When I create bio, I can edit the node through user/UID/bio. But at the same time it's also editable through node/NID/edit. This is not preferable since I use specific CSS to the form rendered by page-user.tpl. When it's accessible though normal page.tpl which doesn't include the custom CSS, the form looks different. Any customization lost and the user gets confused.
On the other hand and the worst part, anonymous users can still access the bio node through the node path (e.g: node/4), even though I don't allow them to access user profile. Is this a bug or the bio node is just a public node not intended to be restrictive by role?
Any workaround this? Thanks
Comments
Comment #1
drupaloSa CreditAttribution: drupaloSa commentedsubscribing for anonymous access problem...
Comment #2
marcp CreditAttribution: marcp commentedThis feels like a bug, but it's hard to fix in a nice way in the bio module.
One workaround is to have a custom node-bio.tpl.php (if bio is the name of your bio type), and wrap the whole thing in a test on
user_access('access user profiles')
, like this:The code in the else portion is taken from
drupal_access_denied()
-- put whatever you want the denied user to see there.