Custom Users are unable to view their front-end profile pages

[JanRomero]

Short description of the issue

Using ProcessWire’s $config->userTemplateIDs and $config->userPageIDs feature, when requesting their own front-end page for viewing, logged-in users are denied and redirected according to the template’s configured “what to do when user has no access” option, unless they have the permissions user-admin or profile-edit. This happens even though the user’s template specifically defines view (but not edit) access for their role.

Expected behavior

Users should be able to view pages whose template is configured to let them do so, regardless of missing edit or admin permissions, even if the page is instanceof User.

Actual behavior

User pages are only viewable to users with edit or admin permission.

Optional: Suggestion for a possible fix

I have submitted a small fix here: processwire/processwire#162. I might have missed some cases or screwed up otherwise. My experience with PW’s internals is pretty limited ;)

Steps to reproduce the issue

My setup is somewhat old and was originally built with PW 2.x, but this probably still works.

1. Set up custom users according to this post.
2. Enable “manage view and edit access” in the new user template settings.
3. Create a role for your new user type.
4. Give that role the permission page-view for the user template, but no edit, admin or backend permissions.
5. Create a user of your custom type
6. Log in as that user and view the user page ($page->url, not $page->editUrl)
7. You should get a 404 although you seem to have all necessary permissions

ProcessWire version: 3.0.148

[adrianbj]

This just bit me also. It's so weird that guests and other users can view the person's profile page, but not the person whose page it is, cannot.

@ryancramerdesign - this is really important for those of us using the custom user template / parent approach and it's clear by the number of thumbs ups that others are concerned about it too.

I have applied @JanRomero 's solution and it seems to be working fine for the frontend viewing, which is great, but there is more to it unfortunately. When viewing the page tree of users (in the custom page branch), the "View" action is still missing - again, only for their own page - it appears for all the other users.

Not sure if there are other issues or not, although I would like to see the ability for users with the profile-edit permission also see an "Edit" action button next to their user page in the page tree. I know that there are restrictions on the fields that users with this permission can edit, so I think it would make sense if this simply opened up their profile edit page, but I do think it would be more logical for them to be able to see an edit action here as well.

[adrianbj]

This seems to be fixed in processwire/processwire@3485aa8

@JanRomero - could you confirm at your end as well please?

[JanRomero]

@adrianbj I just updated my site and it works great. Thanks everyone!