search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.64k stars 10.64k forks source link

Privacy: Disable/Hide complete list of user #18635

Open Quadrocompile opened 4 years ago

Quadrocompile commented 4 years ago

Description:

We'd like to host RC for our organization. However, there are privacy concerns regarding the feature that allows user to see the list of all user in the system and the possibility to DM them. We are able to hide the user list with the embedded-layout. However, when using the app, the user list feature is always enabled.

Steps to reproduce:

Persistent behavior

Expected behavior:

Switch to disable the complete user list in order to appease 'privacy fanatics'.

Suggested workaround / Request

The easiest solution that comes to my mind would be to alter the query that fills the list in such a way, that the server would only return an empty record. That would be a crude workaround but nevertheless it would work well in our scenario.

Could you please advise if such workaround would interfere with the rest of the application. And if not: could you please provide me insight, which api hook is used to query the complete user list, in order to alter the servers response to never return any user at all.

Actual behavior:

Currently, there is a list of all users signed up on the server. This can be hidden when using the embedded mode, however, it is always visible to users using the app.

Server Setup Information:

Client Setup Information

Any

Additional context

-

Relevant logs:

-

Best regards

github-actions[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

pierreozoux commented 3 years ago

We'd like to at least be able to hide the email.

ImaCrea commented 3 years ago

Hello, any news around here maybe? Hiding emails would already be great.

pierreozoux commented 3 years ago

Actually @ImaCrea maybe we see emails because we are admin. I didnt consider this, I'll try again when in front of a laptop.

johncrisp commented 3 years ago

Not sure you can see emails unless you are admin?

Please confirm this?

johncrisp commented 3 years ago

(and please test on 3.16 !!)

pierreozoux commented 3 years ago

Yes, I confirm that if you are not admin, you don't see emails. (Except if the username is the email, but well, we can't do much on that case :) )

2old4it commented 2 years ago

Is there any progress on this? We want to facilitate several teams/customers using RC but we (and or customers) don't want the option that everybody can invite everybody to a channel/discussion.

gstlouisgit commented 2 years ago

I suppose there is no action to have this ability. I hope someone picks this up as it would be a great security feature for this app

avenger2005 commented 2 years ago

uncheck the “view outside room” in the Permissions setting

bndrgroup commented 2 years ago

uncheck the “view outside room” in the Permissions setting

Seems to do the trick! Thanks