From 9d35fe7a7d7c47675485df739f668446d0b8cf4e Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Tue, 6 Jul 2004 17:27:33 +0000
Subject: - Patch #4166 by daBrado: don't show the profile fields when the user
 does   not have the 'access users' permission set.

---
 modules/user.module | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

(limited to 'modules/user.module')

diff --git a/modules/user.module b/modules/user.module
index f6bb5d443..2760f4ded 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -366,7 +366,7 @@ function user_fields() {
  * Implementation of hook_perm().
  */
 function user_perm() {
-  return array('administer users', 'access user list');
+  return array('administer users', 'access users');
 }
 
 /**
@@ -532,7 +532,7 @@ function user_block($op = 'list', $delta = 0) {
             $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($total_users, '1 user', '%count users'), '%visitors' => format_plural($guests->count, '1 guest', '%count guests')));
           }
 
-          if (user_access('access user list') && $total_users) {
+          if (user_access('access users') && $total_users) {
 
             // Display a list of currently online users.
             $max_users = variable_get('user_block_max_list_count', 10);
@@ -1143,17 +1143,22 @@ function user_view($uid = 0) {
   }
   else {
     if ($account = user_load(array('uid' => $uid, 'status' => 1))) {
-      // Retrieve and merge all profile fields:
-      $fields = array();
-      foreach (module_list() as $module) {
-        if ($data = module_invoke($module, 'user', 'view', '', $account)) {
-          foreach ($data as $category => $content) {
-            $fields[$category] .= $content;
+      if (user_access('access users')) {
+        // Retrieve and merge all profile fields:
+        $fields = array();
+        foreach (module_list() as $module) {
+          if ($data = module_invoke($module, 'user', 'view', '', $account)) {
+            foreach ($data as $category => $content) {
+              $fields[$category] .= $content;
+            }
           }
         }
-      }
 
-      print theme('page', theme('user_profile', $account, $fields), $account->name);
+        print theme('page', theme('user_profile', $account, $fields), $account->name);
+      }
+      else {
+        drupal_access_denied();
+      }
     }
     else {
       drupal_not_found();
-- 
cgit v1.2.3