As an Authenticated user I should not be able to access another user's profile

Open on Drupal.org →

Created on 26 December 2024, 13 days ago

Problem/Motivation

As an Authenticated user I should not be able to access another user's profile.

Steps to reproduce

Login as authenticated user
User should not have access to the paths for other users (but should have access to own if appropriate permission granted):
- /user/{uid}/information
- /user/{uid}/stream
- /user/{uid}/topics
- /user/{uid}/events
- /user/{uid}/information
- /user/{user}/albums
- /user/{user}/followers
- /user/{user}/groups
- /user/{user}/invitations
- /user/{user}/group-invites
- /user/{user}/event-invites

Proposed resolution

Alter access for all views routes that have path pattern /user/{user}*

✨ Feature request

Status

Active

Version

13.0

Component

Code (back-end)

Created by

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @vnech

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024