Hi,
we currently try to get the user_image via public API. However, since user_image is a field of the doctype “User” we are facing some problems. We do not want to allow any users to view user profiles - even if we increase the permission level of each field on the “User” doctype, they would still be able to send passwort reset E-Mails or change desktop settings for any user.
So we decided to allow access to the doctype user only for system-managers. However we still want to read the user_image via public api. Is there any way how we could achieve this?