Skip to content

Clarify effects restricting Public visibility on user info

Brie Carranza requested to merge docs-bcarranza-restricted-visibility-info into master

What does this MR do and why?

This MR updates the documentation on Restricted visibility levels to clarify the impact of checking Public. This is in response to a ticket. It's not immediately clear from the documentation that setting Public would prevent the GraphQL API from returning information about users. This MR addresses that.

See this confidential issue for more information about how this setting is used and recommended:

Setting Public makes it so that GraphQL queries like the following return an error instead of results:

{
    users{
        nodes{
            username
            publicEmail
            name
            state
            webPath
            avatarUrl
        }
    }
}

With Public checked, you'll see something like this instead:

{
  "data": {
    "users": null
  },
  "errors": [
    {
      "message": "The resource that you are attempting to access does not exist or you don't have permission to perform this action",
      "locations": [
        {
          "line": 31,
          "column": 5
        }
      ],
      "path": [
        "users"
      ]
    }
  ]
}

Wording

In the first bullet, I intentionally used logged in users to match what's in the Admin Area. I adjusted that to authenticated users for those interacting with the GraphQL API. I'm very open to alternative approaches but I wanted to clarify that what I did was intentional and provide some context on why I did it.

  • user profiles are only visible to logged in users via the Web interface.
  • user attributes are only visible to authenticated users via the GraphQL API.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Amy Qualls

Merge request reports

Loading