Comments (4)
mikonse
commented on June 15, 2024
Just so I understand correctly. You essentially mean that if one knows a special guest / invite link one could edit transactions without having an user account in the abrechnung instance, right?
The current guest mode works somewhat different. We currently implemented a config option which allows registration to be limited to a set of email domains which would allow only users with an email in that domain (e.g. some org / association) to freely register. When enabling the guest user feature it enables other users who know the invite link to a group to also register as a guest account without having an email from one of the restricted domains. A guest account is not able to create new groups.
The idea behind that feature was to be able to restrict a self hosted instance to a limited userbase but allow outsiders to take part without having to manually create accounts.
With the current backend / database architecture it would probably be difficult to implement a purely link based guest mode as a number of current features require a user to be logged in to provide some measure of traceability (who added / changed what).
from abrechnung.
schoerg
commented on June 15, 2024
Just so I understand correctly. You essentially mean that if one knows a special guest / invite link one could edit transactions without having an user account in the abrechnung instance, right?
Yes, that is correct.
The idea behind that feature was to be able to restrict a self hosted instance to a limited userbase but allow outsiders to take part without having to manually create accounts.
I understand. So, my next question would then if it's somehow planned/feasable to disable e-mail verification. Right now I create all accounts and tell my friends "use your first name, password first name" because I don't want to deal with e-mails not arriving, people not having access to them at their phone or laptop. I can understand if that is too specific to my use case and will not be implemented.
from abrechnung.
mikonse
commented on June 15, 2024
I think having a config flag to disable the requirement for emails to be verified seems quite reasonable to me, if that is sufficient for your use case I'll have a look.
Otherwise if you've got time and motivation I'd be happy to accept a pull request for such a config option.
from abrechnung.
schoerg
commented on June 15, 2024
Thank you!
from abrechnung.
Related Issues (20)
- creating new account description becomes name
- balance view ugly when almost balanced
- Search Field of Users in transaction edit screen vanishes.
- `description` field of account create/edit view copies content to `name` field HOT 1
- Docker Install Problems HOT 3
- "user is not a member of this group" error when uploading image to unsaved transaction HOT 1
- Mobile app HOT 2
- Docker multi-arch support HOT 5
- Incorrect math in Settlement Plan HOT 2
- add ability to freeze / archive groups
- Sort balance view by balances
- In the "accounts" view, for "transfer" type transactions, show the name of the partner
- Create short-cut feature for creating intra-group balance exchange transfers
- Any plans for an iOS app? HOT 1
- Docker setup - env variables from .env not being loaded HOT 3
- Docker setup - frontend container keeps exiting HOT 2
- Add transaction from event page HOT 2
- Purchase position view seems to be broken HOT 7
- Docker doesnt start on raspberry pi HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from abrechnung.