I have a site using CB where users must maintain their own details but not have access to other profiles. I've enabled Core Fields Ajax to assist with this. It works fine when user is an admin, but not otherwise. I traced this behaviour to the setting in Configuration>User Profile>Profile View Access Level - it works perfectly if the setting is a user group to which the user belongs. If not, the pencil icons appear but clicking on the field causes the entry to disappear, and no editable field or Update/Cancel buttons show.
Is that expected? It seems odd because the user is still able to access cb-profile-edit via menu, just not directly via the Ajax plugin. If so I won't be able to use the plugin as I need to set the Profile View Access Level to admin-only.
The ajax endpoint is not accessible because the profile technically is not accessible. They can still access themselves to an extent, but it won't be entirely functionality. I've added a feature ticket to look into improving the ajax endpoint to see if self access can be ignored for the profile access check so the usages are consistent. This change would likely have to happen in CB I believe.
As a workaround you can use CB Privacy and its Profile Privacy field or a redirect in CB Auto Actions to keep users from accessing other users profiles.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Many thanks, the CB Privacy workaround did the trick, so will run with that. Would be good to get consistency though, so thanks for raising the ticket.