--- user.module-old	Thu Jul  8 23:43:57 2004
+++ user.module	Thu Jul  8 23:53:42 2004
@@ -366,7 +366,7 @@
  * Implementation of hook_perm().
  */
 function user_perm() {
-  return array('administer users');
+  return array('administer users', 'access users');
 }
 
 /**
@@ -1141,17 +1141,22 @@
   }
   else {
     if ($account = user_load(array('uid' => $uid, 'status' => 1))) {
-      // Retrieve and merge all profile fields:
-      $fields = array();
-      foreach (module_list() as $module) {
-        if ($data = module_invoke($module, 'user', 'view', '', $account)) {
-          foreach ($data as $category => $content) {
-            $fields[$category] .= $content;
+      if (user_access('access users')) {
+        // Retrieve and merge all profile fields:
+        $fields = array();
+        foreach (module_list() as $module) {
+          if ($data = module_invoke($module, 'user', 'view', '', $account)) {
+            foreach ($data as $category => $content) {
+              $fields[$category] .= $content;
+            }
           }
         }
-      }
 
-      print theme('page', theme('user_profile', $account, $fields), $account->name);
+        print theme('page', theme('user_profile', $account, $fields), $account->name);
+      }
+      else {
+        drupal_access_denied();
+      }
     }
     else {
       drupal_not_found();