At present, a non-admin person can see the complete list of people who have authenticated with auth on our test version: https://dwylauth.herokuapp.com/people
This is a useful feature during development because we can immediately see who has logged in & when. but ...
It's obviously undesirable as it's "leaking" Personally Identifiable Information (PII)
Even though this is a Test System, we still don't want to let anyone see who has authenticated.
So I propose we restrict the data visible in this view to only the admin of the App and superadmin.
At present, a non-admin person can see the complete list of people who have authenticated with
authon ourtestversion: https://dwylauth.herokuapp.com/peopleThis is a useful feature during development because we can immediately see who has logged in & when. but ... It's obviously undesirable as it's "leaking" Personally Identifiable Information (PII) Even though this is a Test System, we still don't want to let anyone see who has authenticated. So I propose we restrict the data visible in this view to only the
adminof the App andsuperadmin.