Permissions - Githubissues

BlasiusSecundus / descendant_numbering

Genealogical numbering of descendants - Plugin for webtrees

GNU General Public License v3.0

1 stars 0 forks source link

Permissions #3

Open curtisdelicata opened 6 years ago

curtisdelicata commented 6 years ago

Are you planning on allowing different levels of users to see the data in the future? So members of families can see different parts?

You could use the function to check if the individual should not be shown like other pages do for private records?

BlasiusSecundus commented 6 years ago

Yes, this feature can be added (e. g. using GedcomRecord's canShow method). Currently, it only checks if the current user is a member of the tree, and only shows the data to members of the tree.

Further questions are: if the algorithm finds a "hidden" individual, should it continue to process his/her children, or stop? Should he/she still appear in the output table in some form? (E. g. as "hidden individual")

curtisdelicata commented 6 years ago

Maybe use a checkbox like spouses? Where it would show the text "hidden individual" ir just not show any data for them?

BlasiusSecundus commented 6 years ago

The "hidden individual" text would appear in the output table (in place of name/XREF). Also, same for data exports. Alternatively, the data could simply be omitted (perhaps the user could select which one they prefer).
If I am not mistaken (based on Auth.php and GedcomRecord.php) there are 3 standard access/privacy levels: PRIV_PRIVATE (visitors), PRIV_USER (members), PRIV_NONE (admins). PRIV_HIDE seems to be used for special purposes.
Perhaps a drop down could be added there with the standard access levels - the user could specify the highest access level that is still included in the export. (e. g. if PRIV_USER is selected, only PRIV_PRIVATE and PRIV_USER level individuals would be included). Of course, the user could not select a higher access level than their own.
By default the user's own access level would be used.

curtisdelicata commented 6 years ago

👍

BlasiusSecundus commented 6 years ago

Apparently, permissions are a bit more complicated than what I previously thought. E. g. the admin may restrict a member’s access to the tree.

The current implementation uses the built-in “canShow” function to determine whether an individual can be shown = included in the numbering list. Perhaps this is the safest way to ensure that permissions are handled correctly – the plan detailed above may not be appropriate.

Currently, the data for the “inaccessible” individuals are simply omitted from the output.