Bio Summary block ignores View Protection Profile security.

[azturner]

Description

Both the 'Person Bio' and the 'Person Bio Summary' blocks add an additional 'View Protection Profile' security action. If you configure security on this action so a user is denied access, the protection profile display (the padlock displayed above their name), should not be displayed. This works correctly on the main 'Person Bio' block, but the 'Person Bio Summary' block used on all the other tabs except the main profile tab ignores the configuration and always shows the protection profile.

Actual Behavior

If you configure security on the Person Bio Summary block's 'View Protection Profile' action so that user is denied access, the user can still see the person's protection profile.

Expected Behavior

If you configure security on the Person Bio Summary block's 'View Protection Profile' action so that user is denied access, the user should not be able to see the person's protection profile.

Steps to Reproduce

• Go to any person profile
• Click on Additional Person Details tab
• Click on the 'Block Configuration' admin option
• Edit the security on the 'Person Bio Summary' block
• Configure the 'View Protection Profile' so that the 'RSR - Staff Access' role is denied access
• Log into Rock as someone who is in the 'RSR - Staff Access' role
• Go to any person profile
• Click on Additional Person Details
• Notice that you can still see the protection profile, even though security was configured to not allow that access

Issue Confirmation

• [X] Perform a search on the Github Issues to see if your bug or enhancement is already reported.
• [X] Reproduced the problem on a fresh install or on the demo site.

Rock Version

v16.5

Client Culture Setting

en-US