From bf0c4948dfbc094df811eddf5fbe79c8737c8a90 Mon Sep 17 00:00:00 2001
From: Bart Van Der Meerssche <bart.vandermeerssche@flukso.net>
Date: Wed, 18 Nov 2009 19:21:50 +0000
Subject: [PATCH] web: account privacy tab should only be visible to its user

---
 web/drupal/modules/logger/logger.module | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/web/drupal/modules/logger/logger.module b/web/drupal/modules/logger/logger.module
index e92af2d..c8cd5c4 100644
--- a/web/drupal/modules/logger/logger.module
+++ b/web/drupal/modules/logger/logger.module
@@ -159,7 +159,8 @@ function logger_menu() {
   $items['user/%user_uid_optional/privacy'] = array(
     'title'               => 'Privacy',
     'page callback'       => '_logger_privacy',
-    'access arguments'    => array('logger'),
+    'access callback'     => '_logger_privacy_access',
+    'access arguments'    => array('logger', 1),
     'type'                => MENU_LOCAL_TASK,
   );
 
@@ -615,6 +616,19 @@ function _logger_privacy_form_submit($form, &$form_state) {
   $form_state['redirect'] = 'logger';
 }
 
+/**
+ * Access callback ensuring the user profile tabs are visible only to their
+ * owner.
+ *
+ * @param $permission
+ *   Required permission to view the item.
+ * @param $account
+ *   A user object.
+ */
+function _logger_privacy_access($permission, $account) {
+  return ($account->uid == $GLOBALS['user']->uid && user_access($permission));
+}
+
 /**
  * Define the administration settings form for the logger module
  */