Contrib.social

As an Authenticated user I should not be able to access another user's profile

Open on Drupal.org →
Created on 26 December 2024, 4 months ago

Problem/Motivation

As an Authenticated user I should not be able to access another user's profile.

Steps to reproduce

  • Login as authenticated user
  • User should not have access to the paths for other users (but should have access to own if appropriate permission granted):
    • /user/{uid}/information
    • /user/{uid}/stream
    • /user/{uid}/topics
    • /user/{uid}/events
    • /user/{uid}/information
    • /user/{user}/albums
    • /user/{user}/followers
    • /user/{user}/groups
    • /user/{user}/invitations
    • /user/{user}/group-invites
    • /user/{user}/event-invites

Proposed resolution

Alter access for all views routes that have path pattern /user/{user}*

Feature request
Status

Active

Version

13.0

Component

Code (back-end)

Created by

vnech

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024