Restricted users editing rosters can result in data loss

[tbar0970]

When a user who is restricted to a certain congregation edits a roster in which people from OTHER congregations have been assigned to roles, those persons are not shown in the applicable dropdown boxes (because they are invisible to the current user). The dropdown boxes are thus empty and when they save the roster, the old data is wiped.

This is not so much a bug as an undesired behaviour.

Note that the issue is the visibility of the PEOPLE, not the user's lack of access to the congregation to which the ROLE belongs (although that tends to coincide because people are frequently allocated to their own congregation's roles - but not always).

Brainstorming solutions:

1. Detect when there are invisible people assigned to a role+date and make that cell read-only.
2. Somehow make the assignee's names not invisible at that point - they could "peek out from behind the curtain".
3. Only allow non-restricted users to edit roster assignments
4. ??

[tbar0970]

Chosen solution:

1. A roster assignment involving a person that is not visible to the current user is shown as "(Hidden)"
2. • unless the roster view has been set to be publicly visible, in which case we show names since they'll be visible on the public site anyway.
3. Any cell (role+date) which involves a hidden person (even one whose name is in fact displayed because of the previous point) becomes read-only
4. When roster assignments are saved, no existing data is deleted for read-only cells.