限制 administrator 的資料讀取

2 篇文章 / 0 new
最新文章
author
限制 administrator 的資料讀取
限制僅 user.uid = 1 使用者 可讀取/編輯 administrator 權限相關資料, uid = 1 的部分可換成其他user以增強防護措施

人員限制 user.admin.inc
function user_admin_account() {
    ...
    $query = db_select('users', 'u'); //158行
    $query->condition('u.uid', 0, '<>');
    ...
}
function user_admin_account() {
    ...
    $query = db_select('users', 'u');
    $query->condition('u.uid', 0, '<>');
    //global $user; //print_r($user);
    if ($GLOBALS['user']->uid != 1) {
        $query->condition('u.uid', 1, '<>');//不顯示 adminstrator
    }
    ...
}
人員限制 user.module
//新增
function isAdmin() {
    return ($GLOBALS['user']->uid==1) ? TRUE : FALSE;
}
function user_view_access($account) {
  $uid = is_object($account) ? $account->uid : (int) $account;
 
  // Never allow access to view the anonymous user account.
  if ($uid) {
    // Admins can view all, users can view own profiles at all times.
    if ($GLOBALS['user']->uid == $uid || user_access('administer users') ) {
      return TRUE;
    }
    elseif (user_access('access user profiles')) {
      // At this point, load the complete account object.
      if (!is_object($account)) {
        $account = user_load($uid);
      }
      return (is_object($account) && $account->status);
    }
  }
  return FALSE;
}
//轉為
function user_view_access($account) {
  $uid = is_object($account) ? $account->uid : (int) $account;
 
  // Never allow access to view the anonymous user account.
  if ($uid) {
    // Admins can view all, users can view own profiles at all times.
    if ($GLOBALS['user']->uid == $uid || (user_access('administer users')and(isAdmin())) ) {
      return TRUE;
    }
    elseif (user_access('access user profiles')and(isAdmin())) {
      // At this point, load the complete account object.
      if (!is_object($account)) {
        $account = user_load($uid);
      }
      return (is_object($account) && $account->status);
    }
  }
  return FALSE;
}
 
function user_edit_access($account) {
  return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0;
}
//轉為
function user_edit_access($account) {
  return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && (($account->uid <> 1)or(isAdmin()));
}
 
function user_cancel_access($account) {
  return ((($GLOBALS['user']->uid == $account->uid) && user_access('cancel account')) || user_access('administer users')) && $account->uid > 0;
}
//轉為
function user_cancel_access($account) {
  return ((($GLOBALS['user']->uid == $account->uid) && user_access('cancel account')) || user_access('administer users')) && (($account->uid <> 1)or(isAdmin()));
}
角色限制 user.module
//增加 function
function myAdmin(&$query) {
    //global $user; //print_r($user);
    if ($GLOBALS['user']->uid != 1) {
        $query->condition('name', 'administrator', '<>');//$query->condition('rid', 3, '<>');
    }
}
 
function user_roles($membersonly = FALSE, $permission = NULL) {
    $query = db_select('role', 'r');
    $query->addTag('translatable');
    $query->fields('r', array('rid', 'name'));
    myAdmin($query);//加入
    ...
}
 
function user_role_load($rid) {
  return db_select('role', 'r')
    ->fields('r')
    ->condition('rid', $rid)
    ->execute()
    ->fetchObject();
}
//轉成
function user_role_load($rid) {
    $query = db_select('role', 'r')
            ->fields('r')
            ->condition('rid', $rid);
    myAdmin($query);
    return $query->execute()->fetchObject();
}
 
function user_role_load_by_name($role_name) {
  return db_select('role', 'r')
    ->fields('r')
    ->condition('name', $role_name)
    ->execute()
    ->fetchObject();
}
//轉成
function user_role_load_by_name($role_name) {
    $query = db_select('role', 'r')
            ->fields('r')
            ->condition('name', $role_name);
    myAdmin($query);
    return $query->execute()->fetchObject();
}
 
function user_role_delete($role) {
  if (is_int($role)) {
    $role = user_role_load($role);
  }
  else {
    $role = user_role_load_by_name($role);
  }
 
  db_delete('role')
    ->condition('rid', $role->rid)
    ->execute();
  db_delete('role_permission')
    ->condition('rid', $role->rid)
    ->execute();
  // Update the users who have this role set:
  db_delete('users_roles')
    ->condition('rid', $role->rid)
    ->execute();
  module_invoke_all('user_role_delete', $role);
 
  // Clear the user access cache.
  drupal_static_reset('user_access');
  drupal_static_reset('user_role_permissions');
}
//轉成
function user_role_delete($role) {
    if (is_int($role)) {
        $role = user_role_load($role);
    } else {
        $role = user_role_load_by_name($role);
    }
    if ($role <> null) {//新增
        db_delete('role')
                ->condition('rid', $role->rid)
                ->execute();
        db_delete('role_permission')
                ->condition('rid', $role->rid)
                ->execute();
        // Update the users who have this role set:
        db_delete('users_roles')
                ->condition('rid', $role->rid)
                ->execute();
        module_invoke_all('user_role_delete', $role);
    }//新增
    // Clear the user access cache.
    drupal_static_reset('user_access');
    drupal_static_reset('user_role_permissions');
}
author
其他限制

日誌篩選功能限制 dblog.admin.inc (34)

if ($GLOBALS['user']->uid==1) $build['dblog_filter_form'] = drupal_get_form('dblog_filter_form');


使用者清單角色篩選限制 user.admin.inc (49)

function user_filter_form() {
  if ($GLOBALS['user']->uid!=1)  return ""; //加入項目

發表回應前,請先登入
Free Web Hosting