It seems that when i output field in node template file like:

$myfield = field_get_items('node', $node, 'field_myfield');
$myfield = $myfield[0]['value'];
print $myfield;

That it overrides field permission settings and outputs field for all users.
Is this by design ?
If so, how i can include field permission check at this level ?

Comments

fossle’s picture

Issue summary: View changes

I am having the same issue. Did you find a solution for this?

mariacha1’s picture

Status: Active » Closed (works as designed)

As mentioned in the first comment here:

https://api.drupal.org/comment/23698#comment-23698

field_get_items() bypasses permissions. If you want to get the access level, you can follow up with a check to field_view_value(). Here's how this would work with, say, the Body field of a node:

$body_field = field_get_items('node', $vars['node'], 'body');
$output = field_view_value('node', $vars['node'], 'body', $body_field[0]);

The value of $output is:

Array
(
    [#markup] => <p>Body field text is what I typed in here</p>
    [#access] => FALSE
)

So you'd want to check the #access of the field before outputting it.