A field which is checked as private is displayed only to the user and to those with administer profiles permission, but users who can edit the data should be able to see it too, since they could see it (inconveniently) by visiting the edit page.

I suggest something like adding:

&& !user_access("edit any {$profile->type} profile")

to the final conditional in profile2_field_access, yielding:

function profile2_field_access($op, $field, $entity_type, $profile = NULL, $account = NULL) {
  if ($entity_type == 'profile2' && $op == 'view' && !empty($field['settings']['profile2_private']) && !user_access('administer profiles', $account)) {
    // For profiles, deny general view access for private fields.
    if (!isset($profile)) {
      return FALSE;
    }
    // Also deny view access, if someone else views a private field.
    $account = isset($account) ? $account : $GLOBALS['user'];
    if ($account->uid != $profile->uid && !user_access("edit any {$profile->type} profile")) {
      return FALSE;
    }
  }
}

If this idea is acceptable, I'm happy to test this out and make a patch to this effect.

ADDENDUM:
The use case is that a profile may contain fields which a) should be shown to everyone, or alternatively b) should be shown only to the user and "moderators" who are not site administrators, and hence do not have administer profiles permission. For example, you might display the name of the user to all authenticated users, but display their membership information only to moderators and the user him/herself.

CommentFileSizeAuthor
#2 1516622.patch1.22 KBkevinquillen
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

kevinquillen’s picture

kevinquillen CreditAttribution: kevinquillen commented

Yes. Very restrictive.

I want the ability for roles with the permission of like 'View private profile fields' / 'Edit private profile fields' to see private fields. I can't give everyone administrator role or administer profiles to see these.

kevinquillen’s picture

kevinquillen CreditAttribution: kevinquillen commented
FileSize
1516622.patch1.22 KB

Here is my first stab at a rough patch, which may help you get to where you are going as well.

A new permission per type has been added for Viewing private profile fields, and accounts for this access.

I tested this with an admin and anon user, and switching the permission on and off seemed to work for fields that were marked private from profile view.

Use case: Profile types for staff with data such as First Name, Last Name, Phone Number, Private Cell Number. The first 2 should be public, the last two should be private, but we want the Staff role to see those private fields for their coworkers.

pwaterz’s picture

pwaterz CreditAttribution: pwaterz commented

Ever thought about using http://drupal.org/project/field_permissions/

kevinquillen’s picture

kevinquillen CreditAttribution: kevinquillen commented

Won't that still not gel with the code contained here? It seems like it will still reject based on profile owner, or not having administer profile access.

kevinquillen’s picture

kevinquillen CreditAttribution: kevinquillen commented
Status: Active » Needs work
anou’s picture

anou
Primary language French
Location Collonges au Mont d'Or
CreditAttribution: anou commented

Hello,
I used patch from #2 and it didn't work has I desired.
I must say that the description for private fields says :

If checked, the content of this field is only shown to the profile owner and administrators.

I must insist on

to the profile owner

and unfortunately my user with role lambda and the following rights:

  1. edit own PROFILE-NAME profile
  2. view own PROFILE-NAME profile
  3. view any PROFILE-NAME profile private field (the new one from patch)

has the possibility to edit/save modification on his profile but not the right to see it displayed (via views for example).
To be precise, my user should see his date of birth (private field) when displayed in a block on the front side. But finally he can't.

The only solution I found for the moment, is to give to my user the administer profiles right.

But I think I shouldn't had to do this, because if, I can edit my profile field (even private ones), I should have no problem seeing it ;-) no ?

David

kevinquillen’s picture

kevinquillen CreditAttribution: kevinquillen commented

Not sure- I know with that patch, anyone who is administrator can see the fields. However, anyone with lesser roles and 'can see X profile field' still works in my case, when that box isn't checked (make field public).

The reason its not totally hidden to just the profile owner is because admin/user 1 should be able to access any of this data. The only case I can think of where a profile field is too sensitive is credit card or social security number type of data, and that should not be used at all like that.

I believe I made this patch in mind with profiles that had first name, last name, phone number, etc style contact fields, and profile owners could choose which fields should be visible to other users (instead of the entire profile).

I did not use this patch with Views though, only profile2 View Modes. Maybe there was something I did not see.

Edit: its entirely possible a lesser role has another permission that is opening these fields to them, and I am not seeing a possible bug. I will try this on a clean install.

kevinquillen’s picture

kevinquillen CreditAttribution: kevinquillen commented
Issue summary: View changes

Added use case