Posted by jpd972 on June 10, 2008 at 5:11pm
Jump to:
| Project: | Core searches |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
There should be a new permission 'search users' that should be used instead of 'access user profiles'.
It has to be implemented in usersearch.module:
- if (user_access('access user profiles')) {
+ if (user_access('search users')) {And also in the patch to user.module:
function user_perm() {
- return array('administer access control', 'administer users', 'access user profiles', 'change own username');
+ return array('administer access control', 'administer users', 'access user profiles', 'change own username', 'search users');
Comments
#1
Disagree. If you can search for users it is the same as accessing their profile information.
#2
(reopening)
What about this then?
- if (user_access('access user profiles')) {+ if (user_access('access user profiles') && user_access('search users')) {
The rationale for it is that we want users to be able to access other profiles (comments, buddies etc), but not to search for random users.
#3
Won't you achieve your goal by simply not enabling the usersearch module?
#4
No, because I need it to be enabled for some other roles.