--- user_admin_delegation.module	2009-06-29 22:33:06.000000000 +0100
+++ user_admin_delegation.module.MQ	2009-08-29 12:55:34.000000000 +0100
@@ -38,8 +38,51 @@ function user_admin_delegation_menu_alte
   $callbacks['user/%user_category/edit']['access arguments'] = array(1);
   $callbacks['user/%user/delete']['access callback'] = 'user_admin_delegation_user_delete_access';
   $callbacks['user/%user/delete']['access arguments'] = array(1);
+  $callbacks['user/%user/roles']['access callback'] = 'user_admin_delegation_role_delegation_access';
 }
 
+
+/**
+ * Altered access rules for Role Delegation
+ */
+function user_admin_delegation_role_delegation_access($account) {
+  // Check if they can use the Edit tab instead - if they can, take them there instead.
+  if (user_admin_delegation_user_edit_access($account)) {
+    if (arg(0) == 'user' && is_numeric(arg(1)) && arg(2) == 'roles') {
+      if ($_REQUEST['destination']) {
+        $destination_query = array('destination' => $_REQUEST['destination']);
+        unset($_REQUEST['destination']);
+      }
+      drupal_goto('user/' . arg(1) . '/edit', $destination_query);
+    }
+    return FALSE;
+  }
+  if (_can_access_roles_tab($account)) {
+    return TRUE;
+  }
+  return FALSE;
+}
+
+
+function _can_access_roles_tab($account) {
+  // Check access to user profile page.
+  if (!user_view_access($account)) {
+    return FALSE;
+  }
+  // Check access to role assignment page.
+  if (user_access('administer permissions')) {
+    return TRUE;
+  }
+  $perms = role_delegation_perm();
+  foreach ($perms as $perm) {
+    if (user_access($perm)) {
+      return TRUE;
+    }
+  }
+  return FALSE;
+}
+
+
 /**
  * Access callback for user edit pages.
  *
@@ -54,9 +97,19 @@ function user_admin_delegation_user_edit
     // Check to see if the user's roles are protecting edits, or the user
     // account itself is protected.
     if (!_user_admin_delegation_can_user_admin_account($user,$account)) {
-      // If so, and we're at /user/X/edit, set a message.
+      // If so, and we're at /user/X/edit, go to roles tab (if allowed), else set a message.
       if (arg(0) == 'user' && is_numeric(arg(1)) && arg(2) == 'edit') {
-        drupal_set_message(t('You are not allowed to edit %user\'s account.', array('%user' => $account->name)), 'error');
+        if (!_can_access_roles_tab($account)) {
+          drupal_set_message(t('You are not allowed to edit %user\'s account.', array('%user' => $account->name)), 'error');
+        }
+        else {
+          drupal_set_message(t('You are not allowed to edit %user\'s account.  However, you may adjust the following role settings.', array('%user' => $account->name)), 'error');
+          if ($_REQUEST['destination']) {
+            $destination_query = array('destination' => $_REQUEST['destination']);
+            unset($_REQUEST['destination']);
+          }
+          drupal_goto('user/' . arg(1) . '/roles', $destination_query);
+        }
       }
       return FALSE;
     }
@@ -154,6 +207,10 @@ function user_admin_delegation_mass_dele
 */
 
 function _user_admin_delegation_can_user_admin_account($user,$account) {
+        // User can access own account settings as usual, regardless of Role Delegation settings.
+        if ($user->uid == $account->uid) {
+          return TRUE;
+        }
 	$roles = $account->roles;
 	// Remove 'Authenticated user' role. Everyone has it, nobody manages it.
 	unset($roles[DRUPAL_AUTHENTICATED_RID]);
