As it stands template_preprocess_username() uses only user_access('access user profiles') to determine whether the current user can view a profile. However that also includes their own profile which (at least in D7 where this error also occurs) should always be visible.

There's a simple quick fix which involves just adding a check to see if the current user is the same as the username we want.

global $user;
$variables['profile_access'] = user_access('access user profiles') || $account->id() == $user->id();

The equivalent fix works in D7.



adaddinsane’s picture

new569 bytes

And here's the patch.