search

italia / spid-testenv2

New test Identity Provider for SPID
GNU Affero General Public License v3.0
35 stars 38 forks source link

Add view users configuration flag #265

Closed Undermaken closed 1 year ago

Undermaken commented 4 years ago

This PR adds the can_view_users configuration flag to enable/disable the access to users list section

flag on flag off
Preferences Privacy
alranel commented 4 years ago

I have mixed feelings about this. I'm afraid that the ability to hide the users page would encourage users to trust spid-testenv2 as a safe application which can be used in a production context. spid-testenv2 is only a development/demo tool and MUST NOT be used to secure production applications. With this constraint in mind, I can't see a scenario where hiding the Users page would make sense.

I think we should keep this PR open until someone suggests such a scenario. I'll be happy to merge it then :-)