Commit 2fb572d0 authored by Steven Wittens's avatar Steven Wittens

- Rollback

parent 0539f548
......@@ -686,7 +686,8 @@ function user_menu($may_cache) {
$admin_access = user_access('administer users');
$access_access = user_access('administer access control');
$view_access = user_access('access user profiles');
// Users should always be allowed to see their own user page
$view_access = (user_access('access user profiles') || ($user->uid == arg(1)));
if ($may_cache) {
$items[] = array('path' => 'user', 'title' => t('user account'),
......@@ -768,21 +769,15 @@ function user_menu($may_cache) {
}
else {
if (arg(0) == 'user' && is_numeric(arg(1))) {
$account = user_load(array('uid' => arg(1)));
$user_exists = user_load(array('uid' => arg(1), 'status' => 1));
if ($user !== FALSE) {
// Always let a user view their own account
$view_access |= $user->uid == arg(1);
// Only admins can view blocked accounts
$view_access &= $account->status || $admin_access;
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'),
'type' => MENU_CALLBACK, 'callback' => 'user_view',
'callback arguments' => array(arg(1)), 'access' => $view_access);
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'),
'type' => MENU_CALLBACK, 'callback' => 'user_view',
'callback arguments' => array(arg(1)), 'access' => $view_access);
if ($user_exists !== FALSE || $admin_access) {
$items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'),
'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
$items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'),
'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1),
'type' => MENU_LOCAL_TASK);
......@@ -1406,21 +1401,25 @@ function user_edit_submit($form_id, $form_values) {
function user_view($uid = 0) {
global $user;
$account = user_load(array('uid' => $uid));
// Retrieve and merge all profile fields:
$fields = array();
foreach (module_list() as $module) {
if ($data = module_invoke($module, 'user', 'view', '', $account)) {
foreach ($data as $category => $items) {
foreach ($items as $item) {
$item['class'] = "$module-". $item['class'];
$fields[$category][] = $item;
if ($account = user_load(array('uid' => $uid, 'status' => 1))) {
// Retrieve and merge all profile fields:
$fields = array();
foreach (module_list() as $module) {
if ($data = module_invoke($module, 'user', 'view', '', $account)) {
foreach ($data as $category => $items) {
foreach ($items as $item) {
$item['class'] = "$module-". $item['class'];
$fields[$category][] = $item;
}
}
}
}
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
}
else {
drupal_not_found();
}
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
}
/*** Administrative features ***********************************************/
......
......@@ -686,7 +686,8 @@ function user_menu($may_cache) {
$admin_access = user_access('administer users');
$access_access = user_access('administer access control');
$view_access = user_access('access user profiles');
// Users should always be allowed to see their own user page
$view_access = (user_access('access user profiles') || ($user->uid == arg(1)));
if ($may_cache) {
$items[] = array('path' => 'user', 'title' => t('user account'),
......@@ -768,21 +769,15 @@ function user_menu($may_cache) {
}
else {
if (arg(0) == 'user' && is_numeric(arg(1))) {
$account = user_load(array('uid' => arg(1)));
$user_exists = user_load(array('uid' => arg(1), 'status' => 1));
if ($user !== FALSE) {
// Always let a user view their own account
$view_access |= $user->uid == arg(1);
// Only admins can view blocked accounts
$view_access &= $account->status || $admin_access;
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'),
'type' => MENU_CALLBACK, 'callback' => 'user_view',
'callback arguments' => array(arg(1)), 'access' => $view_access);
$items[] = array('path' => 'user/'. arg(1), 'title' => t('user'),
'type' => MENU_CALLBACK, 'callback' => 'user_view',
'callback arguments' => array(arg(1)), 'access' => $view_access);
if ($user_exists !== FALSE || $admin_access) {
$items[] = array('path' => 'user/'. arg(1) .'/view', 'title' => t('view'),
'access' => $view_access, 'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
$items[] = array('path' => 'user/'. arg(1) .'/edit', 'title' => t('edit'),
'callback' => 'user_edit', 'access' => $admin_access || $user->uid == arg(1),
'type' => MENU_LOCAL_TASK);
......@@ -1406,21 +1401,25 @@ function user_edit_submit($form_id, $form_values) {
function user_view($uid = 0) {
global $user;
$account = user_load(array('uid' => $uid));
// Retrieve and merge all profile fields:
$fields = array();
foreach (module_list() as $module) {
if ($data = module_invoke($module, 'user', 'view', '', $account)) {
foreach ($data as $category => $items) {
foreach ($items as $item) {
$item['class'] = "$module-". $item['class'];
$fields[$category][] = $item;
if ($account = user_load(array('uid' => $uid, 'status' => 1))) {
// Retrieve and merge all profile fields:
$fields = array();
foreach (module_list() as $module) {
if ($data = module_invoke($module, 'user', 'view', '', $account)) {
foreach ($data as $category => $items) {
foreach ($items as $item) {
$item['class'] = "$module-". $item['class'];
$fields[$category][] = $item;
}
}
}
}
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
}
else {
drupal_not_found();
}
drupal_set_title($account->name);
return theme('user_profile', $account, $fields);
}
/*** Administrative features ***********************************************/
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment