Use of arg(1) inside a hook_init() can cause things to not work as expected with other contributed modules. A better method of doing the access checking is in the attached patch, and uses hook_menu_alter(), which is also a performance improvement, as the checks are no longer made on every page request, only on the pages where the checks are needed.

administerusersbyrole-menu-alter.patch2.08 KBcdale
Members fund testing for the Drupal project. Drupal Association Learn more


texas-bronius’s picture

Thanks for the handy patch. Note to anyone using it, it does away with the easy, simple drupal_set_message "access denied" messages and kicks the user back a little lower down with a direct drupal "Access Denied" status instead. Couple this patch with a little documentation on where to go from here, and I think you've got a RBTC.

donquixote’s picture

Also this is necessary to do this access check on menu links.
and to allow people who do not have "administer users" to create users.

bkosborne’s picture


AdamPS’s picture

Issue summary: View changes
Status: Needs review » Closed (fixed)

D6 version is no longer supported. V7 dev now does as you suggest.