try adding new_record? to the mix

On Jun 10, 11:47 pm, Dean <[email protected]> wrote:
> This issue was raised late last year and supposedly a patch was
> submitted to fix it.
>
> To recap:
>
> Guests can view all of the details of registered users by guessing the
> appropriate URL. Setting the view_permitted? permission to
> "acting_user.administrator? || acting_user == self" prevents that from
> happening but also prevents any fields being shown in the signup form.
>
> http://groups.google.com/group/hobousers/browse_thread/thread/f0ddb0d...
>
> However I am still experiencing this issue with Hobo 1.0.1.  I had a
> look for Bryan's fix but I couldn't find it in GitHub.
>
> Dean

-- 
You received this message because you are subscribed to the Google Groups "Hobo 
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/hobousers?hl=en.

Reply via email to