[drupal-devel] [feature] Profile values editable only by privileged users

remi drupal-devel at drupal.org
Tue Sep 13 18:25:55 UTC 2005

Issue status update for 
Post a follow up: 

 Project:      Drupal
 Version:      4.6.0
 Component:    profile.module
 Category:     feature requests
 Priority:     normal
 Assigned to:  Anonymous
 Reported by:  remi
 Updated by:   remi
 Status:       patch (code needs review)

I'm currently implementing Drupal on our intranet, since I believe this
CMS is just great. (I use it on most of my sites too!)

However, on our intranet, profiles should be extensible, yet its
contents should only be modified by privileged users, and not

For that reason, I've made a few modifications to profile.module in
order to let the administrators, in the 'access control' page, decide
which roles can modify the profiles content. Also, when adding or
update a custom profile field, the administrators can decide whether
the content of that field can be modified by the profile's user or not.

Here are some code patches for profile.module, followed by an SQL
statement to add the 'editable' column in the 'profile_fields' table.
Line numbers are approximate:

Add the following line, in the while() control loop, at line ~273:

$editable = ($field->editable || user_access('edit all fields content'));

Change the following db_query() call at line ~464:

db_query("INSERT INTO {profile_fields} (title, name, explanation, category, type, weight, required, register, visibility, editable, options, page) VALUES ('%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, '%s', '%s')", $data['title'], $data['name'], $data['explanation'], $data['category'], $type, $data['weight'], $data['required'], $data['register'], $data['visibility'], $data['editable'], $data['options'], $data['page']);

Change the other following db_query() call at line ~493:

db_query("UPDATE {profile_fields} SET title = '%s', name = '%s', explanation = '%s', category = '%s', weight = %d, required = %d, register = %d, visibility = %d, editable = %d, options = '%s', page = '%s' WHERE fid = %d", $data['title'], $data['name'], $data['explanation'], $data['category'], $data['weight'], $data['required'], $data['register'], $data['visibility'], $data['editable'], $data['options'], $data['page'], $fid);

Add the following implementation for hook_perm():

function profile_perm() {
  return array('edit all fields content');

Add the 'editable' column in the 'profile_fields' table:
ALTER TABLE `profile_fields` ADD `editable` TINYINT( 1 ) DEFAULT '1'
NOT NULL AFTER `visibility` ;

Feedback welcome!


More information about the drupal-devel mailing list