23 Aug
2019
23 Aug
'19
9:40 a.m.
On 23 Aug 2019, at 09:19, Simon Urli
<simon.urli(a)xwiki.com> wrote:
Hi Paul,
On 22/08/2019 21:23, Paul Libbrecht wrote:
Thanks a lot Paul for mentioning this. I find it very interesting and important to mention
since it could have had impacts on our solution. From what I understand, Simon is saying
that what he’s planned goes in the direction you mentioned and will be compatible with it
when we add it in the future.
Would be great to record this in a JIRA for future work!
Thanks
-Vincent
Hello Simon,
while writing GPDR-compliant “technical organisation’s measures”, I’ve been insertion a
statement that says that users who do not respond to an actualisation wish of the
terms-of-conditions are automatically erased. The reason this is needed lies in the fact
that an explicit agreement is always needed to any change in the data-privacy-policy as
long as the user-profile contains personal information (generally, it does).
As a result, it seems to me that one of these fields should be a date: “last activated”
or something last this. Per default, we’d just make sure that this date is not the date
zero. An authenticator that a would enable a wiki to be GPDR compliant with TOS and
privacy notices would then check that the last-activated is later than the last
modification date of these documents.
I entirely agree that a second property stating that a user is disabled because his
profile looks to be spam is a necessary thing. Here, I do not see a date requirement.
IMO here you are talking about a new usecase that we don't currently handle in
XWiki.
This proposal was about modifying the behaviour of two already existing usecases. So I
wouldn't add the property you propose as part of this work, since I don't really
need it here.
Now I don't really see the problem of adding the new date property you propose on
XWiki.Users as part of a new feature or an improvment. It's just not the scope of this
proposal.
Simon
thanks
Paul
On 22 Aug 2019, at 16:01, Simon Urli wrote:
> Hi everyone,
>
> I recently (in XWiki 11.6RC1) introduced a new property "enabled" in
XWiki.User as part of https://jira.xwiki.org/browse/XWIKI-12654 to distinguish between
inactive users (who have not confirm their registration with the token sent by email), and
disabled users (who are deactivated by an admin, or by a security mechanism).
>
> Now as Marius noticed those two properties are quite redundant, especially when you
want to know which users are really active.
> So it introduces unnecessary complexity and we might even need to change existing
extension to check enabled users (cf the last comments on XWIKI-12564).
>
> So before doing those changes, I propose to fix immediately the issue by removing
that newly introduced property and by introducing a new property only for assessing that
users' email are checked.
>
> Then we will only have to check "active" property to check if a user is
active or not, and we could rely on it to set them enabled or disabled in the admin.
> The email_check property would be used only for the check email mechanism, so it will
avoid any confusion in the semantic.
>
> WDYT?
> Simon
>
> --
> Simon Urli
> Software Engineer at XWiki SAS
> simon.urli(a)xwiki.com
> More about us at http://www.xwiki.com
--
Simon Urli
Software Engineer at XWiki SAS
simon.urli(a)xwiki.com
More about us at http://www.xwiki.com