[Building Sakai] Permission to see official photos in Roster2
daniel.merino at unavarra.es
daniel.merino at unavarra.es
Sun Aug 4 02:39:14 PDT 2013
Sorry, I mean that this was implemented at
https://jira.sakaiproject.org/browse/RSTR-46
El Dom, 4 de Agosto de 2013, 11:37, daniel.merino at unavarra.es escribió:
> Hi, Steve.
>
> I think that a fairly common use case is bypassing user's preferences to
> show all the official photos in Roster to teachers.
>
> This was implemented at https://jira.sakaiproject.org/browse/RSTR-58 but
> IMHO is incomplete (and it has serious privacy issues, at least under
> spanish laws) while is not role aware. Any user can see everyone official
> photo just adding that user to their site.
>
> I don't know if RSTR-58 is added to any branch, but I would revert it if
> this issue can not be fixed in a short/middle term.
>
> I took a look on Roster2 code and I saw that roster.viewofficialphoto
> permission is not included in the list of permissions retrieved by JSON
> call. I don't know too much about JSON. Could it be added?
>
> Thanks.
> Best regards.
>
> El Dom, 4 de Agosto de 2013, 1:22, Steve Swinsburg escribió:
>> Hi Daniel,
>>
>> Profile2 will show whatever image the user has configured or the
>> preferences dictate.
>>
>> If a user has an official image, who can currently see it?
>>
>> The permissions in profile2 don't support site or role based
>> restrictions
>> to images. There may be some work to do in this area if that was to be
>> supported or required, probably not too tricky though.
>>
>> Cheers,
>> S
>>
>> Sent from my iPad
>>
>> On 03/08/2013, at 19:23, daniel.merino at unavarra.es wrote:
>>
>>> Hi Steve,
>>>
>>> I am not at work right now, but I think that we have mostly the default
>>> settings for Profile2.
>>>
>>> Do you know if there is some combination of settings in Profile2 that
>>> hides official photos for everybody but teachers?
>>>
>>> Thanks.
>>> Best regards.
>>>
>>> El Sab, 3 de Agosto de 2013, 0:34, Steve Swinsburg escribió:
>>>> Hi Daniel,
>>>>
>>>> Roster2 delegates permissions for images over to Profile2, so check
>>>> what
>>>> settings you have there.
>>>>
>>>> Cheers,
>>>> Steve
>>>>
>>>> Sent from my iPad
>>>>
>>>> On 02/08/2013, at 22:26, Daniel Merino <daniel.merino at unavarra.es>
>>>> wrote:
>>>>
>>>>> Hi everybody.
>>>>>
>>>>> As it seems that Roster tool does not support official photos from
>>>>> Profile2 API and is not in its agenda neither, we have tested Roster
>>>>> 2
>>>>> tool to use official photos as it was implemented in RTSR-46 (1).
>>>>> Finally we use the URL approach and storing URLs in
>>>>> PROFILE_IMAGES_OFFICIAL_T works fine.
>>>>>
>>>>> However, we have discovered that Roster2 does not support old
>>>>> roster.viewofficialphotos permission, so it is not possible AFAIK to
>>>>> allow seeing official photos only to Teacher role. As as consequence,
>>>>> any user could add other users to their site and could see their
>>>>> official photos. We think that this is a big privacy issue.
>>>>>
>>>>> I have documented this in RSTR-58 (2) but we are in a hurry because
>>>>> we
>>>>> are going to 2.9 next week and I wonder if somebody has done this
>>>>> anywhere and could share their work with us.
>>>>>
>>>>> Also, if somebody is using Roster tool with official photos loaded
>>>>> from
>>>>> URL and there is a patch somewhere, using Roster could be also a
>>>>> valid
>>>>> option for us.
>>>>>
>>>>> I would be really grateful if somebody could help me with this.
>>>>>
>>>>> Thanks in advance.
>>>>> Best regards.
>>>>>
>>>>> (1) https://jira.sakaiproject.org/browse/RSTR-46
>>>>> (2) https://jira.sakaiproject.org/browse/RSTR-58
>>>>> --
>>>>> Daniel Merino EcheverrÃÂa
>>>>> daniel.merino at unavarra.es
>>>>> Gestor de teleformación - Centro Superior de Innovación
>>>>> Educativa.
>>>>> Tfno: 948-168489 - Universidad Pública de Navarra.
>>>>> _______________________________________________
>>>>> sakai-dev mailing list
>>>>> sakai-dev at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>
>>>>> TO UNSUBSCRIBE: send email to
>>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>>>> "unsubscribe"
>>>>
>>>
>>>
>>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
More information about the sakai-dev
mailing list