Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Issue #221434: Users should always be able to access their own edit page introduces the fact that a user always can edit his own account page.
In my use case, this is not the case: some users are automatically logged in based on IP address (via IP login module), and they may not edit any of their settings.
Comment | File | Size | Author |
---|---|---|---|
#17 | userprotect.edit-own-account-1172518-17.patch | 2.34 KB | MegaChriz |
#16 | userprotect-up_edit_own_account-1172518-16.patch | 2.59 KB | progpapa |
#15 | up_edit_own_profile_1172518_5_1.patch | 807 bytes | MorinLuc0 |
#8 | up_edit_own_profile_1172518_8_incl_update.patch | 1.79 KB | johnv |
#5 | up_edit_own_profile_1172518_excl_view.patch | 1.96 KB | johnv |
Comments
Comment #1
hunmonk CreditAttribution: hunmonk commentedi would consider a patch that adds a new 'access own edit page' permission to the module, if it was well implemented. i have no interest in writing this myself.
Comment #2
johnvWow, that's fast. ATM I'm writing that patch. :-)
Comment #3
johnvAttached patch adds 2 new permissions:
- Edit own user profile
- View own user profile - Overrides disabled View user profiles.
I think it will work nicely upon upgrade, since it will not throw a protection by default.
I have one thing remaining: the 'my account' menu item should disappear completely when user has none of the Edit/view user profile permissions. ATM the menu item still exists. Someone knows what's missing?
Comment #4
hunmonk CreditAttribution: hunmonk commentedi will not accept this patch as written. userprotect is focused on editing prevention, throwing in view protections feels more like it solves your issue, and not a module issue... ;)
if you re-roll with only the feature that was originally discussed, then i will reconsider.
Comment #5
johnvI added 'view access' merely to complete the CRUD. Please find a reduced patch attached.
BTW. I've tested other modules (user_readonly, user_settings_access) and they were not able to hide 'my field'. I don't think restricting access to view or edit is that different? All three modules do 'account access'. You should join forces!
But, you're the master of your own scope creep :-)
Comment #6
johnvComment #7
hunmonk CreditAttribution: hunmonk commentedgetting closer. unfortunately, this needs an upgrade path. installing a new permission will make it such that all current roles on the site would not have it, which would create the opposite behavior of what we have now -- not acceptable.
so you'll need to include an update function that loops through all current roles on the site and enables that permission for them, and you'll need to adjust the installation code to enable it as well. the existing install code should give you some good hints on how to handle these.
Comment #8
johnvLike this..
Comment #9
hunmonk CreditAttribution: hunmonk commentednot quite:
Comment #10
johnvI'm sorry, but I leave the patch in this state.
I'm not a full-time programmer, my demand is fulfilled and my time is running out. Perhaps the next person with this feture request can test and complete the patch.
Comment #11
hunmonk CreditAttribution: hunmonk commentedwell, good work thus far, hopefully somebody else will pick up the torch. now you can see why being a volunteer module maintainer can be so demanding!
Comment #12
johnvIndeed. And it's good not doing it yourself - using 4-eyes gives better code.
Comment #13
jlholmes CreditAttribution: jlholmes commentedI believe that I also have the same use case as johnv. I would also like to use IP Login which maps IP numbers onto a user account and allows login to that account from a specified listing of IP numbers. The user account needs to be protected so that users from the IP numbers cannot edit (or even see may be ideal) the user account info. The use case here is giving an entire university community transparent access based upon the IP number, but only allow an administrator access to the account.
johnv, how are you accomplishing what you need? are you using the original patch you provided?
Comment #14
johnv@jlholmes, I do not use this module anymore. Latest version of IP Login now has a dedicated/separate field and permission to edit the field. I also use ABT module, which has permissions tho show the field, too.
Comment #15
MorinLuc0 CreditAttribution: MorinLuc0 commentedHere is an updated version on this patch to work on the latest version of user protect module.
Comment #16
progpapa CreditAttribution: progpapa commentedThanks for the patch, I needed this for a project I'm working on.
I have changed a few lines in the install file + added an extra
user_access
check touserprotect_user_edit_access
.Maybe it's getting even closer now. ;)
Comment #17
MegaChriz CreditAttribution: MegaChriz commentedA re-roll of the patch in #16. Also renamed the permission from "edit own user account" to "edit own account".
Comment #19
MegaChriz CreditAttribution: MegaChriz commentedCommitted #17.