Submit handler for the permissions form.

File

modules/user/user.module, line 1513

Code

function user_permissions_form_submit($form, $form_submit) {
  global $user;

  // Get all of the perms, so later we can make sure that we aren't trying to save an admin_restricted one (if we are not admin).  
  $perms = invoke_hook("perm");

  $values = $form_submit ["values"];

  // Create our temp table.  We do this so we don't truncate the production table, since if a hacker is trying
  // to circumvent the admin_restricted status of a permission, it would break the system when we fp_goto the front page.
  db_query("CREATE TEMPORARY TABLE `TEMP_role_permissions` LIKE `role_permissions`");


  // We should begin by truncating our permissions table, then re-inserting
  // everything we get from this submission.
  db_query("TRUNCATE TABLE `TEMP_role_permissions` ");

  // Find all the perm checkboxes.  
  foreach ($values as $key => $val) {
    if (strstr($key, "perm_cb_")) {
      if (is_array($val)) {
        $cb = current($val);
      }
      else if (trim($val) != "") {
        $cb = trim($val);
      }

      if (strstr($cb, "___")) {
        $temp = explode("___", $cb);
        $rid = $temp [0];
        $perm = $temp [1];

        // Okay, save this to our table.
        db_query("INSERT INTO TEMP_role_permissions (rid, perm)
                  VALUES (?, ?) ", $rid, $perm);
      }

    }
  }

  // Copy everything from temp table to production table...
  db_query("TRUNCATE role_permissions");
  db_query("INSERT role_permissions SELECT * FROM `TEMP_role_permissions` ");
  db_query("DROP TABLE `TEMP_role_permissions` ");



  fp_add_message(t("Permissions saved successfully."));

}