When I create bio, I can edit the node through user/UID/bio. But at the same time it's also editable through node/NID/edit. This is not preferable since I use specific CSS to the form rendered by page-user.tpl. When it's accessible though normal page.tpl which doesn't include the custom CSS, the form looks different. Any customization lost and the user gets confused.

On the other hand and the worst part, anonymous users can still access the bio node through the node path (e.g: node/4), even though I don't allow them to access user profile. Is this a bug or the bio node is just a public node not intended to be restrictive by role?

Any workaround this? Thanks

Comments

drupaloSa’s picture

drupaloSa CreditAttribution: drupaloSa commented

subscribing for anonymous access problem...

marcp’s picture

marcp CreditAttribution: marcp commented

This feels like a bug, but it's hard to fix in a nice way in the bio module.

One workaround is to have a custom node-bio.tpl.php (if bio is the name of your bio type), and wrap the whole thing in a test on user_access('access user profiles'), like this:

<?php
if (user_access('access user profiles')) {
  // EVERYTHING ELSE GOES HERE...
}
else {
  drupal_set_title(t('Access denied'));
  menu_set_active_item('');
  print t('You are not authorized to access this page.');
}
?>

The code in the else portion is taken from drupal_access_denied() -- put whatever you want the denied user to see there.