Adding configuration for keeping email address private (GDPR)
Brought to you by:
jberanek
Hi,
I find that it is no longer in touch with times that e-mail addresses of all the other users of the system are shown to everybody.
I would like to have a global config for:
$hide_users
that avoids outputting all the users info to everybody in edit_users.php.
Here is a very simple diff for that:
diff --git a/edit_users.php b/edit_users.php index d2483d5..db2b27f 100644 --- a/edit_users.php +++ b/edit_users.php @@ -183,9 +183,15 @@ function output_row(&$row) { global $ajax, $json_data; global $fields, $ignore_columns, $select_options; + global $hide_users; $values = array(); + // If stricter privacy is required do not output all the users's rows + if (!can_edit_user($row['name']) && $hide_users) + { + return; + } // First column, which is the name // You can only edit a user if you have sufficient admin rights, or else if that user is yourself if (can_edit_user($row['name'])) diff --git a/systemdefaults.inc.php b/systemdefaults.inc.php index 7806a63..07a827a 100644 --- a/systemdefaults.inc.php +++ b/systemdefaults.inc.php @@ -440,6 +440,8 @@ $default_report_days = 60; $show_plus_link = false; // Change to true to always show the (+) link as in // MRBS 1.1. +// Enforce a stricter privacy, do not show other users info (notably e-mail address) to non-admin users. +$hide_users = false; // PRIVATE BOOKINGS SETTINGS
Hope it can be accepted
Thanks,
Paolo
You mean you want something different from
$auth['only_admin_can_see_other_users']
? That setting won't show the other users at all, but your setting looks like it will show the username but no other details. Is it useful knowing just the username?Actually it removes the whole row as it returns before outputting it.
But, yes,
$auth['only_admin_can_see_other_users']
is the right config. I had not seen it and I had mistaken:$min_user_viewing_level
for the only setting one could use in that regard, and it is for something else.So, please just disregard this request,
$auth['only_admin_can_see_other_users']
is all what I need.