admidio icon indicating copy to clipboard operation
admidio copied to clipboard

Published 20 hours ago verified publisher icon Admidio

Hide certain Groups from users

Open sielnet opened this issue 2 years ago • 5 comments

Is your feature request related to a problem? Please describe. I can not allow our users to view all groups because of information leakage.

Describe the solution you'd like Allow me to allow/disallow the access based on group categories.

Describe alternatives you've considered .

Additional context The Problem is that we created groups for the fees. Single fees are group based and in on separate category. We do not want all users to be able to see who pays what fees. We also have groups for offices. All offices are in a separate category. We do want to allow all users to view the members of the category with all offices.

sielnet avatar Feb 10 '22 07:02 sielnet

You can set the right to view role membership to nobody. Than only users with the right to view all roles could view these role memberships.

Fasse avatar Feb 10 '22 16:02 Fasse

(private account) I did test your suggestion. But it is still the same problem.

I want certain users of a certain group to only be allowed to view group memberships of certain other groups based on the group category.

View all roles does not work for us because we do not want all users to be able to view all roles.

Context: We have users that are part of the offices group. An office is occupied by one or more persons who are responsible for as example bar and barbecue.

the office "bar and barbecue" has members and is itself placed under the category "offices" in the members and groups overview.

We do want all users to be able to view who is responsible for an office (offices are in a separate category). We do not want all users to be able to view who is part of an accountancy membership group/category. Example: normal membership, reduced membership etc...

idnovic avatar Feb 10 '22 21:02 idnovic

So you could set the office role to be viewable by all registered users.

Fasse avatar Feb 11 '22 20:02 Fasse

@Fasse I tried your suggestion. Only one problem left. If a normal user decides to look at a profile from a group member of the offices groups, that user can see the login username of the group member.

How can I set the username as not viewable?

sielnet avatar Mar 16 '22 11:03 sielnet

I fixed it.

            // add loginname
            if (strlen($user->getValue('usr_login_name')) > 0) {
                if ($userId !== $gCurrentUserId && $gSettingsManager->getBool('enable_pm_module')) {
                    $form->addStaticControl(
                        'username',
                        $gL10n->get('SYS_USERNAME'),
                        '<a class="admidio-icon-link" href="'.SecurityUtils::encodeUrl(ADMIDIO_URL.FOLDER_MODULES.'/messages/messages_write.php', arra>
                            '<i class="fas fa-comment-alt"></i>'.$user->getValue('usr_login_name').'</a>'
                    );
                } else {
                        if ($userId !== $gCurrentUserId && !($gCurrentUser->editUsers()))  {
                                //$form->addStaticControl('username', $gL10n->get('SYS_USERNAME'), $user->getValue('usr_login_name'));
                        } else {
                                $form->addStaticControl('username', $gL10n->get('SYS_USERNAME'), $user->getValue('usr_login_name'));
                        }
                }
            } else {
                $form->addStaticControl('username', $gL10n->get('SYS_USERNAME'), $gL10n->get('SYS_NOT_REGISTERED'));
            }

sielnet avatar Mar 16 '22 18:03 sielnet

With version 4.2 of Admidio it's now possible to set the rights of viewing membership and viewing profile separately per role. View the linked issue.

Fasse avatar Jan 06 '23 05:01 Fasse