Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User information exposure #27

Open
grololo06 opened this issue May 28, 2021 · 1 comment
Open

User information exposure #27

grololo06 opened this issue May 28, 2021 · 1 comment

Comments

@grololo06
Copy link
Member

In all API calls, user information should removed from response for user without (minimum) view rights on the project.
Manager names should not be exposed at all.
Contact name can be exposed to public.

Crypted names should be consistent inside API output for a given call, but not across time.
@grololo06 grololo06 self-assigned this May 28, 2021
@jiho
Copy link
Contributor

jiho commented May 28, 2021
edited
Loading

The decision is to:

  • show name + email of contact person everywhere
  • show name + email of persons with other statuses (viewer, annotator, manager) when the privilege of the user doing the request is viewer or up
  • show anonymised names and no email when the user doing the request is not logged in or has no privilege; those anonymised names are dynamic, per request and look like "anonymised user 1", "anonymised user 2"

@grololo06 grololo06 removed their assignment Sep 28, 2021
@grololo06 grololo06 transferred this issue from ecotaxa/ecotaxa_front Sep 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jiho @grololo06