Member list should not be viewable by all members by default
8 views
Skip to first unread message
Chris Murray
Nov 21, 2017, 10:32:16 AM11/21/17
to seltzercrm-dev
(cross posted in the Github issue tracker)
Currently, all embers can see the members page & browse contact details, including emergency details, for members. This can create Data Protection & privacy issues for spaces whereby members are forced to agree to their details being shared with the wider community, which they may not want.
This is particularly an issue if the registration module is enabled, as anyone could theoretically sign up & have full access to the membership list & contact details.
I propose a modification to the contact & member modules to introduce a _list permission which is not given to the member role by default, only the webadmin & director roles. They can choose to give the permission to members if they wish. The end effect is that members no longer see the members tab at the top of the screen, but can still view their own profile by clicking the profile link at the top right hand of the screen.
Thoughts?
Currently, all embers can see the members page & browse contact details, including emergency details, for members. This can create Data Protection & privacy issues for spaces whereby members are forced to agree to their details being shared with the wider community, which they may not want.
This is particularly an issue if the registration module is enabled, as anyone could theoretically sign up & have full access to the membership list & contact details.
I propose a modification to the contact & member modules to introduce a _list permission which is not given to the member role by default, only the webadmin & director roles. They can choose to give the permission to members if they wish. The end effect is that members no longer see the members tab at the top of the screen, but can still view their own profile by clicking the profile link at the top right hand of the screen.
Thoughts?
Reply all
Reply to author
Forward
0 new messages