--- user_admin_delegation.module.old	2009-06-29 22:33:06.000000000 +0100
+++ user_admin_delegation.module	2009-11-12 14:10:20.000000000 +0000
@@ -38,8 +38,51 @@ function user_admin_delegation_menu_alte
   $callbacks['user/%user_category/edit']['access arguments'] = array(1);
   $callbacks['user/%user/delete']['access callback'] = 'user_admin_delegation_user_delete_access';
   $callbacks['user/%user/delete']['access arguments'] = array(1);
+  $callbacks['user/%user/roles']['access callback'] = 'user_admin_delegation_role_delegation_access';
 }
 
+
+/**
+ * Altered access rules for Role Delegation
+ */
+function user_admin_delegation_role_delegation_access($account) {
+  // Check if they can use the Edit tab instead - if they can, take them there instead.
+  if (user_admin_delegation_user_edit_access($account)) {
+    if (arg(0) == 'user' && is_numeric(arg(1)) && arg(2) == 'roles') {
+      if ($_REQUEST['destination']) {
+        $destination_query = array('destination' => $_REQUEST['destination']);
+        unset($_REQUEST['destination']);
+      }
+      drupal_goto('user/' . arg(1) . '/edit', $destination_query);
+    }
+    return FALSE;
+  }
+  if (_can_access_roles_tab($account)) {
+    return TRUE;
+  }
+  return FALSE;
+}
+
+
+function _can_access_roles_tab($account) {
+  // Check access to user profile page.
+  if (!user_view_access($account)) {
+    return FALSE;
+  }
+  // Check access to role assignment page.
+  if (user_access('administer permissions')) {
+    return TRUE;
+  }
+  $perms = role_delegation_perm();
+  foreach ($perms as $perm) {
+    if (user_access($perm)) {
+      return TRUE;
+    }
+  }
+  return FALSE;
+}
+
+
 /**
  * Access callback for user edit pages.
  *
@@ -54,9 +97,19 @@ function user_admin_delegation_user_edit
     // Check to see if the user's roles are protecting edits, or the user
     // account itself is protected.
     if (!_user_admin_delegation_can_user_admin_account($user,$account)) {
-      // If so, and we're at /user/X/edit, set a message.
+      // If so, and we're at /user/X/edit, go to roles tab (if allowed), else set a message.
       if (arg(0) == 'user' && is_numeric(arg(1)) && arg(2) == 'edit') {
-        drupal_set_message(t('You are not allowed to edit %user\'s account.', array('%user' => $account->name)), 'error');
+        if (!_can_access_roles_tab($account)) {
+          drupal_set_message(t('You are not allowed to edit %user\'s account.', array('%user' => $account->name)), 'error');
+        }
+        else {
+          drupal_set_message(t('You are not allowed to edit %user\'s account.  However, you may adjust the following role settings.', array('%user' => $account->name)), 'error');
+          if ($_REQUEST['destination']) {
+            $destination_query = array('destination' => $_REQUEST['destination']);
+            unset($_REQUEST['destination']);
+          }
+          drupal_goto('user/' . arg(1) . '/roles', $destination_query);
+        }
       }
       return FALSE;
     }
@@ -103,18 +156,18 @@ function user_admin_delegation_user_dele
  * @param $form The form.
  */
 function user_admin_delegation_form_alter(&$form, &$form_state, $form_id) {
-	if ($form_id == 'user_multiple_delete_confirm'|| $form_id == 'user_admin_account') {
-		$current_validations = isset($form['#validate']) ? $form['#validate'] : NULL;
-        $added_validation = array('user_admin_delegation_mass_delete_validate');
-		// If it's already an array, prepend our custom validation function.
-	  	if (is_array($current_validations)) {
-	    	$form['#validate'] = $added_validation + $current_validations;
-	  	}
-	  	// Otherwise create it from scratch.
-	  	else {
-	    	$form['#validate'] = $added_validation;
-	  	}
-	}
+  if ($form_id == 'user_multiple_delete_confirm'|| $form_id == 'user_admin_account') {
+    $current_validations = isset($form['#validate']) ? $form['#validate'] : NULL;
+    $added_validation = array('user_admin_delegation_mass_delete_validate');
+    // If it's already an array, prepend our custom validation function.
+    if (is_array($current_validations)) {
+      $form['#validate'] = $added_validation + $current_validations;
+    }
+    // Otherwise create it from scratch.
+    else {
+      $form['#validate'] = $added_validation;
+    }
+  }
 }
 
 /**
@@ -122,45 +175,46 @@ function user_admin_delegation_form_alte
  * administration operations.
  */
 function user_admin_delegation_mass_delete_validate($form, &$form_state) {
-
   // Get the checked users, and the operation name.
   $uids = array_filter($form_state['values']['accounts']);
   $operation_rid = explode('-', $form_state['values']['operation']);
   $operation = $operation_rid[0];
 
- 	if (in_array($operation,array('delete','block','unblock'))) {
-		global $user;
-		foreach($uids as $uid) {
-			$account = user_load(array('uid' => $uid));
-		    if (!_user_admin_delegation_can_user_admin_account($user,$account)) {
-		        // Unset the checked user so they will not be processed, and display a warning.
-		    	unset($form_state['values']['accounts'][$uid]);
-		        drupal_set_message(t('You are not allowed to edit %user\'s account. It was removed for the operation.', array('%user' => $account->name)), 'error');
-				unset($uids[$uid]);
-			}
-		}
-		
-	}
-
-  	if (!count($uids)) {
-    	drupal_set_message(t('No users selected.'), 'error');
-    	drupal_goto('admin/user/user');
-  	}
+  if (in_array($operation,array('delete','block','unblock'))) {
+    global $user;
+    foreach($uids as $uid) {
+      $account = user_load(array('uid' => $uid));
+      if (!_user_admin_delegation_can_user_admin_account($user,$account)) {
+        // Unset the checked user so they will not be processed, and display a warning.
+        unset($form_state['values']['accounts'][$uid]);
+        drupal_set_message(t('You are not allowed to edit %user\'s account. It was removed for the operation.', array('%user' => $account->name)), 'error');
+        unset($uids[$uid]);
+      }
+    }
+  }
+
+  if (!count($uids)) {
+    drupal_set_message(t('No users selected.'), 'error');
+    drupal_goto('admin/user/user');
+  }
 }
 
 /**
  * If the account has one role which the user can not assign,
  * then the user can not edit or delete the account
 */
-
 function _user_admin_delegation_can_user_admin_account($user,$account) {
-	$roles = $account->roles;
-	// Remove 'Authenticated user' role. Everyone has it, nobody manages it.
-	unset($roles[DRUPAL_AUTHENTICATED_RID]);
-	foreach ($roles as $role) {
-		if (!user_access(_role_delegation_make_perm($role))) {
-			return FALSE;
-		}
-	}
-	return TRUE;
-}
+  // User can access own account settings as usual, regardless of Role Delegation settings.
+  if ($user->uid == $account->uid) {
+    return TRUE;
+  }
+  $roles = $account->roles;
+  // Remove 'Authenticated user' role. Everyone has it, nobody manages it.
+  unset($roles[DRUPAL_AUTHENTICATED_RID]);
+  foreach ($roles as $role) {
+    if (!user_access('assign all roles') && !user_access(_role_delegation_make_perm($role))) {
+      return FALSE;
+    }
+  }
+  return TRUE;
+}
\ No newline at end of file