U4-10797 - Sensitive values

Created by Claus Jensen 02 Jan 2018, 08:11:30 Updated by Sebastiaan Janssen 31 Jan 2018, 09:58:48

Subtask of: U4-10796

It should be possible to mark a property as sensitive and then the values would not be displayed in the UX unless for Users with a special role. This only makes sense for Members and Form data and I suggest we only add this to the Member Type Editor (and of course Forms). It should be as simple as a checkbox under permission of a property saying something along “Sensitive Content (don’t show values in the back office)”:

For v1 it’s enough that it’s hidden for everyone - then we can add the users who can read sensitive content later on.


Shannon Deminick 23 Jan 2018, 19:09:55

This will actually require some UX changes because currently the checkboxes for properties for member type for "show on member profile" and "member can edit" are not available on 'locked' property types however we will need to enable editing these values on locked property types.

This will also require some database changes to store these values. I think the story points here should be "5"

Shannon Deminick 23 Jan 2018, 19:43:13

I'll leave it at 3 for now and see how I go... so far I'm making pretty good progress

Shannon Deminick 27 Jan 2018, 00:30:22

PR: https://github.com/umbraco/Umbraco-CMS/pull/2421

For testing

  • Make sure you run the gulp dev build to update all client side files
  • Run an upgrade and ensure that the IsSensitive db column on cmsMemberType is created and ensure the new user group: Sensitive data is created and the admin user is assigned to it
  • Create a new property type on a Member Type and configure it to be sensitive data
  • Ensure you can also update a locked property type on the member type - but only the metadata such as description and the 3 checkboxes
  • Create a member (be sure to be logged in with the admin that is a in the sensitive data user group) and fill out fields marked as sensitive
  • Log back in as another user that isn't part of that group and navigate to the member created, you should see that the property values are not shown
  • Add this user to the sensitive data user group and verify that those values are now displayed


  • I updated a bunch of the automapper model mapping for members/media/content for the display objects, mostly around the TabsAndProperties stuff. The reason for this was because a bunch of mapping was done in AfterMap which shouldn't be needed and should just be done during the mapping of the tabs. The other reason is we were relying on singletons and the UmbracoContext during mapping to check for security stuff. Instead we now get the UmbracoContext out of the mapping context during mapping and now we pass in the current UmbracoContext during mapping for these objects. This is a much nicer way of working, it allows for better testing and doesn't rely on singletons or AfterMap.
  • I've asked Vera to review the text for the descriptions, etc... so we'll see what she comes back with
  • TODO: We need to put links on the descriptions of those 3 member type checkboxes to link to OUR docs that we need to write

Priority: Normal

Type: Task

State: Fixed


Difficulty: Normal


Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.9.0

Sprint: Sprint 77

Story Points: 3

Cycle: 7