This issue was raised late last year and supposedly a patch was
submitted to fix it.

To recap:

Guests can view all of the details of registered users by guessing the
appropriate URL. Setting the view_permitted? permission to
"acting_user.administrator? || acting_user == self" prevents that from
happening but also prevents any fields being shown in the signup form.

http://groups.google.com/group/hobousers/browse_thread/thread/f0ddb0ddd41b65b8/771d0204604a8aec?lnk=gst&q=permission+view+user+signup&pli=1

However I am still experiencing this issue with Hobo 1.0.1.  I had a
look for Bryan's fix but I couldn't find it in GitHub.

Dean

-- 
You received this message because you are subscribed to the Google Groups "Hobo 
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/hobousers?hl=en.

Reply via email to