- π³πΏNew Zealand quietone
@brad.bulger, Thank you for reporting this problem. We rely on issue reports like this one to resolve bugs and improve Drupal core.
I am sure this is working as designed. The uploaded image will be published content, so without the permission they can't view it.
Thanks!
- Status changed to Active
about 2 years ago 8:50pm 27 February 2023 - πΊπΈUnited States brad.bulger
If I am creating an account, I don't have an account yet. So I can't possibly be logged in to my account, which doesn't exist.
- Status changed to Closed: cannot reproduce
about 2 years ago 9:16pm 27 February 2023 - πΊπΈUnited States brad.bulger
I can't reproduce this in a simplytest.me generic 10.x site.
- Status changed to Active
about 2 years ago 9:22pm 27 February 2023 - πΊπΈUnited States brad.bulger
Sorry for the churn, I forgot to turn off "View published content" for anonymous users.
- Status changed to Needs review
about 2 years ago 4:06am 28 February 2023 - π¨π³China jungle Chongqing, China
- Status changed to Closed: works as designed
about 2 years ago 2:42pm 28 February 2023 - πΊπΈUnited States smustgrave
Leaning toward #11 and #15 per #11 that an uploaded picture is published content. If for your specific setup you want to wrap individual fields in permissions would look into https://www.drupal.org/project/field_permissions β
- πΊπΈUnited States brad.bulger
Then maybe we should change the default user registration form and add a warning to the default picture field. To say "well technically that's content" is very programmer. If users can't create accounts on the site in a very simple configuration, that seems like a problem? Vs saying Sux2bu?
- πΊπΈUnited States brad.bulger
Seems like an instance of π Ajax file upload callback improperly checks view published content ('access content') permission Needs work perhaps.
- πΊπΈUnited States smustgrave
Another option is to remove the picture field from the registration form /admin/config/people/accounts/form-display/register