Index: profile.module =================================================================== RCS file: /cvs/drupal/drupal/modules/profile.module,v retrieving revision 1.78 diff -u -r1.78 profile.module --- profile.module 19 Sep 2004 13:33:08 -0000 1.78 +++ profile.module 22 Sep 2004 15:49:30 -0000 @@ -29,11 +29,11 @@ function profile_menu($may_cache) { global $user; $items = array(); - + if ($may_cache) { $items[] = array('path' => 'profile', 'title' => t('user list'), 'callback' => 'profile_browse', - 'access' => TRUE, + 'access' => user_access('access users'), 'type' => MENU_SUGGESTED_ITEM); $items[] = array('path' => 'admin/user/configure/profile', 'title' => t('profiles'), 'callback' => 'profile_admin_overview', Index: user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user.module,v retrieving revision 1.396 diff -u -r1.396 user.module --- user.module 19 Sep 2004 13:43:29 -0000 1.396 +++ user.module 22 Sep 2004 15:49:34 -0000 @@ -355,7 +355,7 @@ * Implementation of hook_perm(). */ function user_perm() { - return array('administer users'); + return array('administer users', 'access users'); } /** @@ -392,16 +392,18 @@ * Implementation of hook_search(). */ function user_search($keys) { - $find = array(); - - // Replace wildcards with MySQL/PostgreSQL wildcards. - $keys = str_replace('*', '%', $keys); - - $result = db_query_range("SELECT * FROM {users} WHERE LOWER(name) LIKE '%%%s%%'", strtolower($keys), 0, 20); - while ($account = db_fetch_object($result)) { - $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view"), 'user' => $account->name); + if (user_access('access users')) { + $find = array(); + + // Replace wildcards with MySQL/PostgreSQL wildcards. + $keys = str_replace('*', '%', $keys); + + $result = db_query_range("SELECT * FROM {users} WHERE LOWER(name) LIKE '%%%s%%'", strtolower($keys), 0, 20); + while ($account = db_fetch_object($result)) { + $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view"), 'user' => $account->name); + } + return array(t('Matching users'), $find); } - return array(t('Matching users'), $find); } /** @@ -590,7 +592,8 @@ $items = array(); - $access = user_access('administer users'); + $admin_access = user_access('administer users'); + $view_access = user_access('access users'); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), @@ -603,36 +606,36 @@ 'callback' => 'user_page', 'access' => $user->uid == 0, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user', 'title' => t('users'), - 'callback' => 'user_admin', 'access' => $access); + 'callback' => 'user_admin', 'access' => $admin_access); $items[] = array('path' => 'admin/user/list', 'title' => t('list'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/user/create', 'title' => t('add'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure', 'title' => t('configure'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/settings', 'title' => t('settings'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/user/configure/access', 'title' => t('access rules'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/access/mail', 'title' => t('e-mail rules'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/access/user', 'title' => t('name rules'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/role', 'title' => t('roles'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/permission', 'title' => t('permissions'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); if (module_exist('search')) { $items[] = array('path' => 'admin/user/search', 'title' => t('search'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); } @@ -652,11 +655,11 @@ else { if (arg(0) == 'user' && is_numeric(arg(1))) { $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => TRUE); + 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => $view_access); $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), - 'callback' => 'user_edit', 'access' => $access || $user->uid == arg(1), + 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); if (arg(2) == 'edit') { @@ -1172,7 +1175,7 @@ print theme('page', user_login($edit)); } } - else { + elseif (user_access('access users')) { print user_view(arg(1)); } } @@ -1544,7 +1547,7 @@ switch ($op) { case 'search': - $output = search_type('user', url('admin/user/search'), $_POST['keys']); + user_access('access users') ? $output = search_type('user', url('admin/user/search'), $_POST['keys']) : $output = NULL; break; case t('Create account'): case 'create':