user restrictions - OpenSlides/OpenSlides Wiki

Fields

// Group A
  id
  username
  title
  first_name
  last_name
  is_physical_person
  gender
  default_number
  default_structure_level
  default_vote_weight
  is_demo_user

  is_present_in_meeting_ids

  number_$
  structure_level_$
  about_me_$
  vote_weight_$

  speaker_$_ids
  supported_motion_$_ids
  submitted_motion_$_ids
  poll_voted_$_ids
  option_$_ids
  vote_$_ids
  vote_delegated_vote_$_ids
  assignment_candidate_$_ids
  projection_$_ids
  vote_delegated_$_to_id
  vote_delegations_$_from_ids
  group_$_ids

// Group B
  personal_note_$_ids

// Group D
  last_email_send
  is_active
  comment_$
  default_password
  can_change_own_password

// Group E
  committee_ids
  committee_$_management_level
  meeting_ids
  email

// Group F
  organization_management_level

// Group G
  password

See property

The user Y can see a user X, if at least one condition is true:

  • Y==X
  • Y has the OML can_manage_users or higher.
  • There exists a committee where Y has the CML can_manage and X is in committee/user_ids.
  • X is in a group of a meeting where Y has user.can_see.
  • There exists a meeting where Y has the CML can_manage for the meeting's committee X is in meeting/user_ids.
  • There is a related object:
    • There exists a motion which Y can see and X is a submitter/supporter.
    • There exists an option which Y can see and X is the linked content object.
    • There exists an assignment candidate which Y can see and X is the linked user.
    • There exists a speaker which Y can see and X is the linked user.
    • There exists a poll where Y can see the poll/voted_ids and X is part of that list.
    • There exists a vote which Y can see and X is linked in user_id or delegated_user_id.
    • There exists a chat_message which Y can see and X has sent it (specified by chat_message/user_id).
  • X is linked in one of the relations vote_delegated_$_to_id or vote_delegations_$_from_ids of Y.

Group restrictions

Setup: The fields of user X are restricted for user Y, i.e. user Y requests an autoupdate for user X.

Note: Template fields are not individually restricted. E.g. if X has a number for two meetings (number_$=["1", "2"]), Y can see X, but Y can only see one meeting, Y still receives the numbers for both meetings. It would be possible to restrict these fields (-> excluding meetings Y can not see), but this might degrade performance and can be done later.

Group A: Y can see X.

Group B: Y==X.

Group D: Y can see these fields if at least one condition is true:

  • Y has the OML can_manage_users or higher.
  • X is in a group of a meeting where Y has user.can_manage.

Group E: Y can see these fields if at least one condition is true:

  • Y has the OML can_manage_users or higher.
  • There exists a committee where Y has the CML can_manage and X is in committee/user_ids.
  • X is in a group of a meeting where Y has user.can_manage.
  • Y==X.

Group F: Y has the OML can_manage_users or higher or Y==X.

Group G: No one. Not even the superadmin.

⚠️ **GitHub.com Fallback** ⚠️