As discussed on the core repo at https://github.com/ckan/ckan/issues/3441 the user list is not adequately hidden from the public. Even if the public_user_details flag is set to False, that only protects from anonymous access; anyone who can register an account can still see everything.
Would it be feasible to copy the approach used by ckanext-qgov?
Admins (including organisation, group, and sysadmins) can access user_list and user/autocomplete; others cannot. (This is necessary in order for them to be able to add people to their groups.)
Admins can call user_show for other users. Non-admins can only call it for themselves. Unauthenticated users cannot call it at all. This also controls access to user profile pages.
Group admins can call group_show with include_users=True for their own group, but not for any other group. Anyone can call it with include_users=False. This also applies to organisation admins and organization_show.
As discussed on the core repo at https://github.com/ckan/ckan/issues/3441 the user list is not adequately hidden from the public. Even if the
public_user_detailsflag is set to False, that only protects from anonymous access; anyone who can register an account can still see everything.Would it be feasible to copy the approach used by ckanext-qgov?
user_listanduser/autocomplete; others cannot. (This is necessary in order for them to be able to add people to their groups.)user_showfor other users. Non-admins can only call it for themselves. Unauthenticated users cannot call it at all. This also controls access to user profile pages.group_showwithinclude_users=Truefor their own group, but not for any other group. Anyone can call it withinclude_users=False. This also applies to organisation admins andorganization_show.