From 975a400e91e36218c3a5902b5266471b4fd25dd8 Mon Sep 17 00:00:00 2001
From: amontero <amontero@166637.no-reply.drupal.org>
Date: Fri, 11 Jan 2013 14:38:10 +0100
Subject: [PATCH] "Administer Users" permission should be separate from "User
 Settings"

---
 .../Drupal/contact/Tests/ContactPersonalTest.php   |    2 +-
 .../Drupal/contact/Tests/ContactSitewideTest.php   |    2 +-
 .../lib/Drupal/field_ui/Tests/AlterTest.php        |    2 +-
 .../lib/Drupal/field_ui/Tests/FieldUiTestBase.php  |    2 +-
 .../lib/Drupal/user/Plugin/Core/Entity/User.php    |    2 +-
 .../lib/Drupal/user/Tests/UserPermissionsTest.php  |    2 +-
 core/modules/user/user.install                     |   21 ++++++++++++++++++++
 core/modules/user/user.module                      |    8 ++++++--
 8 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
index bb7d7d4..f6ae2c3 100644
--- a/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
+++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactPersonalTest.php
@@ -54,7 +54,7 @@ function setUp() {
     parent::setUp();
 
     // Create an admin user.
-    $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users'));
+    $this->admin_user = $this->drupalCreateUser(array('administer contact forms', 'administer users', 'administer user settings'));
 
     // Create some normal users with their contact forms enabled by default.
     config('contact.settings')->set('user_default_enabled', 1)->save();
diff --git a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
index fd5dd75..e17d7ee 100644
--- a/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
+++ b/core/modules/contact/lib/Drupal/contact/Tests/ContactSitewideTest.php
@@ -34,7 +34,7 @@ public static function getInfo() {
    */
   function testSiteWideContact() {
     // Create and login administrative user.
-    $admin_user = $this->drupalCreateUser(array('access site-wide contact form', 'administer contact forms', 'administer users'));
+    $admin_user = $this->drupalCreateUser(array('access site-wide contact form', 'administer contact forms', 'administer user settings'));
     $this->drupalLogin($admin_user);
 
     $flood_limit = 3;
diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Tests/AlterTest.php b/core/modules/field_ui/lib/Drupal/field_ui/Tests/AlterTest.php
index b410e1b..040536d 100644
--- a/core/modules/field_ui/lib/Drupal/field_ui/Tests/AlterTest.php
+++ b/core/modules/field_ui/lib/Drupal/field_ui/Tests/AlterTest.php
@@ -37,7 +37,7 @@ function setUp() {
     $this->drupalCreateContentType(array('type' => 'article', 'name' => 'Article'));
 
     // Create test user.
-    $admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer users'));
+    $admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer user settings'));
     $this->drupalLogin($admin_user);
   }
 
diff --git a/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php b/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php
index aa923f1..fd7a070 100644
--- a/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php
+++ b/core/modules/field_ui/lib/Drupal/field_ui/Tests/FieldUiTestBase.php
@@ -25,7 +25,7 @@ function setUp() {
     parent::setUp();
 
     // Create test user.
-    $admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer taxonomy', 'administer users', 'bypass node access'));
+    $admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer taxonomy', 'administer users', 'administer user settings', 'bypass node access'));
     $this->drupalLogin($admin_user);
 
     // Create content type, with underscores.
diff --git a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php
index f2312fe..383ea7f 100644
--- a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php
+++ b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php
@@ -38,7 +38,7 @@
  *       "label" = "User",
  *       "admin" = {
  *         "path" = "admin/config/people/accounts",
- *         "access arguments" = {"administer users"}
+ *         "access arguments" = {"administer user settings"}
  *       }
  *     }
  *   },
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
index 2455b10..fb53b1b 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserPermissionsTest.php
@@ -24,7 +24,7 @@ public static function getInfo() {
   function setUp() {
     parent::setUp();
 
-    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer users'));
+    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer modules', 'administer user settings'));
 
     // Find the new role ID.
     $all_rids = $this->admin_user->roles;
diff --git a/core/modules/user/user.install b/core/modules/user/user.install
index 1475cda..374cafd 100644
--- a/core/modules/user/user.install
+++ b/core/modules/user/user.install
@@ -1055,5 +1055,26 @@ function user_update_8016() {
 }
 
 /**
+ * Grant "administer user settings" to roles with "administer users."
+ */
+function user_update_8014() {
+  $rids = array();
+  $rids = db_query("SELECT rid FROM {role_permission} WHERE permission = :perm", array(':perm' => 'administer users'))->fetchCol();
+  // None found.
+  if (empty($rids)) {
+    return;
+  }
+  $insert = db_insert('role_permission')->fields(array('rid', 'permission', 'module'));
+  foreach ($rids as $rid) {
+    $insert->values(array(
+      'rid' => $rid,
+      'permission' => 'administer user settings',
+      'module' => 'user'
+    ));
+  }
+  $insert->execute();
+}
+
+/**
  * @} End of "addtogroup updates-7.x-to-8.x".
  */
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 02f5072..cf293ca 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -504,6 +504,10 @@ function user_permission() {
       'title' => t('Administer users'),
       'restrict access' => TRUE,
     ),
+    'administer user settings' => array(
+      'title' => t('Administer user settings'),
+      'restrict access' => TRUE,
+    ),
     'access user profiles' => array(
       'title' => t('View user profiles'),
     ),
@@ -1017,7 +1021,7 @@ function user_menu() {
    'position' => 'left',
    'weight' => -20,
    'page callback' => 'system_admin_menu_block_page',
-   'access arguments' => array('access administration pages'),
+   'access arguments' => array('administer user settings'),
    'file' => 'system.admin.inc',
    'file path' => drupal_get_path('module', 'system'),
   );
@@ -1026,7 +1030,7 @@ function user_menu() {
     'description' => 'Configure default behavior of users, including registration requirements, e-mails, and fields.',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('user_admin_settings'),
-    'access arguments' => array('administer users'),
+    'access arguments' => array('administer user settings'),
     'file' => 'user.admin.inc',
     'weight' => -10,
   );
-- 
1.7.9.5