Index: buddylist.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/buddylist/buddylist.module,v retrieving revision 1.90 diff -u -p -r1.90 buddylist.module --- buddylist.module 20 Mar 2007 12:56:30 -0000 1.90 +++ buddylist.module 21 Mar 2007 15:11:11 -0000 @@ -71,7 +71,7 @@ array('@userprofiles' => url('profile'), * Implementation of hook_perm */ function buddylist_perm() { - return array('maintain buddy list', 'view buddy lists'); + return array('maintain buddy list', 'view all buddy lists', 'view buddies\' buddy list'); } /** @@ -128,7 +128,7 @@ function buddylist_menu($may_cache) { ); // 'view only' tabs - $viewAccess = (($id == $user->uid && user_access('maintain buddy list')) || user_access('view buddy lists')); + $viewAccess = buddylist_view_access($id); // If buddylist approval is required, then upon approval, both parties become buddies of each other. // So, in effect, idea 'buddyof' becomes redundant. @@ -507,8 +507,7 @@ function buddylist_user($type, &$edit, & * @param $buddy_of If set to TRUE, a formatted list of users is returned, for whom this user is a buddy. */ function buddylist_get_buddylist($user, $buddy_of = FALSE) { - - if (user_access('view buddy lists') && !$buddy_of) { + if (buddylist_view_access($user->uid) && !$buddy_of) { $i = 0; if ($buddies = buddylist_get_buddies($user->uid)) { foreach(array_keys($buddies) as $buddy) { @@ -522,7 +521,7 @@ function buddylist_get_buddylist($user, return theme('user_list', $listbuddies); } } - else if (user_access('view buddy lists') && !variable_get('buddylist_require_approval', 0)) { + else if (buddylist_view_access($user->uid) && !variable_get('buddylist_require_approval', 0)) { // This portion of code is used to see if this $thisuser is a buddy of others and, if s/he is, returns a list // of people s/he is a buddy of. // Note the distinction between having a buddy and being someone else's buddy (i.e., 'buddyof') @@ -1478,6 +1477,15 @@ function buddylist_deletebuddy($uid) { drupal_goto(); } +function buddylist_view_access($bid) { + global $user; + return ($user->uid == $bid && user_access('maintain buddy list')) || user_access('view all buddy lists') || (user_access('view buddies\' buddy list') && buddylist_is_buddy($user->uid,$bid)); +} + +function buddylist_is_buddy($uid,$bid) { + $isbuddy = db_result(db_query("SELECT * FROM {buddylist} WHERE uid = %d AND buddy = %d",$uid, $bid)); + return $isbuddy; +} /** * Confirm and add a buddy. */