As it stands template_preprocess_username() uses only user_access('access user profiles') to determine whether the current user can view a profile. However that also includes their own profile which (at least in D7 where this error also occurs) should always be visible.

There's a simple quick fix which involves just adding a check to see if the current user is the same as the username we want.

global $user;
$variables['profile_access'] = user_access('access user profiles') || $account->id() == $user->id();

The equivalent fix works in D7.

CommentFileSizeAuthor
#1 2106589-preprocess-username-own-profile.patch569 bytesadaddinsane
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

adaddinsane’s picture

adaddinsane
him/he/his
CreditAttribution: adaddinsane commented
FileSize
2106589-preprocess-username-own-profile.patch569 bytes

And here's the patch.

Version: 8.0.x-dev » 8.1.x-dev

Drupal 8.0.6 was released on April 6 and is the final bugfix release for the Drupal 8.0.x series. Drupal 8.0.x will not receive any further development aside from security fixes. Drupal 8.1.0-rc1 is now available and sites should prepare to update to 8.1.0.

Bug reports should be targeted against the 8.1.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.2.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

dpi’s picture

dpi
Location Perth, Australia
CreditAttribution: dpi as a volunteer commented
Issue summary: View changes
Status: Active » Closed (duplicate)
Related issues: +#849602: Update 'username' theme template to use 'view label' operation.
David_Rothstein’s picture

David_Rothstein CreditAttribution: David_Rothstein as a volunteer commented
Title: template_preprocess_username() does not provide correct access to own profile » template_preprocess_username() does not check access correctly when displaying a link to the user's own profile
Status: Closed (duplicate) » Needs review
Issue tags: +Needs backport to D7

I don't see how this is a duplicate - that issue is about access to the username, whereas this issue is about displaying a link to the profile page.

Essentially what this issue is saying is that the code which determines whether or not to link to the user profile should match (or at least more closely match) the code in https://api.drupal.org/api/drupal/core%21modules%21user%21src%21UserAcce... which determines whether or not the current user has access to view the profile.

Status: Needs review » Needs work

The last submitted patch, 1: 2106589-preprocess-username-own-profile.patch, failed testing.

dpi’s picture

dpi
Location Perth, Australia
CreditAttribution: dpi as a volunteer commented
Related issues: -#849602: Update 'username' theme template to use 'view label' operation. +#1101958: Username template cannot always link to current user

You're right, I had the wrong issue :). Was supposed to be #1101958: Username template cannot always link to current user

David_Rothstein’s picture

David_Rothstein CreditAttribution: David_Rothstein as a volunteer commented
Status: Needs work » Closed (duplicate)

Oh, yeah, this does look like a duplicate of that one.