Mercurial > defr > drupal > core
diff modules/profile/profile.module @ 5:2427550111ae 6.2
Drupal 6.2
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 23 Dec 2008 14:30:08 +0100 |
| parents | c1f4ac30525a |
| children | fff6d4c8c043 |
line wrap: on
line diff
--- a/modules/profile/profile.module Tue Dec 23 14:29:21 2008 +0100 +++ b/modules/profile/profile.module Tue Dec 23 14:30:08 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: profile.module,v 1.236 2008/02/03 19:36:46 goba Exp $ +// $Id: profile.module,v 1.236.2.1 2008/04/09 21:11:49 goba Exp $ /** * @file @@ -95,12 +95,14 @@ 'title' => 'Add field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_form'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); $items['admin/user/profile/autocomplete'] = array( 'title' => 'Profile category autocomplete', 'page callback' => 'profile_admin_settings_autocomplete', + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -108,6 +110,7 @@ 'title' => 'Edit field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_form'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -115,6 +118,7 @@ 'title' => 'Delete field', 'page callback' => 'drupal_get_form', 'page arguments' => array('profile_field_delete'), + 'access arguments' => array('administer users'), 'type' => MENU_CALLBACK, 'file' => 'profile.admin.inc', ); @@ -453,7 +457,7 @@ 'title' => $category->category, 'weight' => 3, 'access callback' => 'profile_category_access', - 'access arguments' => array($category->category) + 'access arguments' => array(1, $category->category) ); } return $data; @@ -462,12 +466,12 @@ /** * Menu item access callback - check if a user has access to a profile category. */ -function profile_category_access($category) { - if (user_access('administer users')) { +function profile_category_access($account, $category) { + if (user_access('administer users') && $account->uid > 0) { return TRUE; } else { - return db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN)); + return user_edit_access($account) && db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN)); } }