CON-1490 - Hide sensitive data based on security and from exported data

Created by Shannon Deminick 30 Jan 2018, 18:15:49 Updated by Sebastiaan Janssen 04 Sep 2018, 06:06:03

Relates to: CON-1496

Relates to: CON-1562

Subtask of: U4-10796

This will require re-targeting Forms to a min version of 7.9.0 - this means we will release a new major version of Forms.

To determine if a user has access to sensitive data, there's a new IUser extension method in 7.9.0 which checks for a User Group

  • Any value that is marked as sensitive will not be included in the exported data, no matter if the user has access to sensitive data or not
  • Any value that is marked as sensitive will not be shown to any user that does not have access to sensitive data, this includes the listing of form entries and the detailed form entry view. This needs to be done server side so that the data is not even sent over the web request. Some UI work will be needed for this too.

Comments

Warren Buckley 13 Feb 2018, 13:48:06

PR for this is here - https://github.com/umbraco/Forms/pull/181

Test Notes

*Have an Umbraco 7.9 site (as we depend on features from Umbraco core) *Create two users (one that does & one that does not have access to sensitive data group) *Create a form with the permission & mark one or more fields as sensitive data *Insert from onto a page/template in your umbraco site *Fill out the form a few times from frontend of site *Login as user who does have permission & verify the following: **In entries detail view - you can clearly see which fields contain sensitive data **Export the records to excel & the sensitive fields has its copy replaced with the generic message

*Switch user who has the restriction **In the entries viewer confirm fields are marked as sensitive data & the value is hidden with generic message **Export the entries to excel & confirm that all sensitive fields have generic message for it


Shannon Deminick 14 Feb 2018, 02:37:36

Have added a couple of questions to the PR, otherwise works great!


Warren Buckley 14 Feb 2018, 09:56:19

Hi @Shandem It's ready for a another review please :)


Shannon Deminick 15 Feb 2018, 05:14:04

Nice one :) all merged, will close now


Priority: Normal

Type: Task

State: Fixed

Assignee:

Difficulty:

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.0.0

Sprint: Sprint 78

Story Points: 5

Cycle: 8