Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

This module allows users to view another user's username if they have permission to view a node authored by that user. This feature is intended for sites where node authors' usernames can be publicly visible based on this specific condition.

The module is part of the User Privacy CMS recipe.

This module introduces a view username access decider that grants access to view a user’s username if that user is the author of a node to which the current (or acting) user has view access. For more details, see the Known limitations section.

Note: This module MUST ONLY be enabled if the site owner confirms that every node author’s username can become visible based on the logic described above.

TODOs

  • Validate and finalize support for node revisions if needed. For example, a user might be able to view the username of another user because that user is the author of a non-default revision of a node.
    • This should be handled by a dedicated decider that runs after the current node access-based decider, but only if necessary, because this lookup can be very expensive.

Known limitations

  • Currently, only the “view” entity access for nodes is checked to decide whether a user can view another user’s username.
    This limitation is set by default for performance reasons, as checking “view,” “update,” and “delete” access simultaneously could be expensive. Additionally, it might be unnecessary to expose an author’s username to users who only have “update” or “delete” access to a node. If this feature is needed, a new instance of the \Drupal\view_usernames_node_author\NodeAuthorViewUsernameAccessDecider service can be registered to override the default entity operation used by the service via the \Drupal\view_usernames_node_author\NodeAuthorViewUsernameAccessDecider::setEntityOperation() method.
  • The Internal Page Cache (page_cache) module does not support cache context-based “invalidation” of cached requests. When a user’s access to a node changes via hook_node_access_grants(), previously cached results DO NOT get invalidated for non-logged-in users (since the Internal Page Cache is only active for non-logged-in users). However, the Dynamic Page Cache (dynamic_page_cache) module works as expected for authenticated users. See cache context is being ignored.

Activity

Total releases
1
First release
Dec 2025
Latest release
7 months ago
Releases (12 mo)
1 ▲ from 0
Maintenance
Slowing

Releases

Version Type Release date
1.0.1 Stable Dec 14, 2025