0
As the Profile pages are getting all the work right now (and rightly so!), the question has come up as to how to manage who can view what profile information. The goal is relatively simple: Staff can view everything, Clients can view everything on their own profiles that aren't designated Staff-only, Clients can only view items on others' profiles that are public. Achieving this goal will take a bit of effort.
In previous iterations of this mod, each field had a 'staff only' flag on it. This was something that could be set to Yes for fields that only should be visible to staff members, and not visible to any clients. A simple example of why one would want to use this field would be staff notes: something like "this guy is notoriously difficult to work with, be wary when agreeing to do anything for him". This type of field can be a great help for staff members to be able to record this kind of private information about clients, but not squirreling it away to some place they'd have to go into the ACP to see. If a field is not flagged as 'staff only', then anyone else could see it.
I was going with this concept, until I came up with the idea to have a 'member list' and let Clients view other Clients' profiles. Before, your average Client wouldn't be able to view another Client's page, so protecting potentially sensitive information like passwords wasn't necessary, but now it is. To achieve this, the old 'staff only' type of field (which was just a boolean) needs to be changed to a 'field protection level' setting. This setting will have three choices:
Feedback is of course welcome, if anyone sees any scenarious that such a setup suggested above wouldn't cover.
In previous iterations of this mod, each field had a 'staff only' flag on it. This was something that could be set to Yes for fields that only should be visible to staff members, and not visible to any clients. A simple example of why one would want to use this field would be staff notes: something like "this guy is notoriously difficult to work with, be wary when agreeing to do anything for him". This type of field can be a great help for staff members to be able to record this kind of private information about clients, but not squirreling it away to some place they'd have to go into the ACP to see. If a field is not flagged as 'staff only', then anyone else could see it.
I was going with this concept, until I came up with the idea to have a 'member list' and let Clients view other Clients' profiles. Before, your average Client wouldn't be able to view another Client's page, so protecting potentially sensitive information like passwords wasn't necessary, but now it is. To achieve this, the old 'staff only' type of field (which was just a boolean) needs to be changed to a 'field protection level' setting. This setting will have three choices:
- Unprotected (visible to all clients and staff)
- Protected (visible to staff and to that client)
- Hidden (visible to staff only)
Feedback is of course welcome, if anyone sees any scenarious that such a setup suggested above wouldn't cover.
Will there be an option for a Client to flag something as private (either their whole profile or part of it) ? (ie the Client can change it from 1 to 2) , although maybe it might be better to not let them change it back again
Edit. Changed my mind. It looks good the way it is