That was a mouthful of a title :)

Due to the way views works, any user who has subusers permissions can see another users subusers by visiting the view path user/%/subuser replacing % with a uid.

I think it can be fixed using hook_views_plugins and views_plugin_access or hook_module_implements_alter on menu_alter???

Comments

hanskuiters’s picture

hanskuiters commented

I applied this code to create an extra filter in the subuser view. It'll do the trick.

  /* Filter criterion: User: Current */
  $handler->display->display_options['filters']['uid_current']['id'] = 'uid_current';
  $handler->display->display_options['filters']['uid_current']['table'] = 'users';
  $handler->display->display_options['filters']['uid_current']['field'] = 'uid_current';
  $handler->display->display_options['filters']['uid_current']['relationship'] = 'relation_subuser_user';
  $handler->display->display_options['filters']['uid_current']['value'] = '1';
lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented
Issue summary: View changes
Status: Active » Closed (fixed)

This have been already fixed for alpha3 with more advanced user permission handling.