限制僅 user.uid = 1 使用者 可讀取/編輯 administrator 權限相關資料, uid = 1 的部分可換成其他user以增強防護措施
人員限制 user.admin.inc
人員限制 user.admin.inc
人員限制 user.modulefunction user_admin_account() { ... $query = db_select('users', 'u'); //158行 $query->condition('u.uid', 0, '<>'); ... } function user_admin_account() { ... $query = db_select('users', 'u'); $query->condition('u.uid', 0, '<>'); //global $user; //print_r($user); if ($GLOBALS['user']->uid != 1) { $query->condition('u.uid', 1, '<>');//不顯示 adminstrator } ... }
角色限制 user.module//新增 function isAdmin() { return ($GLOBALS['user']->uid==1) ? TRUE : FALSE; } function user_view_access($account) { $uid = is_object($account) ? $account->uid : (int) $account; // Never allow access to view the anonymous user account. if ($uid) { // Admins can view all, users can view own profiles at all times. if ($GLOBALS['user']->uid == $uid || user_access('administer users') ) { return TRUE; } elseif (user_access('access user profiles')) { // At this point, load the complete account object. if (!is_object($account)) { $account = user_load($uid); } return (is_object($account) && $account->status); } } return FALSE; } //轉為 function user_view_access($account) { $uid = is_object($account) ? $account->uid : (int) $account; // Never allow access to view the anonymous user account. if ($uid) { // Admins can view all, users can view own profiles at all times. if ($GLOBALS['user']->uid == $uid || (user_access('administer users')and(isAdmin())) ) { return TRUE; } elseif (user_access('access user profiles')and(isAdmin())) { // At this point, load the complete account object. if (!is_object($account)) { $account = user_load($uid); } return (is_object($account) && $account->status); } } return FALSE; } function user_edit_access($account) { return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0; } //轉為 function user_edit_access($account) { return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && (($account->uid <> 1)or(isAdmin())); } function user_cancel_access($account) { return ((($GLOBALS['user']->uid == $account->uid) && user_access('cancel account')) || user_access('administer users')) && $account->uid > 0; } //轉為 function user_cancel_access($account) { return ((($GLOBALS['user']->uid == $account->uid) && user_access('cancel account')) || user_access('administer users')) && (($account->uid <> 1)or(isAdmin())); }
//增加 function function myAdmin(&$query) { //global $user; //print_r($user); if ($GLOBALS['user']->uid != 1) { $query->condition('name', 'administrator', '<>');//$query->condition('rid', 3, '<>'); } } function user_roles($membersonly = FALSE, $permission = NULL) { $query = db_select('role', 'r'); $query->addTag('translatable'); $query->fields('r', array('rid', 'name')); myAdmin($query);//加入 ... } function user_role_load($rid) { return db_select('role', 'r') ->fields('r') ->condition('rid', $rid) ->execute() ->fetchObject(); } //轉成 function user_role_load($rid) { $query = db_select('role', 'r') ->fields('r') ->condition('rid', $rid); myAdmin($query); return $query->execute()->fetchObject(); } function user_role_load_by_name($role_name) { return db_select('role', 'r') ->fields('r') ->condition('name', $role_name) ->execute() ->fetchObject(); } //轉成 function user_role_load_by_name($role_name) { $query = db_select('role', 'r') ->fields('r') ->condition('name', $role_name); myAdmin($query); return $query->execute()->fetchObject(); } function user_role_delete($role) { if (is_int($role)) { $role = user_role_load($role); } else { $role = user_role_load_by_name($role); } db_delete('role') ->condition('rid', $role->rid) ->execute(); db_delete('role_permission') ->condition('rid', $role->rid) ->execute(); // Update the users who have this role set: db_delete('users_roles') ->condition('rid', $role->rid) ->execute(); module_invoke_all('user_role_delete', $role); // Clear the user access cache. drupal_static_reset('user_access'); drupal_static_reset('user_role_permissions'); } //轉成 function user_role_delete($role) { if (is_int($role)) { $role = user_role_load($role); } else { $role = user_role_load_by_name($role); } if ($role <> null) {//新增 db_delete('role') ->condition('rid', $role->rid) ->execute(); db_delete('role_permission') ->condition('rid', $role->rid) ->execute(); // Update the users who have this role set: db_delete('users_roles') ->condition('rid', $role->rid) ->execute(); module_invoke_all('user_role_delete', $role); }//新增 // Clear the user access cache. drupal_static_reset('user_access'); drupal_static_reset('user_role_permissions'); }
日誌篩選功能限制 dblog.admin.inc (34)
if ($GLOBALS['user']->uid==1) $build['dblog_filter_form'] = drupal_get_form('dblog_filter_form');
使用者清單角色篩選限制 user.admin.inc (49)
function user_filter_form() {
if ($GLOBALS['user']->uid!=1) return ""; //加入項目