? masquerade_blocked_users_1.patch
Index: masquerade.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/masquerade/masquerade.module,v
retrieving revision 1.16.2.49
diff -u -p -r1.16.2.49 masquerade.module
--- masquerade.module	1 Nov 2010 02:09:01 -0000	1.16.2.49
+++ masquerade.module	26 Nov 2010 21:03:49 -0000
@@ -378,13 +378,38 @@ function masquerade_user($op, &$edit, &$
       $old_session_id = session_id();
       break;
 
-    case 'update':
+    case 'after_update':
       if ($category == 'account') {
         $users = drupal_explode_tags($edit['masquerade_users']);
         db_query("DELETE FROM {masquerade_users} WHERE uid_from = %d", $edit_user->uid);
-        foreach ($users as $user) {
-          $u = user_load(array('name' => $user));
-          db_query("INSERT INTO {masquerade_users} VALUES (%d, %d)", $edit_user->uid, $u->uid);
+        if ($edit_user->status == 1) {
+          foreach ($users as $user) {
+            $u = user_load(array('name' => $user));
+            db_query("INSERT INTO {masquerade_users} VALUES (%d, %d)", $edit_user->uid, $u->uid);
+          }
+        }
+        else {
+          // If the user account is blocked it should be removed as an option for masquerading.
+          db_query("DELETE FROM {masquerade_users} WHERE uid_to = %d", $edit_user->uid);
+          $quick_switches = variable_get('masquerade_quick_switches', array());
+          $test_user = variable_get('masquerade_test_user', '');
+          if (in_array($edit_user->uid, $quick_switches)) {
+            $results = db_query('SELECT uid FROM {users} WHERE status=1 AND uid IN (' . db_placeholders($quick_switches, 'int') . ')', $quick_switches);
+            $quick_switches = array();
+            while ($result = db_result($results)) {
+              $quick_switches[] = $result;
+            }
+            variable_set('masquerade_quick_switches', $quick_switches);
+            drupal_set_message(t('%user is blocked and is no longer a valid option for masquerading. This account has been removed from the list of available quick switches in the Masquerade block.', array('%user' => $edit_user-name)));
+            watchdog('masquerade', '%user is blocked and is no longer a valid option for masquerading. This account has been removed from the list of available quick switches in the Masquerade block.', array('%user' => $edit_user->name), WATCHDOG_NOTICE);
+          }
+          // If we just blocked the masquerade test user, we'll need to kill the test user menu item.
+          if (!strcmp($test_user, $edit_user->name)) {
+            variable_set('masquerade_test_user','');
+            menu_rebuild();
+            drupal_set_message(t('%user is blocked and is no longer a valid option for masquerading. The menu link for this account has been removed.', array('%user' => $edit_user->name)));
+            watchdog('masquerade', '%user is blocked and is no longer a valid option for masquerading. The memnu link for this account has been removed.', array('%user' => $edit_user->name), WATCHDOG_NOTICE);
+          }
         }
         $edit['masquerade_users'] = NULL;
       }
@@ -444,7 +469,11 @@ function masquerade_block_1($record) {
     $masquerade_switches = variable_get('masquerade_quick_switches', array());
 
     // Add in user-specific switches.
-    $result = db_query("SELECT uid_to FROM {masquerade_users} WHERE uid_from = %d", $user->uid);
+    $result = db_query("SELECT uid_to FROM {masquerade_users} u 
+      INNER JOIN {users} users
+        ON users.uid = u.uid_to 
+        AND users.status = 1
+      WHERE uid_from = %d", $user->uid);
     while ($uid_to = db_result($result)) {
       $masquerade_switches[] = $uid_to;
     }
@@ -546,7 +575,7 @@ function masquerade_block_1_submit($form
  */
 function masquerade_autocomplete($string) {
   $matches = array();
-  $result = db_query_range("SELECT u.name FROM {users} u WHERE LOWER(u.name) LIKE LOWER('%s%%')", $string, 0, 10);
+  $result = db_query_range("SELECT u.name FROM {users} u WHERE u.status = 1 AND LOWER(u.name) LIKE LOWER('%s%%')", $string, 0, 10);
   while ($user = db_fetch_object($result)) {
     $matches[$user->name] = check_plain($user->name);
   }
@@ -570,7 +599,7 @@ function masquerade_autocomplete_multipl
   $last_string = trim(array_pop($array));
 
   $matches = array();
-  $result = db_query_range("SELECT u.name FROM {users} u WHERE LOWER(u.name) LIKE LOWER('%s%%')", $last_string, 0, 10);
+  $result = db_query_range("SELECT u.name FROM {users} u WHERE u.status = 1 AND LOWER(u.name) LIKE LOWER('%s%%')", $last_string, 0, 10);
 
   $prefix = count($array) ? implode(', ', $array) .', ' : '';
 
@@ -644,6 +673,14 @@ function masquerade_switch_user($uid) {
 
   $new_user = user_load(array('uid' => $uid));
 
+  // Check to see if user is blocked
+  if (!empty($new_user->uid) && empty($new_user->status)) {
+    drupal_set_message(t('You cannot masquerade as %user because this account is blocked.', array('%user' => $new_user->name)), 'error');
+    watchdog('masquerade', 'An attempt to masquerade as %user failed because this account is blocked.', array('%user' => $new_user->name), WATCHDOG_ERROR);
+    return FALSE;
+  }
+  
+
   $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array())));
   $perm = $uid == 1 || array_intersect(array_keys($new_user->roles), $roles) ?
     'masquerade as admin' :