Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Not sure if this is a bug or a documentation issue, but when an anonymous user makes a submission and marks certain fields as private, I was expecting that they would only be visible to roles with the granted permission only. But they are also available to the user who made the submission. Because this is the Anonymous user, the fields are shown to everybody. Therefore they are not private.
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | privacy-n592194.patch | 873 bytes | damienmckenna |
Comments
Comment #1
enjoy777 commentedhi
I am not sure why anonymous user can mark some fields as private?
If he is anonymous in my opinion he shouldn't have option to do this. This option should be available to registered users. I think it is not a bug only good working of this module if anonymous can mark some field as privacy and everyone can be anonymous so everyone can see it. It is logical approach.
Comment #2
kwinters commented"Anonymous" in many cases is the same as "user unknown" -- the node may have been created by a script, etc. This is a fairly common situation and it's easy to do on accident.
However, anon is rarely given access to edit nodes, even ones "created by" them. So, they won't have access to the info through the edit node form.
I think it would be better to let no one see the private info on the node view, regardless of whether or not they are the author. If you don't want to do that, it would still be a good idea to put a warning on the edit form when the uid is zero, since most of the time that will be an accident and people won't have any idea what's going on.
Comment #3
kwinters commentedAdding a condition on there && $user->uid > 0 would be the simplest change.
Comment #4
damienmckennaHere's a patch that adds the additional check, e.g.: