Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.528
diff -u -p -r1.528 system.install
--- modules/system/system.install	30 Nov 2010 01:05:24 -0000	1.528
+++ modules/system/system.install	1 Dec 2010 05:29:59 -0000
@@ -2940,14 +2940,26 @@ function system_update_7066() {
 }
 
 /**
- * Allow all users to view the administration theme.
+ * Grant administrators permission to view the administration theme.
  */
 function system_update_7067() {
-  // Preserve the site's current behavior of automatically allowing all users
-  // to view the administration theme whenever they have access to an
-  // administrative page.
-  user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('view the administration theme'));
-  user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array('view the administration theme'));
+  if (variable_get('admin_theme')) {
+    // Users who have access to administration pages already see the
+    // administration theme in some places, so we want them to continue seeing
+    // it.
+    $admin_roles = user_roles(FALSE, 'access administration pages');
+    foreach (array_keys($admin_roles) as $rid) {
+      _update_7000_user_role_grant_permissions($rid, array('view the administration theme'), 'system');
+    }
+    // The above check is not guaranteed to reach all administrative users of
+    // the site, so display a message also.
+    if (empty($admin_roles)) {
+      drupal_set_message('The new "View the administration theme" permission is required in order to view your site\'s administration theme. You can grant this permission to your site\'s administrators on the <a href="' . url('admin/people/permissions', array('fragment' => 'module-system')) . '">permissions page</a>.');
+    }
+    else {
+      drupal_set_message('The new "View the administration theme" permission is required in order to view your site\'s administration theme. This permission has been automatically granted to the following roles: <em>' . check_plain(implode(', ', $admin_roles)) . '</em>. You can grant this permission to other roles on the <a href="' . url('admin/people/permissions', array('fragment' => 'module-system')) . '">permissions page</a>.');
+    }
+  }
 }
 
 /**