web: account privacy tab should only be visible to its user

2009-11-18 19:21:50 +00:00 · 2009-11-18 19:21:50 +00:00 · bf0c4948df
parent e0081db879
commit bf0c4948df
1 changed files with 15 additions and 1 deletions
--- a/web/drupal/modules/logger/logger.module
+++ b/web/drupal/modules/logger/logger.module
@ -159,7 +159,8 @@ function logger_menu() {
  $items['user/%user_uid_optional/privacy'] = array(
    'title'               => 'Privacy',
    'page callback'       => '_logger_privacy',
-    'access arguments'    => array('logger'),
+    'access callback'     => '_logger_privacy_access',
+    'access arguments'    => array('logger', 1),
    'type'                => MENU_LOCAL_TASK,
  );

@ -615,6 +616,19 @@ function _logger_privacy_form_submit($form, &$form_state) {
  $form_state['redirect'] = 'logger';
 }

+/**
+ * Access callback ensuring the user profile tabs are visible only to their
+ * owner.
+ *
+ * @param $permission
+ *   Required permission to view the item.
+ * @param $account
+ *   A user object.
+ */
+function _logger_privacy_access($permission, $account) {
+  return ($account->uid == $GLOBALS['user']->uid && user_access($permission));
+}
+
 /**
 * Define the administration settings form for the logger module
 */