[rt-users] Viewing user profiles without modification rights?

[Jerrad Pierce]

If I recall correctly, the profile page is still displayable without
the ACL, but the ticket display page uses the ACL to determine whether
or not to link to the page.

Tickets/Elements/ShowRequestor has:

    title_href => $has_right_adminusers? RT->Config->Get('WebPath')."/Admin/User
s/Modify.html?id=".$requestor->id: undef

but there is no HasRight check in Admin/Users/Modify.html

So you ought to be make a local variant of the former to always link....