Index: signup.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/signup/signup.module,v
retrieving revision 1.205.2.13
diff -u -p -r1.205.2.13 signup.module
--- signup.module	24 Jan 2009 08:52:45 -0000	1.205.2.13
+++ signup.module	24 Jan 2009 23:29:19 -0000
@@ -319,10 +319,11 @@ function signup_menu() {
     'file path' => $path,
   );
 
-  $items['signup/cancel/%/%'] = array(
+  $items['signup/cancel/%signup_menu/%'] = array(
     'description' => 'View all signup-enabled posts, and open or close signups on them.',
     'type' => MENU_CALLBACK,
-    'access arguments' => array('cancel own signups'),
+    'access callback' => '_signup_menu_signup_access',
+    'access arguments' => array(2, 'cancel'),
     'page callback' => 'signup_cancel_signup_page',
     'page arguments' => array(2, 3),
     'file' => 'signup_cancel.inc',
@@ -332,8 +333,8 @@ function signup_menu() {
     'title' => 'Edit signup',
     'page callback' => 'signup_edit_page',
     'page arguments' => array(2),
-    'access callback' => '_signup_edit_menu_access',
-    'access arguments' => array(2),
+    'access callback' => '_signup_menu_signup_access',
+    'access arguments' => array(2, 'edit'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'signup_edit_form.inc',
     'file path' => $path,
@@ -517,13 +518,30 @@ function signup_menu_load($sid) {
   return $signup;
 }
 
-function _signup_edit_menu_access($signup) {
+/**
+ * Determine menu access callback for a specific signup.
+ *
+ * @param $signup
+ *   The fully-loaded signup object that would be affected.
+ * @param $op
+ *   The operation the menu item would perform. Can be 'edit' or 'cancel'.
+ *
+ * @return
+ *   TRUE if the operation should be permitted, otherwise FALSE.
+ */
+function _signup_menu_signup_access($signup, $op) {
   global $user;
-  if (user_access('edit own signups') && !empty($user->uid) && ($user->uid == $signup->uid)) {
+  $node = node_load($signup->nid);
+  // Ensure the user still has access to view the node they signed up for.
+  if (!node_access('view', $node)) {
+    return FALSE;
+  }
+  // See if the user is allowed to perform the operation on their own signup.
+  $permission = "$op own signups";
+  if (user_access($permission) && ($user->uid == $signup->uid)) {
     return TRUE;
   }
   // Check admin powers for this signup.
-  $node = node_load($signup->nid);
   if (_signup_menu_access($node, 'admin')) {
     return TRUE;
   }
cvs diff: Diffing includes
Index: includes/signup_cancel.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/signup/includes/signup_cancel.inc,v
retrieving revision 1.1.2.3
diff -u -p -r1.1.2.3 signup_cancel.inc
--- includes/signup_cancel.inc	24 Jan 2009 02:15:08 -0000	1.1.2.3
+++ includes/signup_cancel.inc	24 Jan 2009 23:29:19 -0000
@@ -7,9 +7,9 @@
  * Code for the page to cancel a signup from a secure link.
  */
 
-function signup_cancel_signup_page($sid, $token) {
-  if (signup_valid_token($token, $sid, 'cancel')) {
-    return drupal_get_form('signup_cancel_link_confirm_form', $sid);
+function signup_cancel_signup_page($signup, $token) {
+  if (signup_valid_token($token, $signup->sid, 'cancel')) {
+    return drupal_get_form('signup_cancel_link_confirm_form', $signup->sid);
   }
   drupal_set_message(t('Invalid link to cancel a signup.'), 'error');
   drupal_goto();
cvs diff: Diffing views
cvs diff: Diffing views/handlers
Index: views/handlers/signup_handler_field_signup_edit_link.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/signup/views/handlers/signup_handler_field_signup_edit_link.inc,v
retrieving revision 1.1
diff -u -p -r1.1 signup_handler_field_signup_edit_link.inc
--- views/handlers/signup_handler_field_signup_edit_link.inc	22 Jan 2009 18:59:29 -0000	1.1
+++ views/handlers/signup_handler_field_signup_edit_link.inc	24 Jan 2009 23:29:20 -0000
@@ -19,7 +19,7 @@ class signup_handler_field_signup_edit_l
     $signup->sid = $values->{$this->aliases['sid']};
     $signup->nid = $values->{$this->aliases['nid']};
     $signup->uid = $values->{$this->aliases['uid']};
-    if (!_signup_edit_menu_access($signup)) {
+    if (!_signup_menu_signup_access($signup, 'edit')) {
       return;
     }
 
cvs diff: Diffing views/plugins