Install

Works with Drupal: 7.x

Using Composer to manage Drupal site dependencies

Downloads

Download userprotect-7.x-1.1.tar.gztar.gz 26.11 KB
MD5: 42a1794c3be61bbf4c1d6cb4afcadc02
SHA-1: 9ada416c1dc4dc5cb0b4c838131f6b25000b6d3b
SHA-256: b094b88ace9bfce896ee49cef463906af7c27e1eaa6bd6abcc1499bbe33e1afb
Download userprotect-7.x-1.1.zipzip 33.59 KB
MD5: 45b8f9dc189e7fa7d897e12e76662982
SHA-1: 15596e6981f5078c0d5e0c3a4062328eab2ea823
SHA-256: 3f71ae58d06e98b7d1db236422e7df9f7752e1f9260fa3359eaa4f3756728ff0

Release notes

This release contains three important changes:

  1. Views Bulk Operations protection
    An important bug was fixed when you use this module in combination with Views Bulk Operations. Previously, user operations provided by VBO were not protected by this module.
    Note: the 6.x-1.x version does not have this fix yet, see #1635520: Protection doesn't work with Views Bulk Operations.
  2. "edit own account" permission
    A permission "edit own account" was added. Now users without this permission are not able to edit their own account (only user/*/edit is protected: they may still be able to edit other pages linked to their account). When you run database updates, every role will get this permission.
    See #1172518: Users should NOT always be able to access their own edit page.
  3. "Administrator bypass defaults" settings changed
    The default settings for "Administrator bypass defaults" are changed. This means now protection works directly out of the box upon installing the module. Previously, you had the change the bypass defaults in order for the protections to have effect, which was a major UX issue. This change has no effect for existing installs that had changed the bypass defaults setting.
    See #1356452: Change the default settings of 'Administrator bypass defaults'.

Database updates (update.php)

The database updates (update 7001) will grant every role the permission "edit own account". This permission is new in this release, see #1172518: Users should NOT always be able to access their own edit page.

Changes since 7.x-1.0

New features

  • Issue #1172518 by johnv, MorinLuc0, progpapa, MegaChriz: added "edit own account" permission.

Bug fixes

  • by hunmonk: fix bad link to user permission page in help instructions.
  • Issue #1321982 by amontero, hunmonk: form code for admin bypass doesn't support zero users.
  • Issue #1324290 by karschsp: Fixed missing apostrophe in hook_help().
  • Issue #1411738 by h3rj4n: fixed undefined offset in userprotect_get_user_protection().
  • Issue #1635520 by MegaChriz: fixed protection does not work with Views Bulk Operations.
  • Issue #1508752 by scotthorn: Fixed Removal of authenticated user RID causes AJAX errors when removing file attachments.

Other changes

  • by MegaChriz: fixed most code style issues.
  • by MegaChriz: backported some of the tests from the 8.x-1.x branch.
  • Issue #1356452 by MegaChriz: changed the default settings of 'Administrator bypass defaults'.
  • by MegaChriz: divided help text page into smaller translatable chunks.
Created by: MegaChriz
Created on: 16 Aug 2014 at 07:23 UTC
Last updated: 22 Aug 2015 at 06:38 UTC
Git tag 7.x-1.1
Bug fixes
New features

Other releases