diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-07-06 17:27:33 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-07-06 17:27:33 +0000 |
| commit | 9d35fe7a7d7c47675485df739f668446d0b8cf4e (patch) | |
| tree | 26369bbcd6aff9560fb2713ddf9782384819f545 /modules/user.module | |
| parent | 0654129e16e8f328e1048049923e7c2f73bf1d3c (diff) | |
| download | brdo-9d35fe7a7d7c47675485df739f668446d0b8cf4e.tar.gz brdo-9d35fe7a7d7c47675485df739f668446d0b8cf4e.tar.bz2 | |
- Patch #4166 by daBrado: don't show the profile fields when the user does
not have the 'access users' permission set.
Diffstat (limited to 'modules/user.module')
| -rw-r--r-- | modules/user.module | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/modules/user.module b/modules/user.module index f6bb5d443..2760f4ded 100644 --- a/modules/user.module +++ b/modules/user.module @@ -366,7 +366,7 @@ function user_fields() { * Implementation of hook_perm(). */ function user_perm() { - return array('administer users', 'access user list'); + return array('administer users', 'access users'); } /** @@ -532,7 +532,7 @@ function user_block($op = 'list', $delta = 0) { $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests->count, '1 guest', '%count guests'))); } - if (user_access('access user list') && $total_users) { + if (user_access('access users') && $total_users) { // Display a list of currently online users. $max_users = variable_get('user_block_max_list_count', 10); @@ -1143,17 +1143,22 @@ function user_view($uid = 0) { } else { if ($account = user_load(array('uid' => $uid, 'status' => 1))) { - // Retrieve and merge all profile fields: - $fields = array(); - foreach (module_list() as $module) { - if ($data = module_invoke($module, 'user', 'view', '', $account)) { - foreach ($data as $category => $content) { - $fields[$category] .= $content; + if (user_access('access users')) { + // Retrieve and merge all profile fields: + $fields = array(); + foreach (module_list() as $module) { + if ($data = module_invoke($module, 'user', 'view', '', $account)) { + foreach ($data as $category => $content) { + $fields[$category] .= $content; + } } } - } - print theme('page', theme('user_profile', $account, $fields), $account->name); + print theme('page', theme('user_profile', $account, $fields), $account->name); + } + else { + drupal_access_denied(); + } } else { drupal_not_found(); |