? masquerade_6-1-4_role_restriction.patch
Index: masquerade.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/masquerade/masquerade.module,v
retrieving revision 1.16.2.39
diff -u -p -r1.16.2.39 masquerade.module
--- masquerade.module	23 Jun 2010 13:33:34 -0000	1.16.2.39
+++ masquerade.module	4 Oct 2010 11:19:23 -0000
@@ -25,7 +25,16 @@ function masquerade_help($path, $arg) {
  * @return array
  */
 function masquerade_perm() {
-  return array('masquerade as user', 'masquerade as admin');
+  //return array('masquerade as user', 'masquerade as admin');
+  //@patch regx mod
+  $perm = array('masquerade as user', 'masquerade as admin');
+  $roles = user_roles();
+  foreach($roles as $rid => $role){
+    if($rid > 2){ // we do not want to allow anonymous, admin or authenticated since that is already covered
+      $perm[] = t('restrict masquerade as users in role "@role"',array('@role' => $role));
+    }
+  }
+  return $perm;
 }
 
 /**
@@ -185,6 +194,18 @@ function masquerade_access($type, $uid =
         }
         $account = user_load(array('uid' => $uid));
         $switch_to_account = db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $account->uid));
+        //@patch regx mod
+        if($switch_to_account == TRUE){
+          // check to make sure this hasn't been restricted
+          foreach($account->roles as $rid => $role){
+            $perm = t('restrict masquerade as users in role "@role"',array('@role' => $role));
+            if(user_access($perm)){
+              $switch_to_account = FALSE;
+              break;
+            }
+          }
+        }
+        //end regx mod
       }
       return empty($_SESSION['masquerading']) && (user_access('masquerade as user') || user_access('masquerade as admin') || $switch_to_account);
       break;