diff --git a/privatemsg.module b/privatemsg.module index 2610f62..62000c8 100644 --- a/privatemsg.module +++ b/privatemsg.module @@ -286,7 +286,7 @@ function privatemsg_menu() { 'page callback' => 'privatemsg_list_page', 'page arguments' => array('list', 1), 'file' => 'privatemsg.pages.inc', - 'access callback' => 'privatemsg_user_access', + 'access callback' => 'privatemsg_ownuser_access', 'access arguments' => array('read all private messages'), 'type' => MENU_LOCAL_TASK, ); @@ -349,6 +349,36 @@ function privatemsg_user_access($permission = 'read privatemsg', $account = NULL } /** + * Privatemsg wrapper for user_access and the user/%/messages menu options, + * allow access to the own profile, otherwise calls to privatemsg_user_access + * + * @param $permission + * Permission string, defaults to read privatemsg + * + * @return + * TRUE if user has access, FALSE if not + * + * @ingroup api + */ +function privatemsg_ownuser_access ($permission = NULL, $account = NULL) { + if ( $account === NULL ) { + global $user; + $account = $user; + } + + if (!$account->uid) { // Disallow anonymous access, regardless of permissions + return FALSE ; + } + + else if (arg(0) == 'user' && is_numeric(arg(1)) && $account->uid == arg(1)) + return TRUE ; + + else + return privatemsg_user_access($permission, $account) ; +} + + +/** * Check access to the view messages page. * * Function to restrict the access of the view messages page to just the diff --git a/privatemsg.pages.inc b/privatemsg.pages.inc index 162aba1..abb1c83 100644 --- a/privatemsg.pages.inc +++ b/privatemsg.pages.inc @@ -150,6 +150,11 @@ function privatemsg_list_page($argument = 'list', $uid = NULL) { // Has rights and user_load return an array so user does exist $account = $account_check; } + // redirect to 'messages' if it's the own profile + else if ((int)$uid > 0 && $uid == $user->uid) { + drupal_goto('messages') ; + return ; + } return drupal_get_form('privatemsg_list', $argument, $account); }