I have 'View user profiles' permission unchecked for non-authenticated role and for anonymous role. User with non-authenticated role can still see other user profiles.

CommentFileSizeAuthor
#1 lt.menu_access.patch950 byteshunmonk
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

hunmonk’s picture

Status: Active » Needs review
FileSize
950 bytes

please try the attached patch to see if it resolves the issue. be sure to run update.php before testing, as this change involves changing a hook, so we need to make sure the implements cache is cleared.

let me know what happens...

hunmonk’s picture

fyi this bug was introduced because of a change in the workflow from 6.x to 7.x of when hook_init() is called.

anglo’s picture

The patch resolved the issue. User with non-authenticated role and 'View user profiles' permission unchecked can't see other user profiles now.

hunmonk’s picture

Title: 'View user profiles' permission » hook_init too late to remove auth user role
Priority: Normal » Critical
Status: Needs review » Fixed

committed to 7.x-1.x-dev. since this is a critical bug, a new release will follow shortly.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.