From e460ed826b66832e79f130c83005910a2dce61f1 Mon Sep 17 00:00:00 2001
From: amontero <amontero@166637.no-reply.drupal.org>
Date: Thu, 12 Jul 2012 01:04:27 +0200
Subject: [PATCH] Issue #366950: "Administer Users" permission should be
 separate from "User Settings"

---
 .../contact/lib/Drupal/contact/Tests/ContactPersonalTest.php        | 2 +-
 .../contact/lib/Drupal/contact/Tests/ContactSitewideTest.php        | 2 +-
 core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php     | 2 +-
 core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php         | 2 +-
 core/modules/user/user.module                                       | 6 +++++-
 5 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
index 0d5ff96..d769a67 100644
--- a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
+++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
@@ -29,7 +29,7 @@ class ContactPersonalTest extends WebTestBase {
     parent::setUp('contact');
 
     // Create an admin user.
-    $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users'));
+    $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users', 'administer user settings'));
 
     // Create some normal users with their contact forms enabled by default.
     variable_set('contact_default_status', TRUE);
diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
index 6136133..ad35329 100644
--- a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
+++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
@@ -30,7 +30,7 @@ class ContactSitewideTest extends WebTestBase {
    */
   function testSiteWideContact() {
     // Create and login administrative user.
-    $admin_user = $this->drupalCreateUser(array('access site-wide contact form', 'administer contact forms', 'administer users'));
+    $admin_user = $this->drupalCreateUser(array('access site-wide contact form', 'administer contact forms', 'administer user settings'));
     $this->drupalLogin($admin_user);
 
     $flood_limit = 3;
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
index 58fdf6b..713110b 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
@@ -24,7 +24,7 @@ class UserPermissionsTest extends WebTestBase {
   function setUp() {
     parent::setUp();
 
-    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer users'));
+    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer users', 'administer user settings'));
 
     // Find the new role ID.
     $all_rids = $this->admin_user->roles;
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php
index e57cc42..ddbd27c 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php
@@ -302,7 +302,7 @@ class UserPictureTest extends WebTestBase {
    * Tests the admin form validates user picture settings.
    */
   function testUserPictureAdminFormValidation() {
-    $this->drupalLogin($this->drupalCreateUser(array('administer users')));
+    $this->drupalLogin($this->drupalCreateUser(array('administer users', 'administer user settings')));
 
     // The default values are valid.
     $this->drupalPost('admin/config/people/accounts', array(), t('Save configuration'));
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 2250110..f5aed94 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -570,6 +570,10 @@ function user_permission() {
       'title' => t('Administer users'),
       'restrict access' => TRUE,
     ),
+    'administer user settings' => array(
+      'title' => t('Administer user settings'),
+      'restrict access' => TRUE,
+    ),
     'access user profiles' => array(
       'title' => t('View user profiles'),
     ),
@@ -1605,7 +1609,7 @@ function user_menu() {
     'description' => 'Configure default behavior of users, including registration requirements, e-mails, fields, and user pictures.',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('user_admin_settings'),
-    'access arguments' => array('administer users'),
+    'access arguments' => array('administer user settings'),
     'file' => 'user.admin.inc',
     'weight' => -10,
   );
-- 
1.7.11.1