Users should not be able to see all users information of the site. For example a user don't want necessarily that all users can see his email address. | |
| priority | normal |
|---|---|
| type | bug |
| done in | <done in not specified> |
|
CubicWeb's Forge | anonymous [login] [register] |
search actions - ticket
latest blogs blog archives |
cubicweb #1177702: don't have permission to see all users of the site for users [open]
|
||||||||||
Comments
this is more an end application choice. It has been choosen to grant 'users' to see other cwuser by default to avoid costly read permissions by default. Application such as jplextra do change this.
Now if there is a consensus that it shouldn't be the default, I may revise that choice.