From a6212a9d624db1d5e5c541aeea78528bae0f22c1 Mon Sep 17 00:00:00 2001
From: amontero <amontero@166637.no-reply.drupal.org>
Date: Tue, 2 Oct 2012 16:33:39 +0200
Subject: [PATCH] "Administer Users" permission should be separate from "User
 Settings"

---
 .../Drupal/contact/Tests/ContactPersonalTest.php   |    2 +-
 .../Drupal/contact/Tests/ContactSitewideTest.php   |    2 +-
 .../lib/Drupal/user/Tests/UserPermissionsTest.php  |    2 +-
 .../user/lib/Drupal/user/Tests/UserPictureTest.php |    2 +-
 core/modules/user/user.module                      |    6 +++++-
 5 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
index 77b19d0..7a00a2b 100644
--- a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
+++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
@@ -37,7 +37,7 @@ class ContactPersonalTest extends WebTestBase {
     parent::setUp();
 
     // Create an admin user.
-    $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users'));
+    $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users', 'administer user settings'));
 
     // Create some normal users with their contact forms enabled by default.
     config('contact.settings')->set('user_default_enabled', 1)->save();
diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
index d02368b..ca8c9f5 100644
--- a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
+++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
@@ -34,7 +34,7 @@ class ContactSitewideTest extends WebTestBase {
    */
   function testSiteWideContact() {
     // Create and login administrative user.
-    $admin_user = $this->drupalCreateUser(array('access site-wide contact form', 'administer contact forms', 'administer users'));
+    $admin_user = $this->drupalCreateUser(array('access site-wide contact form', 'administer contact forms', 'administer users', 'administer user settings'));
     $this->drupalLogin($admin_user);
 
     $flood_limit = 3;
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
index 43f43e3..e102f88 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
@@ -24,7 +24,7 @@ class UserPermissionsTest extends WebTestBase {
   function setUp() {
     parent::setUp();
 
-    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer users'));
+    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer users', 'administer user settings'));
 
     // Find the new role ID.
     $all_rids = $this->admin_user->roles;
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php
index ddfae72..7f7cc35 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserPictureTest.php
@@ -311,7 +311,7 @@ class UserPictureTest extends WebTestBase {
    * Tests the admin form validates user picture settings.
    */
   function testUserPictureAdminFormValidation() {
-    $this->drupalLogin($this->drupalCreateUser(array('administer users')));
+    $this->drupalLogin($this->drupalCreateUser(array('administer users', 'administer user settings')));
 
     // The default values are valid.
     $this->drupalPost('admin/config/people/accounts', array(), t('Save configuration'));
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index e42002b..d81606e 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -566,6 +566,10 @@ function user_permission() {
       'title' => t('Administer users'),
       'restrict access' => TRUE,
     ),
+    'administer user settings' => array(
+      'title' => t('Administer user settings'),
+      'restrict access' => TRUE,
+    ),
     'access user profiles' => array(
       'title' => t('View user profiles'),
     ),
@@ -1300,7 +1304,7 @@ function user_menu() {
     'description' => 'Configure default behavior of users, including registration requirements, e-mails, fields, and user pictures.',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('user_admin_settings'),
-    'access arguments' => array('administer users'),
+    'access arguments' => array('administer user settings'),
     'file' => 'user.admin.inc',
     'weight' => -10,
   );
-- 
1.7.9.5