jaread83 - Use rest() instead of restadmin() in line 2 of your code, as using the restadmin overrides all the permissions and fetches all the data, even private. So while developing custom components, please keep in mind that you have to use the rest call unless absolutely necessary to use restadmin. Otherwise you could end up showing sensitive data to logged out users too.
I hope this helps.
Thanks for the tip VarunGrazitti but using rest affects my component for regular users and they see 'widget cannot be displayed' for them except for their own avatar. I am all for keeping things as secure as possible but I need the component to work for everyone. Any ideas why that would happen?
jaread83 - I looked into this and following is the issue.
When you are making call as rest in logged out state, there are few nodes missing in registration_data
"registration_data":{
"type":"registration_data",
"registration_time":"2014-09-18T13:48:50.554-07:00"
}For a logged in user, the API returns all the nodes as:
"registration_data":{
"type":"registration_data",
"registration_time":"2014-09-18T13:48:50.554-07:00",
"status":"fully-registered",
"registration_access_level":"all",
"confirm_email_status":true
}and you are using registration_data.status in your code which is not available when the user is logged out, hence the error:
<#if user.online_status = 'online' & user.registration_data.status = 'fully-registered'>
You could modify the code using if user is logged in or not. You should also use attempt recover blocks.
I hope this helps.
