User Form - Controlling Access Dramas 1272 PostsBucklash 1 year ago4TopicHi folksI am really confused with USER content type.Menu Structure:MemberProfileFormAdminProfiles FormSo.... for the Member/Profile/Form part....I want a user to be able to edit their user data i.e. phone number etc...I want ONLY admins to be able edit any user data i.e. blocked etc...I do NOT want members to be able to alter any other user. Currently, only admins create users profiles.So "created_by" is always ADMINSo "edit_own" does not come in to effect hereCurrently, if a (devious) member changes the id in the url, they can manipulate another users data i.e "/profile/profile-form/form/user?id=441&return=..."I am struggling to have it so that the user can NOT edit any other users data.If I use SEBLOD Break, it just breaks no matter what I do i.e.Field 1Name: user_idField 2Name: seblod_break_userRestriction: FieldsField Name / Value(s): user_idis Equal/In: User -> idIf I change from Value to Form, or Invert -> Yes to Invert -> No, always same result: BREAK.So after all that, how do you have a user form where the user can only edit where the user_id matches THEIR id? 231 PostsGiuse 1 year ago3Level 1One of the content type permission is "Edit Own": isn't what you are looking for?cheers 1272 PostsBucklash 1 year ago2Level 2Hi GuiseActually it was, I had it in my head that edit_own was based on created by, but that is for articles.What a knob! 1272 PostsBucklash 1 year ago1Level 3.... continuing on...So having it so that a user can only edit their own profile is good now.However, as a front end admin, I am unable to get it so that admins can still edit any profile....Access for the Content type is set so that the admin can edit.2 buttons in the viewEdit Button for members to edit their own profile (links to menu item "Member/Profile/Form on front end)Edit Button for admins to edit any profile (links to a menu item "Admin/Profiles/Form on front end)...but no joy.It is clear to me that Permissions are a weak spot for me, 4229 PostsKadministrator 1 year ago0Level 4With edit permission for admin it should work.