This is a suggested update to the USER.MODULE.
Purpose: to allow drupal site administrators to toggle "ACCESS USERS" in the ADMINISTER -> USERS -> CONFIG -> PERMISSONS page for certain roles and restrict access to the USER LIST & USER PROFILES on a drupal site.
ADJUSTMENT #1: Adding in extra option on permissions page
search for function user_perm() and replace the lines you see in your user.module with this.
function user_perm() {
return array('administer users', 'access users');
}
Adjustment #2: Instructing drupal to check to see if the user has access to view the user list & user profiles before displaying them.
Search for the following string theme_user_function and replace the lines you see in your user.module with this.
function theme_user_profile($account, $fields) {
global $user;
if (user_access('access users')) // check to see if the user has access
{
$output = "<div class=\"profile\">\n";
$output .= theme('user_picture', $account); // if so display the user account details
foreach ($fields as $category => $value) {
$output .= "<h2>$category</h2>$value";
}
$output .= "</div>\n";
}
else
{
// if the user is not logged in display a message
$output = "<div class=\"profile\">\n";
$output .= "Sorry. You must <a href='?q=user/login'>LOGIN</a> to have access to view this
page.";
$output .= "</div>\n";
}
return $output;
}
Hope thats of use to others.
Dublin Drupaller
Comments
Comment #1
(not verified) CreditAttribution: commentedHi,
Cheers for that. This is exactly what I was looking for. I've updated the module with the new code. It prevents full profiles being shown, but if an anonymous user goes to http://site/?q=profile, they still get a list of all users?!?
Have I misunderstood your intention here, as it does mention restricting access to USER LIST?
Comment #2
Dublin Drupaller CreditAttribution: Dublin Drupaller commentedwhich version of drupal are you using?
I'm not sure if this works (the above snippets) with 4.6 or versions later than 4.5.0.
Dub
Comment #3
(not verified) CreditAttribution: commentedHi,
Am using 4.5.1... had another look and noticed that there is another function
I'm supposing that this has something to do with it!
Comment #4
forngren CreditAttribution: forngren commentedAccess to user profile is fixed, access to user list remains.
Comment #5
lilou CreditAttribution: lilou commentedComment #6
lilou CreditAttribution: lilou commentedComment #7
Wolfflow CreditAttribution: Wolfflow commentedsubscribe
Comment #8
mdupontComment #9
jhedstromThere are several contrib modules that allow for this. Anything left to be done here?
Comment #12
dpi@ #9
Don't think so. You can just clone the people view and change the route permission requirements as needed.