I think it's time XF extend privacy permissions to all user info. right now, the only options are to allow the profile page or not, but really the permissions should be based on information, not location, since the same information displayed on the profile page can be displayed on the message user info block (on each post) and/or the member tooltip (also on each post), thus exposing this potentially personal information, despite locking down the profile page. Here is a summary of all user information, existing permissions and where the information is located:
A simple change would be to re-purpose the allow_view profile permission to control the privacy of the avatar, birthdate, age, title, location and customer user field by modifying the corresponding macros for message user info, member tooltip, and profile page to check this permission prior to displaying any of these. Similarly, allow_view_identities could control privacy of website, and allow_receive_news_feed (all activity) could be used to control privacy of online/last seen and current activity. This would not require any new permissions (just changing their phrases to clarify their new expanded meaning), and would only require modifying three templates (or in XF core ideally so that the logic doesn't have to be duplicated in multiple templates).
Seems like with GDPR and other regulations it is high time XF provide more granular (and easier to understand) permissions.
A simple change would be to re-purpose the allow_view profile permission to control the privacy of the avatar, birthdate, age, title, location and customer user field by modifying the corresponding macros for message user info, member tooltip, and profile page to check this permission prior to displaying any of these. Similarly, allow_view_identities could control privacy of website, and allow_receive_news_feed (all activity) could be used to control privacy of online/last seen and current activity. This would not require any new permissions (just changing their phrases to clarify their new expanded meaning), and would only require modifying three templates (or in XF core ideally so that the logic doesn't have to be duplicated in multiple templates).
Seems like with GDPR and other regulations it is high time XF provide more granular (and easier to understand) permissions.
Upvote
0
