Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users visibility permissions #173

Open
ds2268 opened this issue Nov 9, 2021 · 2 comments
Open

Users visibility permissions #173

ds2268 opened this issue Nov 9, 2021 · 2 comments

Comments

@ds2268
Copy link

ds2268 commented Nov 9, 2021

Any user can see all the users in the "users" section. Can we somehow limit this already now? Users might use full names and might not be desirable to be seen by other users, especially if there are multiple collections, for each institution separately, but users from both collections can still see all the registered users on the platform. This should be limited to admin only, or to see users that are part of the collections that you are also in...
@btsherid
Copy link

I would also like to disable all users being able to see the users section. I agree that this should be limited to admin only.

@manthey
Copy link
Contributor

manthey commented Jan 24, 2024

Internally, users are access controlled models, so this would be a matter of setting all users to public=False. I don't think there is a web api to do this for users, so this would be running for user in User().find(): User().setPublic(user, False, save=True) in python and hooking to the user creation event to ensure new users are so flagged.

It wouldn't be a hard feature to add to a plugin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@manthey @ds2268 @btsherid