Index: profile_permission.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/profile_permission/profile_permission.module,v
retrieving revision 1.4
diff -u -r1.4 profile_permission.module
--- profile_permission.module	9 Feb 2009 18:55:21 -0000	1.4
+++ profile_permission.module	18 Nov 2010 10:33:09 -0000
@@ -45,7 +45,9 @@
 
   if ($form_state['values']['profile_permission']) {
     // Add field to list of fields that have permissions associated with them.
-    $permissions[] = $form_state['values']['name'];
+    if (!in_array($form_state['values']['name'], $permissions)) {
+      $permissions[] = $form_state['values']['name'];
+    }
   }
   else {
     // Remove field form list.
@@ -89,7 +91,7 @@
  */
 function profile_permission_user($op, &$edit, &$account, $category = NULL) {
   if ($op == 'view') {
-     profile_permission_user_view_field($account, $account->content);
+    profile_permission_user_view_field($account, $account->content);
   }
 }
 
@@ -111,13 +113,14 @@
         unset($element[$key]);
       }
     }
-
-    // Search the array recursively for restricted fields.
-    $children = element_children($element[$key]);
-    if ($children) {
-      if (profile_permission_user_view_field($account, $element[$key])) {
-        // No children, remove empty element.
-        unset($element[$key]);
+    elseif (isset($element[$key])) {
+      // Search the array recursively for restricted fields.
+      $children = element_children($element[$key]);
+      if ($children) {
+        if (profile_permission_user_view_field($account, $element[$key])) {
+          // No children, remove empty element.
+          unset($element[$key]);
+        }
       }
     }
   }
@@ -140,11 +143,36 @@
       // Profile category page, go through all fields and check for restrictions.
       $permissions = variable_get('profile_permission_fields', array());
       foreach (element_children($form[$category]) as $key) {
-        // If field is restricted and current user does not have privilege to edit field then remove.
+        // If field is restricted and current user does not have privilege to
+        // edit the field then disable it. Disabling means: set the field to a
+        // 'value' type, make a fake copy of the field with different name and
+        // set as disabled.
         if (in_array($key, $permissions) &&
             !user_access(profile_permission_generate_perm_edit($key)) &&
             ($GLOBALS['user']->uid != $account->uid || !user_access(profile_permission_generate_perm_edit_own($key)))) {
-          unset($form[$category][$key]);
+
+          // Duplicate the field as a fake one to be shown. Being disabled
+          // means that even if user changes it altering the HTTP request, it
+          // will not be saved as the $key_show field does not exist in profile.
+          // This will not break themeing, templates or special formatting of
+          // the form view.
+          $form[$category][$key . '_show'] = $form[$category][$key];
+          $form[$category][$key . '_show']['#disabled'] = TRUE;
+          
+          // Now set the real field to 'value' so it pass Form API submission.
+          // Using 'hidden', the field is still sent back to the browser.
+          $form[$category][$key]['#type'] = 'value';
+          $form[$category][$key]['#value'] = isset($form[$category][$key]['#default_value']) ? $form[$category][$key]['#default_value'] : NULL;
+        }
+
+        // If field is restricted and current user does not have privilege to
+        // view the field then hide the fake 'show' instance of this field.
+        if (in_array($key, $permissions) &&
+            !user_access(profile_permission_generate_perm_view($key)) &&
+            ($GLOBALS['user']->uid != $account->uid || !user_access(profile_permission_generate_perm_view_own($key)))) {
+
+          // Completely remove the fake field.
+          unset($form[$category][$key . '_show']);
         }
       }
       break;
Index: profile_permission.test
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/profile_permission/profile_permission.test,v
retrieving revision 1.3
diff -u -r1.3 profile_permission.test
--- profile_permission.test	20 Jan 2009 05:52:04 -0000	1.3
+++ profile_permission.test	18 Nov 2010 09:47:39 -0000
@@ -11,7 +11,7 @@
   /**
    * Implementation of getInfo().
    */
-  function getInfo() {
+  static function getInfo() {
     return array(
       'name' => t('Profile permission'),
       'description' => t('Test the visibility/editablity of a field based on its role settings.'),

