diff --git a/userpoints.module b/userpoints.module
index 1a53d88..6aff026 100644
--- a/userpoints.module
+++ b/userpoints.module
@@ -221,7 +221,7 @@ function userpoints_menu() {
'title arguments' => userpoints_translation(),
'page callback' => 'drupal_get_form',
'page arguments' => array('userpoints_list_transactions'),
- 'access callback' => 'userpoints_access_my_points',
+ 'access callback' => 'userpoints_access_transactions',
'file' => 'userpoints.pages.inc',
'type' => MENU_NORMAL_ITEM,
'menu_name' => 'user-menu',
@@ -232,7 +232,7 @@ function userpoints_menu() {
'title arguments' => userpoints_translation(),
'page callback' => 'drupal_get_form',
'page arguments' => array('userpoints_list_transactions', NULL, 1),
- 'access callback' => 'userpoints_access_my_points',
+ 'access callback' => 'userpoints_access_transactions',
'file' => 'userpoints.pages.inc',
'type' => MENU_NORMAL_ITEM,
'menu_name' => 'user-menu',
@@ -243,7 +243,7 @@ function userpoints_menu() {
'title arguments' => userpoints_translation(),
'page callback' => 'drupal_get_form',
'page arguments' => array('userpoints_list_transactions', 1),
- 'access callback' => 'userpoints_access_my_points',
+ 'access callback' => 'userpoints_access_transactions',
'access arguments' => array(1),
'file' => 'userpoints.pages.inc',
'type' => MENU_LOCAL_TASK,
@@ -373,6 +373,22 @@ function userpoints_access_my_points($account = NULL) {
}
/**
+ * Checks if user can access own or other users transactions history
+ *
+ * @return
+ * TRUE if user has permissions to view transactions and view points
+ * in.
+ */
+function userpoints_access_transactions($account = NULL) {
+ global $user;
+
+ if ($account && $user->uid != $account->uid) {
+ return user_access('view userpoints') && user_access('view transactions') && user_is_logged_in();
+ }
+ return (((user_access('view own userpoints') || user_access('view userpoints')) && user_access('view own transactions')) || user_access('view userpoints') && user_access('view transactions'));
+}
+
+/**
* Checks if a user has access to a transaction.
*
* @return
@@ -389,11 +405,19 @@ function userpoints_permission() {
return array(
'view own userpoints' => array(
'title' => t('View own !points', userpoints_translation()),
- 'description' => t('Allows to view own !points, including own !point transactions.', userpoints_translation()),
+ 'description' => t('Allows to view own !points.', userpoints_translation()),
),
'view userpoints' => array(
'title' => t('View all !points', userpoints_translation()),
- 'description' => t('Allows to view the !points of other users, but not the transactions.', userpoints_translation()),
+ 'description' => t('Allows to view the !points of other users.', userpoints_translation()),
+ ),
+ 'view own transactions' => array(
+ 'title' => t('View own transactions'),
+ 'description' => t('Allows to view own transactions. NOTICE: Users with no view own userpoints permission will not be able to view own transactions.', userpoints_translation()),
+ ),
+ 'view transactions' => array(
+ 'title' => t('View all transactions'),
+ 'description' => t('Allows to view the transactions of other users. NOTICE: Users with no view userpoints permission will not be able to view others transactions.', userpoints_translation()),
),
'add userpoints' => array(
'title' => t('Add new !point transactions', userpoints_translation()),
@@ -812,7 +836,7 @@ function userpoints_get_points_list($account = NULL) {
}
$links = array();
- if (userpoints_access_my_points($account)) {
+ if (userpoints_access_transactions($account)) {
$links['userpoints-view'] = array(
'title' => t('View !points transactions', userpoints_translation()),
'href' => $user->uid == $account->uid ? 'myuserpoints' : 'user/' . $account->uid . '/points',