Use of arg(1) inside a hook_init() can cause things to not work as expected with other contributed modules. A better method of doing the access checking is in the attached patch, and uses hook_menu_alter(), which is also a performance improvement, as the checks are no longer made on every page request, only on the pages where the checks are needed.

administerusersbyrole-menu-alter.patch2.08 KBcdale


Thanks for the handy patch. Note to anyone using it, it does away with the easy, simple drupal_set_message "access denied" messages and kicks the user back a little lower down with a direct drupal "Access Denied" status instead. Couple this patch with a little documentation on where to go from here, and I think you've got a RBTC.

Also this is necessary to do this access check on menu links.
and to allow people who do not have "administer users" to create users.