diff --git a/modules/node/node.module b/modules/node/node.module
index 0f8c5f9fd72831ba87b7b44ec6f47962984239be..176804062b49ec6bda658b95550258c9292dcbf6 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -1176,12 +1176,16 @@ function node_perm() {
),
'administer nodes' => array(
'title' => t('Administer nodes'),
- 'description' => t('Manage all website content, and bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
+ 'description' => t('Manage all information associated with site content, such as author, publication date and current revision. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
),
'access content' => array(
'title' => t('Access content'),
'description' => t('View published content.'),
),
+ 'bypass node access' => array(
+ 'title' => t('Bypass node access'),
+ 'description' => t('View, edit and delete all site content. Users with this permission will bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
+ ),
'view revisions' => array(
'title' => t('View revisions'),
'description' => t('View content revisions.'),
@@ -2100,7 +2104,7 @@ function node_access($op, $node, $account = NULL) {
return FALSE;
}
- if (user_access('administer nodes', $account)) {
+ if (user_access('bypass node access', $account)) {
return TRUE;
}
@@ -2157,7 +2161,7 @@ function node_access($op, $node, $account = NULL) {
* An SQL join clause.
*/
function _node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
- if (user_access('administer nodes')) {
+ if (user_access('bypass node access')) {
return '';
}
@@ -2179,7 +2183,7 @@ function _node_access_join_sql($node_alias = 'n', $node_access_alias = 'na') {
* An SQL where clause.
*/
function _node_access_where_sql($op = 'view', $node_access_alias = 'na', $account = NULL) {
- if (user_access('administer nodes')) {
+ if (user_access('bypass node access')) {
return;
}
diff --git a/modules/node/node.test b/modules/node/node.test
index 764f989bf44ca15f411c22c197e43c928d725571..13753ea53c3a37e1ee6d54f2470276e6890180cf 100644
--- a/modules/node/node.test
+++ b/modules/node/node.test
@@ -417,7 +417,7 @@ class PageViewTestCase extends DrupalWebTestCase {
$this->assertResponse(403);
// Create user with permission to edit node.
- $web_user = $this->drupalCreateUser(array('administer nodes'));
+ $web_user = $this->drupalCreateUser(array('bypass node access'));
$this->drupalLogin($web_user);
// Attempt to access edit page.
diff --git a/modules/system/system.install b/modules/system/system.install
index cbdc52ff856a8e019732026baf6867bc687cea9e..3a5904dfd939b6844c379c77b0167263f0013585 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -3047,6 +3047,29 @@ function system_update_7010() {
return $ret;
}
+/**
+ * Split the 'bypass node access' permission from 'administer nodes'.
+ */
+function system_update_7011() {
+ $ret = array();
+ // Get existing roles that can 'administer nodes'.
+ $rids = array();
+ $rids = db_query("SELECT rid FROM {role_permission} WHERE permission = :perm", array(':perm' => 'administer nodes'))->fetchCol();
+ // None found.
+ if (empty($rids)) {
+ return $ret;
+ }
+ $insert = db_insert('role_permission')->fields(array('rid', 'permission'));
+ foreach ($rids as $rid) {
+ $insert->values(array(
+ 'rid' => $rid,
+ 'permission' => 'bypass node access',
+ ));
+ }
+ $insert->execute();
+ return $ret;
+}
+
/**
* @} End of "defgroup updates-6.x-to-7.x"
* The next series of updates should start at 8000.