diff options
Diffstat (limited to 'modules/user.module')
| -rw-r--r-- | modules/user.module | 79 |
1 files changed, 45 insertions, 34 deletions
diff --git a/modules/user.module b/modules/user.module index 04db17f12..f4c1055ca 100644 --- a/modules/user.module +++ b/modules/user.module @@ -403,7 +403,7 @@ function user_fields() { * Implementation of hook_perm(). */ function user_perm() { - return array('administer users'); + return array('administer users', 'access user profiles'); } /** @@ -424,16 +424,20 @@ function user_file_download($file) { function user_search($op = 'search', $keys = null) { switch ($op) { case 'name': - return t('users'); + if (user_access('access user profiles')) { + return t('users'); + } case 'search': - $find = array(); - // Replace wildcards with MySQL/PostgreSQL wildcards. - $keys = preg_replace('!\*+!', '%', $keys); - $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); - while ($account = db_fetch_object($result)) { - $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + if (user_access('access user profiles')) { + $find = array(); + // Replace wildcards with MySQL/PostgreSQL wildcards. + $keys = preg_replace('!\*+!', '%', $keys); + $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); + while ($account = db_fetch_object($result)) { + $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + } + return $find; } - return $find; } } @@ -525,7 +529,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) { return $block; case 2: - if (user_access('access content')) { + if (user_access('access content') && user_access('access user profiles')) { $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 ORDER BY uid DESC', 0, 5); while ($account = db_fetch_object($result)) { $items[] = format_name($account); @@ -539,7 +543,7 @@ function user_block($op = 'list', $delta = 0, $edit = array()) { return $block; case 3: - if (user_access('access content')) { + if (user_access('access content') && user_access('access user profiles')) { // Count users with activity in the past defined period. $time_period = variable_get('user_block_seconds_online', 2700); @@ -625,11 +629,15 @@ function user_menu($may_cache) { $items = array(); - $access = user_access('administer users'); + $admin_access = user_access('administer users'); + // users should always be allowed to see their own user page + $view_access = (user_access('access user profiles') || ($user->uid == arg(1))); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), 'callback' => 'user_page', 'access' => TRUE, 'type' => MENU_CALLBACK); + + //registration and login pages. $items[] = array('path' => 'user/login', 'title' => t('log in'), 'type' => MENU_DEFAULT_LOCAL_TASK); $items[] = array('path' => 'user/register', 'title' => t('register'), @@ -639,53 +647,53 @@ function user_menu($may_cache) { $items[] = array('path' => 'user/help', 'title' => t('help'), 'callback' => 'user_help_page', 'type' => MENU_CALLBACK); + //admin pages $items[] = array('path' => 'admin/user', 'title' => t('users'), - 'callback' => 'user_admin', 'access' => $access); + 'callback' => 'user_admin', 'access' => $admin_access); $items[] = array('path' => 'admin/user/list', 'title' => t('list'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/user/create', 'title' => t('add user'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure', 'title' => t('configure'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); - $items[] = array('path' => 'admin/access', 'title' => t('access control'), - 'callback' => 'user_admin_perm', 'access' => $access); + 'callback' => 'user_admin_perm', 'access' => $admin_access); $items[] = array('path' => 'admin/access/permissions', 'title' => t('permissions'), - 'callback' => 'user_admin_perm', 'access' => $access, + 'callback' => 'user_admin_perm', 'access' => $admin_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/access/roles', 'title' => t('roles'), - 'callback' => 'user_admin_role', 'access' => $access, + 'callback' => 'user_admin_role', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/roles/edit', 'title' => t('edit role'), - 'callback' => 'user_admin_role', 'access' => $access, + 'callback' => 'user_admin_role', 'access' => $admin_access, 'type' => MENU_CALLBACK); - $items[] = array('path' => 'admin/access/rules', 'title' => t('account rules'), - 'callback' => 'user_admin_access', 'access' => $access, + 'callback' => 'user_admin_access', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK, 'weight' => 10); $items[] = array('path' => 'admin/access/rules/list', 'title' => t('list'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $admin_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/access/rules/add', 'title' => t('add rule'), - 'callback' => 'user_admin_access_add', 'access' => $access, + 'callback' => 'user_admin_access_add', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/rules/check', 'title' => t('check rules'), - 'callback' => 'user_admin_access_check', 'access' => $access, + 'callback' => 'user_admin_access_check', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/access/rules/edit', 'title' => t('edit rule'), - 'callback' => 'user_admin_access_edit', 'access' => $access, + 'callback' => 'user_admin_access_edit', 'access' => $admin_access, 'type' => MENU_CALLBACK); $items[] = array('path' => 'admin/access/rules/delete', 'title' => t('delete rule'), - 'callback' => 'user_admin_access_delete', 'access' => $access, + 'callback' => 'user_admin_access_delete', 'access' => $admin_access, 'type' => MENU_CALLBACK); if (module_exist('search')) { $items[] = array('path' => 'admin/user/search', 'title' => t('search'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); } + //Your personal page if ($user->uid) { $items[] = array('path' => 'user/'. $user->uid, 'title' => t('my account'), 'callback' => 'user_page', 'access' => TRUE, @@ -700,22 +708,25 @@ function user_menu($may_cache) { else { if (arg(0) == 'user' && is_numeric(arg(1))) { $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => TRUE); + 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => $view_access); $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), - 'callback' => 'user_edit', 'access' => $access || $user->uid == arg(1), + 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'user/'. arg(1) .'/delete', 'title' => t('delete'), - 'callback' => 'user_edit', 'access' => $access, + 'callback' => 'user_edit', 'access' => $admin_access, 'type' => MENU_CALLBACK); if (arg(2) == 'edit') { if (($categories = _user_categories()) && (count($categories) > 1)) { foreach ($categories as $key => $category) { - $items[] = array('path' => 'user/'. arg(1) .'/edit/'. $category['name'], 'title' => $category['title'], + $items[] = array( + 'path' => 'user/'. arg(1) .'/edit/'. $category['name'], + 'title' => $category['title'], 'type' => $category['name'] == 'account' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK, - 'weight' => $category['weight']); + 'weight' => $category['weight'], + 'access' => $admin_access); } } } |