist()
echo "</div>";
- if (acces_mots()){
+ if (autoriser('modifier','groupemots',$id_groupe)){
echo "\n<table cellpadding='0' cellspacing='0' border='0' width='100%'>";
echo "<tr>";
echo "<td>";
diff --git a/ecrire/exec/naviguer.php b/ecrire/exec/naviguer.php
index e311358326..4802cf49f4 100644
--- a/ecrire/exec/naviguer.php
+++ b/ecrire/exec/naviguer.php
@@ -42,7 +42,7 @@ function exec_naviguer_dist()
else if ($id_parent == 0) $ze_logo = "secteur-24.gif";
else $ze_logo = "rubrique-24.gif";
- $flag_editable = acces_rubrique($id_rubrique);
+ $flag_editable = autoriser('publierdans','rubrique',$id_rubrique);
pipeline('exec_init',array('args'=>array('exec'=>'naviguer','id_rubrique'=>$id_rubrique),'data'=>''));
@@ -62,6 +62,12 @@ function exec_naviguer_dist()
fin_grand_cadre();
changer_typo('', 'rubrique'.$id_rubrique);
+
+ if (!autoriser('voir','rubrique',$id_rubrique)){
+ echo "<strong>"._T('avis_acces_interdit')."</strong>";
+ fin_page();
+ exit;
+ }
debut_gauche();
@@ -151,7 +157,7 @@ function infos_naviguer($id_rubrique, $statut, $ze_logo)
echo $res;
voir_en_ligne ('rubrique', $id_rubrique, $statut);
- if (acces_rubrique($id_rubrique)) {
+ if (autoriser('publierdans','rubrique',$id_rubrique)) {
$id_parent = spip_fetch_array(spip_query("SELECT id_parent FROM spip_rubriques WHERE id_rubrique=$id_rubrique"));
if (!$id_parent['id_parent']) {
list($from, $where) = critere_statut_controle_forum('prop', $id_rubrique);
@@ -358,7 +364,7 @@ function contenu_naviguer($id_rubrique, $id_parent) {
$res .= '<br />' . afficher_sites('<b>' . _T('titre_sites_references_rubrique') . '</b>', array("FROM" => 'spip_syndic', 'WHERE' => "id_rubrique='$id_rubrique' AND statut!='refuse' AND statut != 'prop' AND syndication NOT IN ('off','sus')", 'ORDER BY' => 'nom_site'));
if ($id_rubrique > 0
- AND ($GLOBALS['meta']["proposer_sites"]> 0 OR acces_rubrique($id_rubrique))) {
+ AND ($GLOBALS['meta']["proposer_sites"]> 0 OR autoriser('publierdans','rubrique',$id_rubrique))) {
$res .= "<br /><div align='$spip_lang_right'>"
. icone(_T('info_sites_referencer'), generer_url_ecrire('sites_edit', "id_rubrique=$id_rubrique&redirect=" . generer_url_retour('naviguer', "id_rubrique=$id_rubrique")), "site-24.gif", "creer.gif",'', 'non')
diff --git a/ecrire/exec/petitionner.php b/ecrire/exec/petitionner.php
index dae8938e82..b13ac5ca21 100644
--- a/ecrire/exec/petitionner.php
+++ b/ecrire/exec/petitionner.php
@@ -18,7 +18,7 @@ function exec_petitionner_dist()
global $id_article, $script;
$id_article = intval($id_article);
- if (!acces_article($id_article)) {
+ if (!autoriser('modifier','article',$id_article)) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/exec/puce_statut_article.php b/ecrire/exec/puce_statut_article.php
index cd1fe82718..1c9249d85b 100644
--- a/ecrire/exec/puce_statut_article.php
+++ b/ecrire/exec/puce_statut_article.php
@@ -13,7 +13,6 @@
if (!defined("_ECRIRE_INC_VERSION")) return;
include_spip('inc/presentation');
-include_spip('inc/autoriser');
// http://doc.spip.org/@exec_puce_statut_article_dist
function exec_puce_statut_article_dist()
diff --git a/ecrire/exec/referencer_traduction.php b/ecrire/exec/referencer_traduction.php
index 89a257ca42..a76de88402 100644
--- a/ecrire/exec/referencer_traduction.php
+++ b/ecrire/exec/referencer_traduction.php
@@ -17,7 +17,7 @@ function exec_referencer_traduction_dist()
{
$id_article = intval(_request('id_article'));
- if (!acces_article($id_article)) {
+ if (!autoriser('modifier','article',$id_article)) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/exec/regler_moderation.php b/ecrire/exec/regler_moderation.php
index 7d629eb77c..e4c8182fb7 100644
--- a/ecrire/exec/regler_moderation.php
+++ b/ecrire/exec/regler_moderation.php
@@ -18,7 +18,7 @@ function exec_regler_moderation_dist()
global $id_article, $script;
$id_article = intval($id_article);
- if (!acces_article($id_article)) {
+ if (!autoriser('modifier','article',$id_article)) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/exec/rubriques_edit.php b/ecrire/exec/rubriques_edit.php
index 31085eab41..c095e85ebb 100644
--- a/ecrire/exec/rubriques_edit.php
+++ b/ecrire/exec/rubriques_edit.php
@@ -39,7 +39,7 @@ function exec_rubriques_edit_dist()
$texte = "";
$id_parent = intval($id_parent);
- if (!acces_rubrique($id_parent)) {
+ if (!autoriser('publierdans','rubrique',$id_parent)) {
$id_parent = $GLOBALS['connect_id_rubrique'][0];
}
} else {
diff --git a/ecrire/exec/sites.php b/ecrire/exec/sites.php
index 0496b95bdc..946115b1e7 100644
--- a/ecrire/exec/sites.php
+++ b/ecrire/exec/sites.php
@@ -43,7 +43,7 @@ function exec_sites_dist()
$mod = $row['moderation'];
$extra=$row["extra"];
- $flag_administrable = acces_rubrique($id_rubrique);
+ $flag_administrable = autoriser('publierdans','rubrique',$id_rubrique);
$flag_editable = ($flag_administrable OR ($GLOBALS['meta']["proposer_sites"] > 0 AND ($statut == 'prop')));
diff --git a/ecrire/exec/statistiques_visites.php b/ecrire/exec/statistiques_visites.php
index b8354c0265..81320768c0 100644
--- a/ecrire/exec/statistiques_visites.php
+++ b/ecrire/exec/statistiques_visites.php
@@ -45,7 +45,6 @@ function statistiques_csv($id_article) {
else
$q = "SELECT date, visites FROM spip_visites ORDER BY date";
- include_spip('inc/autoriser');
if (!autoriser('voirstats', $id ? 'article':'', $id)) exit;
diff --git a/ecrire/exec/tourner.php b/ecrire/exec/tourner.php
index 4ffcac6707..da6edd7cbf 100644
--- a/ecrire/exec/tourner.php
+++ b/ecrire/exec/tourner.php
@@ -20,8 +20,8 @@ function exec_tourner_dist()
$id_document = intval($id_document);
if (!($type == 'article'
- ? acces_article($id)
- : acces_rubrique($id))) {
+ ? autoriser('modifier','article',$id)
+ : autoriser('publierdans','rubrique',$id))) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/exec/virtualiser.php b/ecrire/exec/virtualiser.php
index dbe45a5c07..81d79b470f 100644
--- a/ecrire/exec/virtualiser.php
+++ b/ecrire/exec/virtualiser.php
@@ -18,7 +18,7 @@ function exec_virtualiser_dist()
global $id_article, $script;
$id_article = intval($id_article);
- if (!acces_article($id_article)) {
+ if (!autoriser('modifier','article',$id_article)) {
include_spip('inc/minipres');
echo minipres();
exit;
diff --git a/ecrire/inc/admin.php b/ecrire/inc/admin.php
index 42a7d4a683..06346b59af 100644
--- a/ecrire/inc/admin.php
+++ b/ecrire/inc/admin.php
@@ -44,7 +44,6 @@ function debut_admin($script, $action, $commentaire='') {
}
include_spip('inc/minipres');
- include_spip('inc/autoriser');
// Si on est un super-admin, un bouton de validation suffit
diff --git a/ecrire/inc/article_select.php b/ecrire/inc/article_select.php
index 0038c5b404..436b0a052f 100644
--- a/ecrire/inc/article_select.php
+++ b/ecrire/inc/article_select.php
@@ -23,7 +23,6 @@ function article_select($id_article, $id_rubrique=0, $lier_trad=0, $id_version=0
global $connect_id_auteur, $connect_id_rubrique, $spip_lang;
include_spip('inc/auth'); // pour auteurs_article si espace public
- include_spip('inc/autoriser');
if (is_numeric($id_article)) {
diff --git a/ecrire/inc/auth.php b/ecrire/inc/auth.php
index a3644cc00f..a4d5970567 100644
--- a/ecrire/inc/auth.php
+++ b/ecrire/inc/auth.php
@@ -17,14 +17,6 @@ if (!defined("_ECRIRE_INC_VERSION")) return;
// Fonctions de gestion de l'acces restreint aux rubriques
//
-// http://doc.spip.org/@acces_rubrique
-function acces_rubrique($id_rubrique) {
- global $connect_toutes_rubriques;
- global $connect_id_rubrique;
-
- return ($connect_toutes_rubriques OR isset($connect_id_rubrique[$id_rubrique]));
-}
-
// http://doc.spip.org/@acces_restreint_rubrique
function acces_restreint_rubrique($id_rubrique) {
global $connect_id_rubrique;
@@ -33,32 +25,6 @@ function acces_restreint_rubrique($id_rubrique) {
return (isset($connect_id_rubrique[$id_rubrique]));
}
-// http://doc.spip.org/@acces_mots
-function acces_mots() {
- global $connect_toutes_rubriques;
- return $connect_toutes_rubriques;
-}
-
-// http://doc.spip.org/@acces_article
-function acces_article($id_article)
-{
- global $auteur_session, $connect_toutes_rubriques;
-
- if ($connect_toutes_rubriques) return true;
-
- $s = spip_query("SELECT id_rubrique, statut FROM spip_articles WHERE id_article=$id_article");
- $row = spip_fetch_array($s);
-
- if (acces_rubrique($row['id_rubrique'])) return true;
-
- $s = auteurs_article($id_article, " id_auteur=" . $auteur_session['id_auteur']);
- if (!spip_num_rows($s)) return false;
-
- $s = $row['statut'];
-
- return ($s == 'prepa' OR $s == 'prop' OR $s == 'poubelle');
-}
-
// http://doc.spip.org/@auteurs_article
function auteurs_article($id_article, $cond='')
{
diff --git a/ecrire/inc/autoriser.php b/ecrire/inc/autoriser.php
index c8f7907e6e..3b1a43f535 100644
--- a/ecrire/inc/autoriser.php
+++ b/ecrire/inc/autoriser.php
@@ -161,6 +161,14 @@ function autoriser_article_modifier_dist($faire, $type, $id, $qui, $opt) {
);
}
+// Autoriser a modifier un groupe de mots $id
+// http://doc.spip.org/@autoriser_rubrique_modifier_dist
+function autoriser_groupemots_modifier_dist($faire, $type, $id, $qui, $opt) {
+ return
+ $qui['statut'] == '0minirezo'
+ AND !$qui['restreint'];
+}
+
// Lire les stats ?
// = tous les admins
// http://doc.spip.org/@autoriser_voirstats_dist
diff --git a/ecrire/inc/chercher_rubrique.php b/ecrire/inc/chercher_rubrique.php
index 53bad9dc39..687d4c6719 100644
--- a/ecrire/inc/chercher_rubrique.php
+++ b/ecrire/inc/chercher_rubrique.php
@@ -129,7 +129,7 @@ function sous_menu_rubriques($id_rubrique, $root, $niv, &$data, &$enfants, $excl
$niv+1, $data, $enfants, $exclus, $restreint, $type);
// si l'objet a deplacer est publie, verifier qu'on a acces aux rubriques
- if ($restreint AND !acces_rubrique($root))
+ if ($restreint AND !autoriser('publierdans','rubrique',$root))
return $sous;
// sauter un cran pour les secteurs (sauf premier)
diff --git a/ecrire/inc/editer_mot.php b/ecrire/inc/editer_mot.php
index d469ec1702..19da7cc23e 100644
--- a/ecrire/inc/editer_mot.php
+++ b/ecrire/inc/editer_mot.php
@@ -146,7 +146,7 @@ function recherche_mot_cle($cherche_mots, $id_groupe, $objet, $id_objet, $table,
}
else $res .= affiche_mots_ressemblant($cherche_mot, $objet, $id_objet, $resultat, $table, $table_id, $url_base);
-/* if (acces_mots()) {
+/* if (autoriser('modifier','groupemots',$id_groupe)) {
$titre = rawurlencode($cherche_mot);
$res .= "<div style='width: 200px;'>";
$res .= icone_horizontale(_T('icone_creer_mot_cle'), generer_url_ecrire("mots_edit","new=oui&id_groupe=$id_groupe&ajouter_id_article=$id_objet&table=$table&table_id=$table_id&titre=$titre&redirect=" . generer_url_retour($url_base, "$table_id=$id_objet")), "mot-cle-24.gif", "creer.gif", false);
@@ -324,7 +324,7 @@ function formulaire_mots_cles($id_groupes_vus, $id_objet, $les_mots, $table, $ta
."</div>\n" ;
}
- if (acces_mots()) {
+ if (autoriser('modifier','groupemots')) {
$titre = _request('cherche_mot')
? "&titre=".rawurlencode(_request('cherche_mot')) : '';
$bouton_ajouter = icone_horizontale(_T('icone_creer_mot_cle'), generer_url_ecrire("mots_edit","new=oui&ajouter_id_article=$id_objet&table=$table&table_id=$table_id$titre&redirect=" . generer_url_retour($url_base, "$table_id=$id_objet")), "mot-cle-24.gif", "creer.gif", false)
diff --git a/ecrire/inc/export.php b/ecrire/inc/export.php
index 70d534ff00..e2a185c7a2 100644
--- a/ecrire/inc/export.php
+++ b/ecrire/inc/export.php
@@ -132,7 +132,7 @@ function build_while($file,$gz, $nfields, &$pos_in_table, $result, &$status_dump
$k = $fields[$i];
$item .= "<$k>" . text_to_xml($row[$k]) . "</$k>\n";
}
- if ($all OR acces_rubrique($row['id_rubrique']))
+ if ($all OR autoriser('publierdans','rubrique',$row['id_rubrique']))
$string .= "$begin$item$end";
}
$status_dump[3] = $pos_in_table = $pos_in_table +1;
diff --git a/ecrire/inc/grouper_mots.php b/ecrire/inc/grouper_mots.php
index 7497068790..2409c242db 100644
--- a/ecrire/inc/grouper_mots.php
+++ b/ecrire/inc/grouper_mots.php
@@ -112,7 +112,7 @@ function afficher_groupe_mots_boucle($row, $occurrences, $total)
$vals[] = $texte_lie;
- if (acces_mots()) {
+ if (autoriser('modifier','groupemots',$id_groupe)) {
$clic = _T('info_supprimer_mot')
. " <img src='"
. _DIR_IMG_PACK
diff --git a/ecrire/inc/notifications.php b/ecrire/inc/notifications.php
index 2aca9bf9ab..2add885868 100644
--- a/ecrire/inc/notifications.php
+++ b/ecrire/inc/notifications.php
@@ -217,7 +217,6 @@ function notifications_forumvalide_dist($quoi, $id_forum) {
include_spip('inc/texte');
include_spip('inc/filtres');
include_spip('inc/mail');
- include_spip('inc/autoriser');
// Qui va-t-on prevenir ?
@@ -294,7 +293,6 @@ function notifications_forumposte_dist($quoi, $id_forum) {
include_spip('inc/texte');
include_spip('inc/filtres');
include_spip('inc/mail');
- include_spip('inc/autoriser');
// Qui va-t-on prevenir ?
diff --git a/ecrire/inc/presentation.php b/ecrire/inc/presentation.php
index cd4e9a88c1..79e6bc1e96 100644
--- a/ecrire/inc/presentation.php
+++ b/ecrire/inc/presentation.php
@@ -537,7 +537,6 @@ function puce_statut_article($id, $statut, $id_rubrique, $type='article', $ajax
$inser_puce = http_img_pack($puce, $title, " style='margin: 1px;'$ajax_node");
- include_spip('inc/autoriser');
if (!autoriser('publierdans', 'rubrique', $id_rubrique))
return $inser_puce;
@@ -615,7 +614,6 @@ function puce_statut_breve($id, $statut, $type, $droit='AUTO') {
if (!$droit || $droit=='AUTO') return $inser_puce;
/* if ($droit == 'AUTO') { # id_rubrique indefinie. a revoir.
- include_spip('inc/autoriser');
$droit = autoriser('publierdans', 'rubrique', $id_rubrique);
} */
@@ -908,7 +906,7 @@ function afficher_breves_boucle($row, &$tous_id, $voir_logo, $own)
else $lang = $langue_defaut;
$id_rubrique = $row['id_rubrique'];
- $vals[] = puce_statut_breve($id_breve, $statut, 'breve', ($droit && acces_rubrique($id_rubrique)));
+ $vals[] = puce_statut_breve($id_breve, $statut, 'breve', ($droit && autoriser('publierdans','rubrique',$id_rubrique)));
$s = "\n<div>";
$s .= "<a href='" . generer_url_ecrire("breves_voir","id_breve=$id_breve") . "' style=\"display:block;\">";
@@ -1863,7 +1861,6 @@ function afficher_numero_edit($id, $key, $type)
$numero = _T('info_numero_abbreviation');
}
- include_spip("inc/autoriser");
if (!autoriser('modifier',$type,$id)) {
$bal ='span';
$href = '';
@@ -1945,43 +1942,46 @@ function enfant_rub($collection){
$id_rubrique=$row['id_rubrique'];
$id_parent=$row['id_parent'];
$titre=$row['titre'];
-
- $les_sous_enfants = sous_enfant_rub($id_rubrique);
-
- changer_typo($row['lang']);
-
- $descriptif=propre($row['descriptif']);
-
- if ($voir_logo) {
- if ($logo = $chercher_logo($id_rubrique, 'id_rubrique', 'on')) {
- list($fid, $dir, $nom, $format) = $logo;
- include_spip('inc/filtres_images');
- $logo = image_reduire("<img src='$fid' alt='' />", 48, 36);
- if ($logo)
- $logo = "\n<div style='$voir_logo'>$logo</div>";
+
+ if (autoriser('voir','rubrique',$id_rubrique)){
+
+ $les_sous_enfants = sous_enfant_rub($id_rubrique);
+
+ changer_typo($row['lang']);
+
+ $descriptif=propre($row['descriptif']);
+
+ if ($voir_logo) {
+ if ($logo = $chercher_logo($id_rubrique, 'id_rubrique', 'on')) {
+ list($fid, $dir, $nom, $format) = $logo;
+ include_spip('inc/filtres_images');
+ $logo = image_reduire("<img src='$fid' alt='' />", 48, 36);
+ if ($logo)
+ $logo = "\n<div style='$voir_logo'>$logo</div>";
+ }
}
+
+ $les_enfants = "\n<div class='enfants'>" .
+ debut_cadre_sous_rub(($id_parent ? "rubrique-24.gif" : "secteur-24.gif"), true) .
+ (is_string($logo) ? $logo : '') .
+ (!$les_sous_enfants ? "" : bouton_block_invisible("enfants$id_rubrique")) .
+ (!acces_restreint_rubrique($id_rubrique) ? "" :
+ http_img_pack("admin-12.gif", '', " width='12' height='12'", _T('image_administrer_rubrique'))) .
+ " <span dir='$lang_dir'><b><a href='" .
+ generer_url_ecrire("naviguer","id_rubrique=$id_rubrique") .
+ "'>".
+ typo($titre) .
+ "</a></b></span>" .
+ (!$descriptif ? '' : "\n<div class='verdana1'>$descriptif</div>") .
+ (($spip_display == 4) ? '' : $les_sous_enfants) .
+ "\n<div style='clear:both;'></div>" .
+ fin_cadre_sous_rub(true) .
+ "</div>";
+
+ $res .= ($spip_display != 4)
+ ? $les_enfants
+ : "\n<li>$les_enfants</li>";
}
-
- $les_enfants = "\n<div class='enfants'>" .
- debut_cadre_sous_rub(($id_parent ? "rubrique-24.gif" : "secteur-24.gif"), true) .
- (is_string($logo) ? $logo : '') .
- (!$les_sous_enfants ? "" : bouton_block_invisible("enfants$id_rubrique")) .
- (!acces_restreint_rubrique($id_rubrique) ? "" :
- http_img_pack("admin-12.gif", '', " width='12' height='12'", _T('image_administrer_rubrique'))) .
- " <span dir='$lang_dir'><b><a href='" .
- generer_url_ecrire("naviguer","id_rubrique=$id_rubrique") .
- "'>".
- typo($titre) .
- "</a></b></span>" .
- (!$descriptif ? '' : "\n<div class='verdana1'>$descriptif</div>") .
- (($spip_display == 4) ? '' : $les_sous_enfants) .
- "\n<div style='clear:both;'></div>" .
- fin_cadre_sous_rub(true) .
- "</div>";
-
- $res .= ($spip_display != 4)
- ? $les_enfants
- : "\n<li>$les_enfants</li>";
}
changer_typo($spip_lang); # remettre la typo de l'interface pour la suite
@@ -2003,6 +2003,7 @@ function sous_enfant_rub($collection2){
$titre2=$row['titre'];
changer_typo($row['lang']);
+ if (autoriser('voir','rubrique',$id_rubrique2))
$retour.="\n<li><div class='arial11' " .
http_style_background('rubrique-12.gif', "left center no-repeat; padding: 2px; padding-$spip_lang_left: 18px; margin-$spip_lang_left: 3px") . "><a href='" . generer_url_ecrire("naviguer","id_rubrique=$id_rubrique2") . "'><span dir='$lang_dir'>".typo($titre2)."</span></a></div></li>\n";
}
diff --git a/ecrire/inc_version.php b/ecrire/inc_version.php
index a8cb42b195..40f8a70d6b 100644
--- a/ecrire/inc_version.php
+++ b/ecrire/inc_version.php
@@ -346,7 +346,9 @@ if (@is_readable(_DIR_TMP."charger_plugins_options.php")){
spip_log("generation de charger_plugins_options.php impossible; pipeline desactives");
}
-
+// charger systematiquement inc/autoriser dans l'espace restreint
+if (!_DIR_RESTREINT)
+ include_spip('inc/autoriser');
//
// Installer Spip si pas installe... sauf si justement on est en train
//
--
GitLab