diff U3 userprotect.install userprotect.install
--- userprotect.install	Sat Jul 26 07:55:00 2008
+++ userprotect.install	Sat Oct 10 13:58:55 2009
@@ -17,9 +17,9 @@
   }
   if (empty($failed)) {
     // Default settings
-    $q1 = db_query("INSERT INTO {userprotect} VALUES (0, 0, 0, 0, 0, 0, 1, 1, 'user')");
-    $q2 = db_query("INSERT INTO {userprotect} VALUES (1, 0, 0, 0, 0, 0, 1, 1, 'user')");
-    $q3 = db_query("INSERT INTO {userprotect} VALUES (1, 1, 1, 1, 1, 1, 1, 1, 'admin')");
+    $q1 = db_query("INSERT INTO {userprotect} VALUES (0, 0, 0, 0, 0, 0, 1, 1, 0, 'user')");
+    $q2 = db_query("INSERT INTO {userprotect} VALUES (1, 0, 0, 0, 0, 0, 1, 1, 0, 'user')");
+    $q3 = db_query("INSERT INTO {userprotect} VALUES (1, 1, 1, 1, 1, 1, 1, 1, 0, 'admin')");
     $q4 = db_result(db_query('SELECT perm FROM {permission} WHERE rid = %d', DRUPAL_AUTHENTICATED_RID));
     $q5 = db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $q4 .', change own e-mail, change own password', DRUPAL_AUTHENTICATED_RID);
     if ($q1 && $q2 && $q3 && $q4 && $q5) {
@@ -87,6 +87,13 @@
         'description' => t("Deletion protection."),
       ),
       'up_edit' => array(
+        'type' => 'int',
+        'size' => 'small',
+        'not null' => TRUE,
+        'default' => 0,
+        'description' => t("All edits protection."),
+      ),
+      'up_self' => array(
         'type' => 'int',
         'size' => 'small',
         'not null' => TRUE,
diff U3 userprotect.module userprotect.module
--- userprotect.module	Sun Apr 06 20:49:30 2008
+++ userprotect.module	Sat Oct 10 14:15:59 2009
@@ -45,6 +45,7 @@
   <li>roles</li>
   <li>deletion</li>
   <li>all edits (any accessed via user/X/edit)</li>
+  <li>override permissions (even if permissions for this user\'s role(s) permit changing of password or eMail, force these settings to override it)</li>
 </ul>
 
 <p>When a protection is enabled for a specified user (or the protection is
@@ -199,13 +200,16 @@
         if ($account->mail) {
           $form['account']['mail']['#disabled'] = TRUE;
           $form['account']['mail']['#value'] = $account->mail;
+          $form['account']['mail']['#description'] = t( '<strong>The e-mail address for this account cannot be changed.</strong> All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.' );
           $protected['up_mail'] = TRUE;
         }
       }
       // Password is an exception, as it needs no value, Just unset it, as
       // there's no need to display two empty boxes that are disabled.
       if (isset($form['account']['pass']) && !userprotect_check_bypass('up_pass') && userprotect_get_user_protection($account, 'up_pass')) {
-        unset($form['account']['pass']);
+        $form['account']['pass']['#type'] = 'item';
+        $form['account']['pass']['#title'] = t( 'Password' );
+        $form['account']['pass']['#description'] = t( '<strong>The password for this account cannot be changed.</strong>  See the system administrator if you believe this is incorrect.' );
         $protected['up_pass'] = TRUE;
       }
       if (isset($form['account']['status']) && !userprotect_check_bypass('up_status') && userprotect_get_user_protection($account, 'up_status')) {
@@ -910,6 +914,7 @@
     'up_roles' => 0,
     'up_delete' => 1,
     'up_edit' => 0,
+    'up_self' => 0,
   );
 }
 
@@ -942,6 +947,7 @@
     'up_roles' => t('roles'),
     'up_delete' => t('deletion'),
     'up_edit' => t('all account edits'),
+    'up_self' => t('override permissions'),
   );
 }
 
@@ -1082,11 +1088,21 @@
   $uid = $account->uid;
   $roles = $account->roles;
 
+  // If this user hasn't been added to the result array yet, then pull their information.
+  if (!isset($protections[$uid])) {
+    $result = db_query("SELECT * FROM {userprotect} WHERE uid = %d AND up_type = 'user'", $uid);
+    if ($user_array = db_fetch_array($result)) {
+      $protections[$uid] = $user_array;
+    }
+  }
+  
+  $permissionsOverridden = ( isset($protections[$uid]['up_self']) ? $protections[$uid]['up_self'] : FALSE ) ;
+
   // Users editing their own accounts have the permissions for e-mail
   // and password determined by the role-based setting in the userprotect
   // section at admin/user/access. This is done for consistency with the
   // way core handles the self-editing of usernames.
-  if ($uid == $user->uid && in_array($protection, array('up_name', 'up_mail', 'up_pass', 'up_edit'))) {
+  if (!$permissionsOverridden && $uid == $user->uid && in_array($protection, array('up_name', 'up_mail', 'up_pass', 'up_edit'))) {
     switch ($protection) {
       case 'up_name':
         return !user_access('change own username');
@@ -1097,14 +1113,6 @@
       // Always let user access their own edit page.
       case 'up_edit':
         return FALSE;
-    }
-  }
-
-  // If this user hasn't been added to the result array yet, then pull their information.
-  if (!isset($protections[$uid])) {
-    $result = db_query("SELECT * FROM {userprotect} WHERE uid = %d AND up_type = 'user'", $uid);
-    if ($user_array = db_fetch_array($result)) {
-      $protections[$uid] = $user_array;
     }
   }