Bug? Viewable field shows empty content

[FlorianA]

In my current project, I've extended the user template by two fields: birthday (Datetime: the user's birthday) and hide_year_of_birth (Checkbox: does the user want his year of birth to be hidden for other users?).

Furthermore I'd like to have three groups of users:
- Group 1 always sees years of birth for all users.
- Group 2 sees only years of birth of these users who have unchecked their hide_year_of_birth flag.
- Group 3 can't see a year of birth of any user.

For implementing this, the field hide_year_of_birth has view permission only for groups 1 and 2. In the template file, if hide_year_of_birth is not viewable, a value true is assumed.

function getBirthday($user)
{
    return $user->hide_year_of_birth || !fields('hide_year_of_birth')->viewable() ?
        strftime(__('%d.%m.'), $user->getUnformatted('birthday')) : $user->birthday;
}

Unfortunately, this didn't work as I meant. When I logged in as a user of group 2, I saw the year of birth of another user with hide_year_of_birth checked. The debug output said that $user->hide_year_of_birth was 0, however fields('hide_year_of_birth')->viewable() was true. When I logged in as a user of group 1 or 3, it worked as expected. Edit: No, group1 doesn't work either, but that's why I've just hadn't thought about it in implementation - but it isn't relvant for this question either  ;-)

Could this be a bug which makes $user->hide_year_of_birth return the "empty" value for unviewable fields although the field is viewable? After I checked the field option "allow access value by API even if not viewable" for hide_year_of_birth, everything worked as expected also for the group 2.

[Robin S]

Why are you placing view restrictions on the "hide_year_of_birth" field? Isn't it the "birthday" field you want to limit view access for?

[FlorianA]

On 22.2.2018 at 11:24 PM, Robin S said:

Why are you placing view restrictions on the "hide_year_of_birth" field? Isn't it the "birthday" field you want to limit view access for?

Not really. Every logged-in user should be able to view day and month of the birthday, but not on the year. If we want to know if the user is also allowed to see the year, we look into the "hide_year_of_birth" field. If we are not allowed to view this field we can't know if the the user wants to expose his age and therefore we assume "no".

[Robin S]

I understand a little better now, but your usage is not how view permissions are intended to be used.

Suppose you had a different setup for storing a user's date of birth: a text field for day and month, and a text field for year. I'm not suggesting that you do this - it's just to illustrate how view permissions typically work. In this alternative setup you might apply view permissions for the year field - so it would or wouldn't be viewable depending on role.

But in your setup the "hide_year_of_birth" field is not a field that it is useful to limit the viewing of, because it only holds a 1 or a zero and not the actual value you want to hide (the year of birth). Hiding the checkbox field just confuses things IMHO, and would cause problems if any of the users with view restrictions need to edit the "hide_year_of_birth" field in their own profile (you can't edit a field that you can't view).

I think instead you should create a new custom permission "view_year_of_birth" and apply it to the relevant roles. Then check for that permission (and the "hide_year_of_birth" value) to determine how the date field should be formatted.

[FlorianA]

On 24.2.2018 at 10:12 PM, Robin S said:

But in your setup the "hide_year_of_birth" field is not a field that it is useful to limit the viewing of, because it only holds a 1 or a zero and not the actual value you want to hide (the year of birth). Hiding the checkbox field just confuses things IMHO, and would cause problems if any of the users with view restrictions need to edit the "hide_year_of_birth" field in their own profile (you can't edit a field that you can't view).

That's a valuable hint. Up to now my concept was to restrict permissions not only for the "hide_year_of_birth" field but also for other more "private" user fields like street or phone numbers. That's why I didn't want to handle this one field by a global permission. But my plans break down anyway if the restricted fields aren't editable any more even for the user's own profile.

So I have to look for another solution ... I think it will be something like a "view_extended_user_data" permission which applies not only to the year of birth but also to some other fields.