Handover mechanism to transfer report management to new users

globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

https://www.globaleaks.org

Other

1.25k stars 274 forks source link

Handover mechanism to transfer report management to new users #3647

Open larrykind opened 1 year ago

larrykind commented 1 year ago

Proposal

This feature proposal is regarding a tool for handover and transfer all the reports to a new user, including closed and deleted ones ( with reference to my comment in #3645 ). This shoud be a massive version of the user's report switching tool recently implemented, but also including closed and deleted reports. The only constraint should be that new user could not reopen a closed case.

Motivation and context

From my experience often users ask to set generic usernames to to not lose the management / view of older report when the phisical user that changes his role in the administration and a new user comes in the role: in Italy chief personnel in public administrations is periodically subjected to role rotation for anti-corruption purposes.

evilaliv3 commented 1 year ago

Thank you @larrykind

I suggest to keep topics separated:

handover
https://github.com/globaleaks/GlobaLeaks/issues/3648

Let's use this ticket for topic 1 and i'm going to create a dedicated ticket for the topic 2.

Who is the user of your handover function: an administrator or a recipient?

In my opinion sooner or later we will need to implement the possibility that an administrator with access to key escrows could duplicate a user that is feature with many overlaps with the one of handover that you are describing.

\cc @giorgiofraschini @gianlucagilardi @elbill @danielvaknine: what do you all think?

danielvaknine commented 1 year ago

Not a huge priority in our opinion since you could: a) change the user email and password --> equivalent of creating a new user b) Select all reports and from the report overview grant access to the new user

giorgiofraschini commented 1 year ago

I think it should be an administrator choice (not a recipient one). I urge you to consider that ranting access to old reports to a new user could also be a prejudice to the whistleblower, because his report is handled by a person which was not a prescribed recipient at the moment of the report. I know that the recipient role is often a functional assignment, not a personal one. that is why I think this should be on the administrator.

larrykind commented 1 year ago

Hi everyone, thank you for contributing. @danielvaknine the procedure you indicate is what is actually possibile (and what we also use ...) to maintain report visibility when physical people "rotates" their role in the administration, but It seems to me as kind of workaround to manage an handover process. In my opinion this could drive for the long term to loss of informations in the audit logs, because you can't precisely track the physical people that managed the report with just the application. That's why I mentioned #3645, to maintain some user data after user deletion also.