Details
-
Type:
New Feature
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: 3.1.6
-
Fix Version/s: Unscheduled
-
Component/s: CiviCRM Profile
-
Labels:None
Description
Currently when configuring a profile, there is an option to use that profile for "View/Edit Drupal User Account ". When selected, and proper access granted via ACLs such that a user can edit their own data, all users with permission can VIEW all other users' data in that profile when viewing their drupal /user/uid page.
This makes it hard to allow users to edit data that would otherwise not be displayed to other site users (address/phone for example).
This feature request is to break out the profile options such that there is a "View on Drupal User Account" and an "Edit on Drupal User Account".
Alternately, the ACLs could be reworked such that there is a "view any" and a "view own" permission for custom data and/or profile access. It seems that "Edit" implies "Edit Own" when it comes to profiles. It seems that now "view any" is then inherited when "edit" is granted to a category of users like "Authenticated".
Unless I am completely missing something.