Index: acidfree.module
===================================================================
--- acidfree.module	(revision 426)
+++ acidfree.module	(working copy)
@@ -423,7 +423,8 @@
                         'weight' => -4);
             }
         }
-        if (variable_get('acidfree_per_user_albums', false) && $user->uid > 0) {
+        if (variable_get('acidfree_per_user_albums', false)
+                && user_access('get a per-user album') && $user->uid > 0) {
             $items[] = array('path' => 'user/acidfree', 'title' => t('My Acidfree Albums'),
                     'access' => user_access('create acidfree albums'),
                     'callback' => 'acidfree_page',
@@ -707,6 +708,7 @@
     $perms[] = 'edit own acidfree elements';
     $perms[] = 'acidfree mass import';
     $perms[] = 'can upload to any album';
+    $perms[] = 'get a per-user album';
     return $perms;
 }
 
@@ -1023,7 +1025,7 @@
     $argv = func_get_args();
     $path = _acidfree_get_path(true);
     drupal_add_js(drupal_get_path('module', 'acidfree').'/acidfree.js');
-    if ($path == 'user/acidfree' &&
+    if ($path == 'user/acidfree' && user_access('get a per-user album') &&
             variable_get('acidfree_per_user_albums', 0)) {
         $node = acidfree_get_root();
         if (!$node)
@@ -1117,7 +1119,8 @@
         trace();
         exit(1);
     }
-    if ($uid != -1 && variable_get('acidfree_per_user_albums', 0)) {
+    if ($uid != -1 && variable_get('acidfree_per_user_albums', 0)
+            && user_access('get a per-user album')) {
         global $user;
         if (!$user->acidfree_album) {
             $tid = _acidfree_create_root(t('!username\'s Acidfree album', array('!username' => $user->name)), $user->uid);
@@ -1449,7 +1452,8 @@
     if (!isset($selected)) {
         $root = acidfree_get_vocab_id();
         global $user;
-        $uid = variable_get('acidfree_per_user_albums', 0) ? $user->uid : -1;
+        $uid = (variable_get('acidfree_per_user_albums', 0)
+            && user_access('get a per-user album')) ? $user->uid : -1;
         $selected = acidfree_get_root($uid);
     }
     // FIXME: do we do the exclusions here or in form_alter?
@@ -2045,7 +2049,8 @@
  * Implementation of hook_user
  */
 function acidfree_user($op, &$edit, &$account, $category = NULL) {
-    if ($op == 'view' && variable_get('acidfree_per_user_albums', 0)) {
+    if ($op == 'view' && variable_get('acidfree_per_user_albums', 0)
+            && user_access('get a per-user album', $account)) {
         $album = acidfree_get_root($account->uid);
         if (!$node)
             return null;
