Jump to content

[4.7.11] Usergroup setting removes options to request pii data and account deletion

MMXII

By MMXII
in Technical Problems

 Share
Go to solution Solved by Stuart Silvester,

Recommended Posts

MMXII Rising Star

MMXII

Posted
Posted

This seems to be a bug or at least unwanted behavior: The new options to request pii data and account deletion do not show up in the frontend, if the usergroup setting the "Can login anonymously?" is set to "Disallowed". Then the menu entry "Security and Privacy" does not show up at all.

MMXII Rising Star

MMXII

Posted
  • Author
Posted
10 hours ago, Stuart Silvester said:

we're preparing a patch

Once the patch has been released, if I download 4.7.11 from the client area again, will the patch be included in the download package too, or do I have to wait until 4.7.12 until the files available from the client area will be updated?

Stuart Silvester Grand Master

Stuart Silvester

Posted
Posted
2 hours ago, MMXII said:

Once the patch has been released, if I download 4.7.11 from the client area again, will the patch be included in the download package too?

Yes, anytime we release a patch it is included in new downloads.

SUBRTX Collaborator

SUBRTX

Posted
Posted
19 hours ago, Stuart Silvester said:

Yes, anytime we release a patch it is included in new downloads.

is there an option to disable request pii data and account deletion? Thanks.

CodeWizard Newbie

CodeWizard

Posted
Posted
4 hours ago, Stuart Silvester said:

At this time, it's available to all members.

This is something I just cannot understand. All the bugs aside these two features introduce a whole new workflow of having to deal with requests, approvals and rejections. Who thought it's a good idea to release this without an option to opt-out? Not every community needs this and not everybody is ready. Communities that aren't ready to handle this are basically forced to stay on an older version and miss out on all other improvements. Both of those features should be configurable.

I looked into disabling it via code hooks and things get even worse. While hooking \IPS\Member::canUseAccountDeletion does the trick for account deletion (proper backend checks + removes it from UI), same route just doesn't work for PII.

\IPS\Member\PrivacyAction::canRequestPiiData/canDownloadPiiData can be hooked but UI elements will stay because of settingsPrivacy template. Buttons will be gone but whole div, header and description will stay.

For account deletion whole div is wrapped properly: 

{{if \IPS\Member::loggedIn()->canUseAccountDeletion() }}
...
{{endif}}

Why same thing wasn't done for PII? This would do the trick: 

{{if \IPS\Member\PrivacyAction::canRequestPiiData() }}
...
{{endif}}

Now it's impossible to remove this without excessive trickery. Theme hooks won't really do the job as there is no way to select that specific div as it doesn't have a unique identifier (it's a generic div.ipsPadding). Documentation states that "you can use any of the selectors supported by jQuery" and that's simply wrong, actually not even a tiny fraction of selectors used by jQuery are supported. Only the most basic CSS selectors can be used and those don't allow to select e.g. parent elements.

I didn't expect that a monthly update will turn into such a headache that a simple ACP option could easily fix.

tl;dr Please make those features optional.

MMXII Rising Star

MMXII

Posted
  • Author
Posted
1 hour ago, CodeWizard said:

Please make those features optional.

Yes, please! I second that (hence my feedback here and here). Ideally the permissions should be group-based (at the same place where anonymous logins can be allowed/disallowed).

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...