What systems should we have and do we need to controlling access to profile items and their fields?

Comments

joachim’s picture

joachim commented

I always found the options in D5/6 profile to be confusing.
IIRC they were:
- only admins may edit and view this field content (but who are admins?)
- only admins and the user may edit this field content, and it is private: only admins and the owner may view it.
- all may view it
- also shown in listings

Listings... are we even doing those?

fago’s picture

fago
Primary language German
Location Vienna
commented

>Listings... are we even doing those?
No, that's views job and I read multiple times that people would be fine with leaving that out.

View: That can be configured on the display tab anyway, so I think we can leave that out too?

So we have only one thing left:
* The field is admin only (edit) or not.

Admins would be anyone with administer profile permissions, but it might make sense to introduce a separate permission per profile "edit any main profiles" ?

For viewing the profile, we could add another build module for the "admin view" of it:
* Basic view
* Administrative view

Thus users can easily configure view on the the display page of the field API. As of now there is only a "full profile" build mode there.

joachim’s picture

joachim commented
Version: » 7.x-1.x-dev

Profile D6 privacy options summarized:

PROFILE_HIDDEN => t('Hidden profile field, only accessible by administrators, modules and themes.'),
'administer users'
user can't see own.

PROFILE_PRIVATE => t('Private field, content only available to privileged users.'),
user can see own
'administer users'

PROFILE_PUBLIC => t('Public field, content shown on profile page but not used on member list pages.'),
user can see own
'administer users'
'view user profiles'

PROFILE_PUBLIC_LISTINGS => t('Public field, content shown on profile page and on member list pages.')
(we don't care about listings)

joachim’s picture

joachim commented

So the conclusion is provide a checkbox on the field edit page to make it hidden, as this is better UI than what a hypothetical contrib field_access module would provide.

joachim’s picture

joachim commented
Title: UI, visibility, and access » profile field access

Better title.

fago’s picture

fago
Primary language German
Location Vienna
commented
Issue tags: +Needs tests

implemented, but needs tests.

fago’s picture

fago
Primary language German
Location Vienna
commented
Title: profile field access » profile field access tests
rggoode’s picture

rggoode commented

I wonder if the private access could be more flexible... Permitting a way to define private access for selected roles, rather than only to "view own" and the Administrator role.

By restricting the private view options to Administrator, it forces a situation where Administrator role with all of it's other permissions needs to be granted to people who need to view the profile data, but shouldn't have full administrator rights on the site (like a manager or editor role).