In v1.7, an authenticated user cannot access his/her own contact information directly(*) (example.com/redhen/contact/%) unless the "Access Redhen Contacts" permission is checked. Once that permission is checked, the user can directly access their own information - as well as every other users', which is not acceptable for this client.
(*) - "directly" via the given url, as opposed to "indirectly" via the user's "My Account" page.
I had a couple of older test installations of Redhen set up (both v1.6) so I did the following:
1 - ensured an authenticated user could directly access their account info in the v1.6 installs
2 - made sure all permissions matched between all 3 installs
3 - disabled all modules except "redhen", "redhen_fields" & "redhen_contact" in all 3 installs
I then upgraded one of the v1.6 installs to v1.7 - now users cannot directly access their contact info in that install as well.
My use case requires that users be able to manually connect to either a pre-existing organization (or create one then connect to it). The only way I can see for this to be possible is via the redhen/contact/% page. If there is an alternative way for a user to make their own connection then the above-described issue should be priority "normal". If there isn't, then I'd definitely consider it to be "major", as it will be blocking a rather key bit of functionality for my client.
If you need more info, let me know what and I'll be happy to provide it.
Thanks!
Comments
Comment #1
dang42 CreditAttribution: dang42 commentedComment #2
tauno CreditAttribution: tauno commentedWe have a system of affiliation roles/permissions rolling out soon that might impact this. On hold until then it can be tested with those permission changes.
Comment #3
BabaYaga64 CreditAttribution: BabaYaga64 at ThinkShout, Drupal Association commentedPatches from issue https://www.drupal.org/node/2532574 fix this issue. Authenticated users can now see and edit their own contact information, if you grant them the "Access own contact" permission. They also cannot access other contacts.
Comment #4
levelos CreditAttribution: levelos at ThinkShout commented