I have a demo site set up on which I am using this module (nice little module by the way). One of the users I have set up an easy login for is a site administrator - I am doing this so our clients can see what they can do as administrators. However, I don't want them to be able to reset their URL. The problem is in this code:

function _easylogin_access_profile($uid){
  global $user;
  if ($uid == 1 || user_is_anonymous() || !user_access('login from url') || ($user->uid != $uid && !user_access('administer users'))){
    return FALSE;
  }
  return TRUE;
}

It appears that anyone with 'administer users' permissions can reset their URL, even if they don't have 'reset own url' permissions. I think these should be separated - as there will be situations, like mine, where we need these permissions to be separated.

Thank you.

Comments

George2’s picture

George2 commented

interesting use case.

anyway, i've jiggled permissions about to allow for this. and will be in dev at utc midnight

George2’s picture

George2 commented
Assigned: Unassigned » George2
Status: Active » Fixed
jaypan’s picture

jaypan
Location Victoria, BC
commented

Thank you sir! I appreciate the quick response and action.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.