User search during abstract submission

corbet · April 10, 2018, 6:27pm

I have noticed an interesting aspect of Indico’s behavior. If a user goes to the screen to submit an abstract for an event, they will be prompted to supply one or more author’s information. The search screen can be trivially used to obtain the name, email, and any other information entered by every user who has ever registered on the site.

This seems like a privacy violation, so I have to ask if that’s the intended behavior? It must be, since the instance at cern.ch also allows that. Is there any way to turn this feature off?

(What would be ideal for us would be to have the person submitting the abstract simply be entered as the author/speaker and not prompt for that information at all. I don’t suppose that’s possible now?)

Thanks,

jon

ThiefMaster · April 10, 2018, 6:40pm

It’s intended behavior (and I think it’s always been like this) but you are not the first person suggesting to make this configurable and I’m quite sure that we will do that at some point - or maybe allow admins to specify which users (e.g. only those in certain groups) can search for users.

pferreir · April 11, 2018, 7:27am

I’d suggest we discuss this in the GDPR GitHub issue thread: