Index: modules/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user.module,v retrieving revision 1.418 diff -u -F^f -r1.418 user.module --- modules/user.module 23 Nov 2004 22:20:41 -0000 1.418 +++ modules/user.module 27 Nov 2004 12:47:31 -0000 @@ -395,7 +395,7 @@ function user_fields() { * Implementation of hook_perm(). */ function user_perm() { - return array('administer users'); + return array('administer users', 'access users'); } /** @@ -437,12 +437,15 @@ function user_search($op = 'search', $ke return t('users'); case 'search': $find = array(); - // Replace wildcards with MySQL/PostgreSQL wildcards. - $keys = str_replace('*', '%', $keys); - $result = db_query_range("SELECT * FROM {users} WHERE LOWER(name) LIKE '%%%s%%'", strtolower($keys), 0, 20); - while ($account = db_fetch_object($result)) { - $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + if (user_access('access users')) { + // Replace wildcards with MySQL/PostgreSQL wildcards. + $keys = str_replace('*', '%', $keys); + $result = db_query_range("SELECT * FROM {users} WHERE LOWER(name) LIKE '%%%s%%'", strtolower($keys), 0, 20); + while ($account = db_fetch_object($result)) { + $find[] = array('title' => $account->name, 'link' => url("user/$account->uid/view")); + } } + return $find; } } @@ -644,7 +647,8 @@ function user_menu($may_cache) { $items = array(); - $access = user_access('administer users'); + $admin_access = user_access('administer users'); + $view_access = user_access('access users'); if ($may_cache) { $items[] = array('path' => 'user', 'title' => t('user account'), @@ -659,36 +663,36 @@ function user_menu($may_cache) { 'callback' => 'user_help_page', 'type' => MENU_CALLBACK); $items[] = array('path' => 'admin/user', 'title' => t('users'), - 'callback' => 'user_admin', 'access' => $access); + 'callback' => 'user_admin', 'access' => $admin_access); $items[] = array('path' => 'admin/user/list', 'title' => t('list'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/user/create', 'title' => t('add user'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure', 'title' => t('configure'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/settings', 'title' => t('settings'), 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'admin/user/configure/access', 'title' => t('access rules'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/access/mail', 'title' => t('e-mail rules'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/access/user', 'title' => t('name rules'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/role', 'title' => t('roles'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); $items[] = array('path' => 'admin/user/configure/permission', 'title' => t('permissions'), - 'callback' => 'user_configure', 'access' => $access, + 'callback' => 'user_configure', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); if (module_exist('search')) { $items[] = array('path' => 'admin/user/search', 'title' => t('search'), - 'callback' => 'user_admin', 'access' => $access, + 'callback' => 'user_admin', 'access' => $admin_access, 'type' => MENU_LOCAL_TASK); } @@ -708,11 +712,11 @@ function user_menu($may_cache) { else { if (arg(0) == 'user' && is_numeric(arg(1))) { $items[] = array('path' => 'user/'. arg(1), 'title' => t('user'), - 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => TRUE); + 'type' => MENU_CALLBACK, 'callback' => 'user_page', 'access' => $view_access); $items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'), - 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); + 'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10); $items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'), - 'callback' => 'user_edit', 'access' => $access || $user->uid == arg(1), + 'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1), 'type' => MENU_LOCAL_TASK); if (arg(2) == 'edit') { Index: modules/profile.module =================================================================== RCS file: /cvs/drupal/drupal/modules/profile.module,v retrieving revision 1.82 diff -u -F^f -r1.82 profile.module --- modules/profile.module 21 Nov 2004 08:25:17 -0000 1.82 +++ modules/profile.module 27 Nov 2004 12:48:33 -0000 @@ -33,7 +33,7 @@ function profile_menu($may_cache) { if ($may_cache) { $items[] = array('path' => 'profile', 'title' => t('user list'), 'callback' => 'profile_browse', - 'access' => TRUE, + 'access' => user_access('access users'), 'type' => MENU_SUGGESTED_ITEM); $items[] = array('path' => 'admin/user/configure/profile', 'title' => t('profiles'), 'callback' => 'profile_admin_overview',