Index: masquerade.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/masquerade/masquerade.module,v
retrieving revision 1.16.2.30
diff -u -r1.16.2.30 masquerade.module
--- masquerade.module	30 Oct 2009 23:07:58 -0000	1.16.2.30
+++ masquerade.module	23 Feb 2010 16:02:18 -0000
@@ -583,36 +585,27 @@
     return drupal_goto(referer_uri());
   }
 
-  $new_user = user_load(array('uid' => $uid));
-
-  $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array())));
-  $perm = $uid == 1 || array_intersect(array_keys($new_user->roles), $roles) ?
-    'masquerade as admin' :
-    'masquerade as user';
+  if (masquerade_check_user($uid)) {
+    $new_user = user_load(array('uid' => $uid));
 
-  // check to see if we need admin permission
-  if (!user_access($perm) && !$_SESSION['masquerading'] && !db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $new_user->uid))) {
-    return drupal_access_denied();
-  }
+    if (variable_get('site_offline', 0) && !user_access('administer site configuration', $new_user)) {
+      drupal_set_message(t('This user is not allowed to access the site while the site is in off-line mode. Please <a href="@site-maintenance">set the site status</a> to "online" to switch to this user.', array('@site-maintenance' => url('admin/settings/site-maintenance'))), 'error');
+      return drupal_access_denied();
+    }
 
-  if ($user->uid == $uid || isset($user->masquerading)) {
-    return drupal_access_denied();
+    db_query("INSERT INTO {masquerade} (uid_from, uid_as, sid) VALUES (%d, %d, '%s')",
+    $user->uid, $new_user->uid, session_id());
+    // switch user
+
+    watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $new_user->name ? $new_user->name : variable_get('anonymous', 'Anonymous')), WATCHDOG_INFO);
+    drupal_set_message(t('You are now masquerading as %masq_as.', array('%masq_as' => $new_user->name ? $new_user->name : variable_get('anonymous', 'Anonymous'))));
+    $user->masquerading = $new_user->uid;
+    $user = $new_user;
+    drupal_goto(referer_uri());
   }
-
-  if (variable_get('site_offline', 0) && !user_access('administer site configuration', $new_user)) {
-    drupal_set_message(t('This user is not allowed to access the site while the site is in off-line mode. Please <a href="@site-maintenance">set the site status</a> to "online" to switch to this user.', array('@site-maintenance' => url('admin/settings/site-maintenance'))), 'error');
+  else {
     return drupal_access_denied();
   }
-
-  db_query("INSERT INTO {masquerade} (uid_from, uid_as, sid) VALUES (%d, %d, '%s')",
-  $user->uid, $new_user->uid, session_id());
-  // switch user
-
-  watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $new_user->name ? $new_user->name : variable_get('anonymous', 'Anonymous')), WATCHDOG_INFO);
-  drupal_set_message(t('You are now masquerading as %masq_as.', array('%masq_as' => $new_user->name ? $new_user->name : variable_get('anonymous', 'Anonymous'))));
-  $user->masquerading = $new_user->uid;
-  $user = $new_user;
-  drupal_goto(referer_uri());
 }
 
 /**
@@ -632,3 +625,50 @@
   drupal_set_message(t('You are no longer masquerading as %masq_as and are now logged in as %user.', array('%user' => $user->name, '%masq_as' => $oldname)));
   drupal_goto(referer_uri());
 }
+
+/**
+ * Helper function that checks if user has the right permissions to become
+ * the selected user.
+ */
+function masquerade_check_user($uid) {
+  global $user;
+
+  // noone has permission to masquerade as a non-existent user.
+  if (!is_numeric($uid)) {
+    return FALSE;
+  }
+
+  //Implement masquerade_increase_user_access
+  $tmp = module_invoke_all('masquerade_increase_user_access', $uid);
+  foreach($tmp as $temp => $allowed) {
+    if ($allowed)
+      return TRUE;
+  }
+
+  $new_user = user_load(array('uid' => $uid));
+
+  $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array())));
+  $perm = $uid == 1 || array_intersect(array_keys($new_user->roles), $roles) ?
+    'masquerade as admin' :
+    'masquerade as user';
+
+  // check to see if we need admin permission
+  if (!user_access($perm) && !$_SESSION['masquerading'] && !db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $new_user->uid))) {
+    return FALSE;
+  }
+
+  // masquerading as yourself or recursivly is prohibitted.
+  if ($user->uid == $uid || isset($user->masquerading)) {
+    return FALSE;
+  }
+
+
+  //Implement masquerade_limit_user_access
+  $tmp = module_invoke_all('masquerade_limit_user_access', $uid);
+  foreach($tmp as $temp => $allowed) {
+    if (!$allowed)
+      return FALSE;
+  }
+
+  return TRUE;
+}