I have 'View user profiles' permission unchecked for non-authenticated role and for anonymous role. User with non-authenticated role can still see other user profiles.

#1 lt.menu_access.patch950 byteshunmonk


hunmonk’s picture

Status:Active» Needs review
950 bytes

please try the attached patch to see if it resolves the issue. be sure to run update.php before testing, as this change involves changing a hook, so we need to make sure the implements cache is cleared.

let me know what happens...

hunmonk’s picture

fyi this bug was introduced because of a change in the workflow from 6.x to 7.x of when hook_init() is called.

anglo’s picture

The patch resolved the issue. User with non-authenticated role and 'View user profiles' permission unchecked can't see other user profiles now.

hunmonk’s picture

Title:'View user profiles' permission» hook_init too late to remove auth user role
Priority:Normal» Critical
Status:Needs review» Fixed

committed to 7.x-1.x-dev. since this is a critical bug, a new release will follow shortly.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.