diff options
| -rw-r--r-- | modules/user.module | 45 | ||||
| -rw-r--r-- | modules/user/user.module | 45 |
2 files changed, 44 insertions, 46 deletions
diff --git a/modules/user.module b/modules/user.module index 2bdfc4312..859c6aa9c 100644 --- a/modules/user.module +++ b/modules/user.module @@ -686,7 +686,8 @@ function user_menu($may_cache) { $admin_access = user_access('administer users'); $access_access = user_access('administer access control'); - $view_access = user_access('access user profiles'); + // Users should always be allowed to see their own user page + $view_access = (user_access('access user profiles') || ($user->uid == arg(1))); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), @@ -768,21 +769,15 @@ function user_menu($may_cache) { } else { if (arg(0) == 'user' && is_numeric(arg(1))) { - $account = user_load(array('uid' => arg(1))); + $user_exists = user_load(array('uid' => arg(1), 'status' => 1)); - if ($user !== FALSE) { - // Always let a user view their own account - $view_access |= $user->uid == arg(1); - // Only admins can view blocked accounts - $view_access &= $account->status || $admin_access; - - $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_view', - 'callback arguments' => array(arg(1)), 'access' => $view_access); + $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), + 'type' => MENU_CALLBACK, 'callback' => 'user_view', + 'callback arguments' => array(arg(1)), 'access' => $view_access); + if ($user_exists !== FALSE || $admin_access) { $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); - $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); @@ -1406,21 +1401,25 @@ function user_edit_submit($form_id, $form_values) { function user_view($uid = 0) { global $user; - $account = user_load(array('uid' => $uid)); - // Retrieve and merge all profile fields: - $fields = array(); - foreach (module_list() as $module) { - if ($data = module_invoke($module, 'user', 'view', '', $account)) { - foreach ($data as $category => $items) { - foreach ($items as $item) { - $item['class'] = "$module-". $item['class']; - $fields[$category][] = $item; + if ($account = user_load(array('uid' => $uid, 'status' => 1))) { + // Retrieve and merge all profile fields: + $fields = array(); + foreach (module_list() as $module) { + if ($data = module_invoke($module, 'user', 'view', '', $account)) { + foreach ($data as $category => $items) { + foreach ($items as $item) { + $item['class'] = "$module-". $item['class']; + $fields[$category][] = $item; + } } } } + drupal_set_title($account->name); + return theme('user_profile', $account, $fields); + } + else { + drupal_not_found(); } - drupal_set_title($account->name); - return theme('user_profile', $account, $fields); } /*** Administrative features ***********************************************/ diff --git a/modules/user/user.module b/modules/user/user.module index 2bdfc4312..859c6aa9c 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -686,7 +686,8 @@ function user_menu($may_cache) { $admin_access = user_access('administer users'); $access_access = user_access('administer access control'); - $view_access = user_access('access user profiles'); + // Users should always be allowed to see their own user page + $view_access = (user_access('access user profiles') || ($user->uid == arg(1))); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), @@ -768,21 +769,15 @@ function user_menu($may_cache) { } else { if (arg(0) == 'user' && is_numeric(arg(1))) { - $account = user_load(array('uid' => arg(1))); + $user_exists = user_load(array('uid' => arg(1), 'status' => 1)); - if ($user !== FALSE) { - // Always let a user view their own account - $view_access |= $user->uid == arg(1); - // Only admins can view blocked accounts - $view_access &= $account->status || $admin_access; - - $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_view', - 'callback arguments' => array(arg(1)), 'access' => $view_access); + $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), + 'type' => MENU_CALLBACK, 'callback' => 'user_view', + 'callback arguments' => array(arg(1)), 'access' => $view_access); + if ($user_exists !== FALSE || $admin_access) { $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); - $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); @@ -1406,21 +1401,25 @@ function user_edit_submit($form_id, $form_values) { function user_view($uid = 0) { global $user; - $account = user_load(array('uid' => $uid)); - // Retrieve and merge all profile fields: - $fields = array(); - foreach (module_list() as $module) { - if ($data = module_invoke($module, 'user', 'view', '', $account)) { - foreach ($data as $category => $items) { - foreach ($items as $item) { - $item['class'] = "$module-". $item['class']; - $fields[$category][] = $item; + if ($account = user_load(array('uid' => $uid, 'status' => 1))) { + // Retrieve and merge all profile fields: + $fields = array(); + foreach (module_list() as $module) { + if ($data = module_invoke($module, 'user', 'view', '', $account)) { + foreach ($data as $category => $items) { + foreach ($items as $item) { + $item['class'] = "$module-". $item['class']; + $fields[$category][] = $item; + } } } } + drupal_set_title($account->name); + return theme('user_profile', $account, $fields); + } + else { + drupal_not_found(); } - drupal_set_title($account->name); - return theme('user_profile', $account, $fields); } /*** Administrative features ***********************************************/ |