Open RafailStratiotis opened 8 months ago
As a suggestion, you could have the following treatments: 1 - the User is automatically deleted after the token expires. 2 - When creating the user/token, the token/url would be stored in a field that could be copied at any time before it expires, this would only be bad in my view (when the token expires the user would be removed). @tananaev
Yes Anton, by logging in as a user we can copy the token and re-share, well put. As for user self-exclusion, I haven't observed this yet, I will check as soon as possible. Would it have been implemented in this commit?
Would the deletion have been implemented in this commit?(https://github.com/traccar/traccar/commit/346a860b0aae7097445aa5aa22f37a88d9d7955e).
That's completely unrelated commit.
Thanks!
Duplicate entry 'xxxx@xxx.xx:12345678910' for key 'tc_users.email' - SQLIntegrityConstraintViolationException (... < QueryBuilder:469 < DatabaseStorage:95 < DeviceResource:216 < ...)
I get this message for reshare again to copy the link.
Yeah, looks like that part is not working.
@RafailStratiotis Generating a token by entering this user will not be duplicated, I think that solves it while another solution emerges.
@tananaev something else i noticed is the new user created from "Share Device" should not have the right to see the report history, also I believe that since user "A" create user "B" via "Share Device" user "A" should see "B" because currently only admin can see user "B"
@juniormelo26 I did not understand what you mean :/
@RafailStratiotis O usuário administrador pode acessar qualquer usuário e gerar um token. você acessa o usuário compartilhado e gera um token.
Why they shouldn't be able to see reports?
@tananaev because this token is for a third party person that we don't know about (only our customer knows about it), accessing reports for example 30 days ago or a year ago that's corporate data that shouldn't to give access
Well, you're sharing a device, which includes history.
My understanding of this feature is that the use-case its most applicable to is temporary sharing of location/live tracking of a device with a customer or external party.
If the purpose of this feature is sharing with customer, then access to historical data or ability to manage/edit should not be there.
Considering a shared link could be shared with multiple external users, or a device over a period of time may be shared with multiple external users.
@zeustd I agree that having access to the history is a security gap for a corporate data
it will be nice, if we can click share and set time how long this share link works and what we want share. like only real-time position or history etc...
Time selection is already implemented.
Time selection is already implemented.
where I can find it?
On the master branch.
@tananaev you could add the new users created by Share Device to appear in the account from which they were created ? so that when the user wants to delete the Share Device Account. or if possible, the user creates the Share Device Account expiration period, as is done in the token.
Good Evening, just tried Device link sharing and it's very nice but it would be good at some point if the user who created the Token and therefore the new user to appear in the "users" tab and delete him whenever he wants, but also to be able to copy again the link he created at any time! because the link copy it once and if you need it again it will have to delete the user and generate Token again.