Problem Summary
The Profile module does not properly apply the "View own profiles" permission, requiring users to have "Edit own profiles" enabled in order to access their own profile page. This creates a major issue when using Field Permissions, as fields set to "View only" disappear unless the user has editing rights.
Steps to Reproduce:
Install Profile module and create a profile type.
Assign fields to the profile and enable Field Permissions.
Set a field to:
ā
"View own value for this field" (enabled)
ā "Edit own value for this field" (disabled)
Assign only the "View own profiles" permission to a user role (without "Edit own profiles").
Log in as a user with this role and try to access their profile page (/user/{uid}/profile).
Expected Behavior:
The user should be able to view their profile.
Fields with "View own value" enabled should be displayed.
Actual Behavior:
The user gets "Access denied" unless they also have the "Edit own profiles" permission.
Fields set to "View own value only" do not appear at all.
Why is this a bug?
"View own profiles" should be sufficient to access a user's own profile.
Field Permissions should allow fields to be viewed even if editing is disabled.
Profile access should work like User Fields, where viewing and editing permissions are properly separated.
Possible Fixes:
Ensure that the "View own profiles" permission alone grants access to the user's profile page.
Allow fields to be displayed even when they are "View only" in Field Permissions.
Add a configuration setting to control whether a profile requires editing permissions to be accessible.
Drupal Version & Environment:
Drupal version: 10+ / 11
Profile module version: (latest)
Field Permissions module: Enabled
Workarounds:
A custom module is required to override route access and force profile visibility.
Some users resort to Views-based workarounds, but this removes the ability to edit selected fields
.
Community Impact:
This issue makes Profile + Field Permissions almost unusable for real-world use cases where:
Users should see their profile without modifying it.
Some fields should be editable while others remain read-only
Active
1.0
Code
Hi @laurentb,
I've updated the checkAccess method and now even when you set "View own profiles" without giving the edit access to the user you can see the fields for the profile, and for the field permission module could please create a separate issue, I've a solution for that too.
Thanks,
Arun