Content
View differences
Updated by Oliver Günther about 1 year ago
**As** an OpenProject administrator
**I want to** be made aware of the dangers of automatic self registration
**so that** I realise that unknown users could gain access to my projects.
#### **Acceptance criteria**
<br>
**Add warning banner for self-registration**
In the Login and SSO page, for the 'Self-registration' drop down:
* If 'Account activation by email' or 'Automatic account activation' is selected, show a warning banner below the field:
* Text: "The user will be able to activate their own accounts. Please note that this will give them access to all public projects and their content. Please make sure that no sensitive or private data is exposed in public projects."
**Project settings**
_In {Project name} → Project settings → Information:_
* ~~Remove Remove 'Visibility' section with the 'Public' checkbox~~ checkbox
* _**Note: This is being implemented in** **##61889**_ <mention class="mention" data-id="61889" data-type="work_package" data-text="##61889"><strong>##61889</strong></mention>_
* If a project is not public:
* Add option "Make public" to the More (⋯) menu
* Use icon: `lock`
* On click, show DangerConfirmationDialog:
* Title: "Make this project public?"
* Text: Anyone who has access to this instance will be able to view and interact with this project depending on their role and authentication settings. Sub-projects are not affected and have their own settings.
* Checkbox label: I understand that this will make the previously private content public
* Primary action: Confirm
* Secondary action: Cancel
* If a project is public:
* Add option "Make private" to the More (⋯) menu
* Use icon: `unlock`
* On click, show DangerConfirmationDialog:
* Title: "Make this project private?"
* Text: The project will only be visible to project members depending on their role and associated permissions.
* Checkbox label: I understand that this will make the previously public content private.
* Primary action: Confirm
* Secondary action: Cancel
* Add a warning banner (yellow) to the top of the page:
* Text: This project is public. Anyone who has access to this instance will be able to view and interact with this project depending on their role and associated permissions. Sub-projects are not affected and have their own settings.
* Primary action: Make private (shows the DangerConfirmationDialog described above)
#### **Technical notes**
* The default value for the self registration setting is manual activation which is safe
<br>
**I want to** be made aware of the dangers of automatic self registration
**so that** I realise that unknown users could gain access to my projects.
#### **Acceptance criteria**
<br>
**Add warning banner for self-registration**
In the Login and SSO page, for the 'Self-registration' drop down:
* If 'Account activation by email' or 'Automatic account activation' is selected, show a warning banner below the field:
* Text: "The user will be able to activate their own accounts. Please note that this will give them access to all public projects and their content. Please make sure that no sensitive or private data is exposed in public projects."
**Project settings**
_In {Project name} → Project settings → Information:_
* ~~Remove
* _**Note: This is being implemented in** **##61889**_
* If a project is not public:
* Add option "Make public" to the More (⋯) menu
* Use icon: `lock`
* On click, show DangerConfirmationDialog:
* Title: "Make this project public?"
* Text: Anyone who has access to this instance will be able to view and interact with this project depending on their role and authentication settings. Sub-projects are not affected and have their own settings.
* Checkbox label: I understand that this will make the previously private content public
* Primary action: Confirm
* Secondary action: Cancel
* If a project is public:
* Add option "Make private" to the More (⋯) menu
* Use icon: `unlock`
* On click, show DangerConfirmationDialog:
* Title: "Make this project private?"
* Text: The project will only be visible to project members depending on their role and associated permissions.
* Checkbox label: I understand that this will make the previously public content private.
* Primary action: Confirm
* Secondary action: Cancel
* Add a warning banner (yellow) to the top of the page:
* Text: This project is public. Anyone who has access to this instance will be able to view and interact with this project depending on their role and associated permissions. Sub-projects are not affected and have their own settings.
* Primary action: Make private (shows the DangerConfirmationDialog described above)
#### **Technical notes**
* The default value for the self registration setting is manual activation which is safe
<br>