Here's my scenario: gave search profiles permission to authenticated users. But have some profile fields that are visible only to special roles (like Moderator, for example).
When authenticated user searches for string that happens to match a hidden field, he sees a hit in the Profiles search tab but the actual field is hidden.
It's good that the hidden field doesn't show in the results, but the user who did the search has no idea why he got a hit.
Would be better if "no permission to see field" also results in no search hit.

Comments

James Marks’s picture

James Marks CreditAttribution: James Marks commented

What module are you using to control access to certain profile fields by role?

James Marks’s picture

James Marks CreditAttribution: James Marks commented
Assigned: Unassigned » James Marks
Status: Active » Postponed (maintainer needs more info)
aharown07’s picture

aharown07 CreditAttribution: aharown07 commented

I'm actually no longer using ProfilePlus, but to answer your question, it's just the core Profile module. When you create a field, the Visibility options include "Hidden profile field, only accessible by administrators, modules and themes."

James Marks’s picture

James Marks CreditAttribution: James Marks commented
Status: Postponed (maintainer needs more info) » Fixed

For non-admin searches I'm excluding profile fields whose visibility is set to either 'PROFILE_PRIVATE' or 'PROFILE_HIDDEN' so there should be no search results based on matches against those fields.

(You're certainly welcome to test my beta to make sure it's working properly though. :) )

James

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.