There are three possible privacy settings on a field :
- Public - visible to everyone.
- Hidden - visible to you, hidden from everyone else.
- Private - visible to you and your friends.

There are two permissions per field :
- edit privacy options for field field_name
- view private data for field field_name

Without explanation it seems evident that "view private data for field field_name" permission allow the user to see "Private" data and not "Hidden" data.
Making some tests and reading source code we can see that "view private data for field field_name" allow to view "Hidden" and "Private" data as well.

Let's fix it !

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

DuaelFr’s picture

Here is the patch.

It creates a new "view hidden data for field *" permissions for each privaciable field
It also disallow users to see hidden data without this new permission.

This patch allow you to set a role the right to view Private or Hidden data or both.

DuaelFr’s picture

Status: Needs work » Needs review
DuaelFr’s picture

Same patch but with Unix style line ends...

DuaelFr’s picture

There is another patch, improved from the previous one.

It adds three permissions :
- view private data for all fields
- view hidden data for all fields
- edit privacy options for all fields

and uses it where needed.

Enjoy