#691030 by Berdir | rburgundy: Fixed permission based visibility of user settings.

diff --git a/pm_email_notify/pm_email_notify.module b/pm_email_notify/pm_email_notify.module
index 69b9fab..eaacc25 100644 (file)
--- a/pm_email_notify/pm_email_notify.module
+++ b/pm_email_notify/pm_email_notify.module
@@ -108,10 +108,12 @@ function _pm_email_notify_default_body() {
 }
 
 /**
- * Implement hook_user_form().
+ * Implements hook_form_alter().
  */
-function pm_email_notify_user_form(&$edit, &$account, $category = NULL) {
-  if ($category == 'account') {
+function privatemsg_form_alter(&$form, &$form_state, $form_id) {
+  // We have to use user_acces() because privatemsg_user_access() would
+  // return FALSE when privatemsg is disabled.
+  if (($form_id == 'user_register_form' || $form_id == 'user_profile_form') && $form['#user_category'] == 'account' && privatemsg_user_access('read privatemsg')) {
     $form['enable_pm_mail'] = array(
       '#type' => 'fieldset',
       '#title' => t('Privatemsg e-mail notification'),
@@ -124,7 +126,6 @@ function pm_email_notify_user_form(&$edit, &$account, $category = NULL) {
       '#title' => t('Receive email notification for incoming private messages'),
       '#default_value' => _pm_email_notify_is_enabled($account->uid),
     );
-    return $form;
   }
 }
 
@@ -132,7 +133,7 @@ function pm_email_notify_user_form(&$edit, &$account, $category = NULL) {
  * Implement hook_user_form().
  */
 function pm_email_notify_user_submit(&$edit, &$account, $category = NULL) {
-  if ($category == 'account') {
+  if ($category == 'account' && privatemsg_user_access('read privatemsg')) {
     db_merge('pm_email_notify')
       ->fields(array('email_notify_is_enabled' => $edit['pm_send_notifications']))
       ->key(array('user_id' => $account->uid))

diff --git a/privatemsg.module b/privatemsg.module
index 6134237..296f4f2 100644 (file)
--- a/privatemsg.module
+++ b/privatemsg.module
@@ -939,7 +939,9 @@ function privatemsg_user_cancel($edit, $account, $method) {
  * Implements hook_form_alter().
  */
 function privatemsg_form_alter(&$form, &$form_state, $form_id) {
-  if (($form_id == 'user_register_form' || $form_id == 'user_profile_form') && $form['#user_category'] == 'account') {
+  // We have to use user_acces() because privatemsg_user_access() would
+  // return FALSE when privatemsg is disabled.
+  if (($form_id == 'user_register_form' || $form_id == 'user_profile_form') && $form['#user_category'] == 'account' && user_access('write privatemsg')) {
     $form['privatemsg'] = array(
       '#type' => 'fieldset',
       '#title' => t('Privatemsg settings'),
@@ -961,7 +963,7 @@ function privatemsg_form_alter(&$form, &$form_state, $form_id) {
  * Implements hook_user_insert().
  */
 function privatemsg_user_update(&$edit, $account, $category) {
-  if ($category == 'account' && isset($edit['pm_enable'])) {
+  if ($category == 'account' && isset($edit['pm_enable']) && user_access('write privatemsg')) {
     $current = privatemsg_is_disabled($account);
     $disabled = (!$edit['pm_enable']);
     $edit['pm_enable'] = NULL;