Personal Info/User Details page do not respect the form option settings in member fields schema

plone / Products.CMFPlone

The core of the Plone content management system

https://plone.org

GNU General Public License v2.0

252 stars 188 forks source link

Personal Info/User Details page do not respect the form option settings in member fields schema #3794

Closed ewohnlich closed 1 year ago

ewohnlich commented 1 year ago

BUG/PROBLEM REPORT (OR OTHER COMMON ISSUE)

What I did:

I use https://classic.demo.plone.org to verify this wasn't from any of my configuration. I did the following:

Went to Member Fields in the site setup https://classic.demo.plone.org/@@member-fields
Click Settings for Home Page
Uncheck the "In Profile" form option, click Save
click Done

What I expect to happen:

Home page field not displayed on https://classic.demo.plone.org/@@user-information?userid=manager or https://classic.demo.plone.org/@@personal-information

What actually happened:

Home page is displayed in both

What version of Plone/ Addons I am using:

Plone 6.0.4. I used the classic demo site to ensure I did not have any optional addons/config.

mauritsvanrees commented 1 year ago

Confirmed. Using the classic demo site, I create a new field and new user, just to be sure that there is nothing special about the home page field or the manager user. The extra field shows up in the personal information page.

The checkbox for "On registration" does work: when I switch this off, the field no longer shows up on the registration form.

Could you check locally if a restart of the site fixes it? There is some caching, in which I did some needed fixes a few months ago, where a change was not picked up until after a restart. Maybe you found a variant where a similar fix would be needed. See https://github.com/plone/plone.app.users/issues/76 Well, it is now a cache on the request, so a restart should not matter. Still: worth a try.

ewohnlich commented 1 year ago

Yeah, a restart does not matter for me on my local machine. I also tried this with custom fields added through GenericSetup and it was a problem, regardless of restart.

I also DID have this working for the "On registration" form, as you noticed. I haven't dug into the code yet, but my guess was that some update to the @@user-information form mistakenly dropped whatever logic looked for this.

mauritsvanrees commented 1 year ago

I went back to plone.app.users 3.0.0b4, which is the release before the changes I did, but that made no difference.

Ah, wait, I see. When you have the Manager role and you go to the user information page for a user, any restrictions are removed. See the getUserSchema method. When you login as a normal Member, and go to your own information page, the fields are not in the schema.

So I think this works as intended: fields that you do not want on the user profile are not there, but for Managers there is an escape hatch.

Can you confirm? If so, I think this can be closed.

Well, it would be good to make this clearer in the member fields form. I am preparing a PR.

ewohnlich commented 1 year ago

Thanks for the explanation, the improved help text works for me.