SFTtech/abrechnung

Guest mode?

schoerg opened this issue · 4 comments

I know Tricount had this before they went app-only.

Basically once you knew the link, you could click on your user and then add/edit/... transactions. It would mean at lot less friction for using abrechnung.

I noticed allow_guest_users and REGISTRATION_ALLOW_GUEST_USERS=true in the code (.env), but not sure what it does. Invite links still require you to have an account in the firstplace.

Just so I understand correctly. You essentially mean that if one knows a special guest / invite link one could edit transactions without having an user account in the abrechnung instance, right?

The current guest mode works somewhat different. We currently implemented a config option which allows registration to be limited to a set of email domains which would allow only users with an email in that domain (e.g. some org / association) to freely register. When enabling the guest user feature it enables other users who know the invite link to a group to also register as a guest account without having an email from one of the restricted domains. A guest account is not able to create new groups.

The idea behind that feature was to be able to restrict a self hosted instance to a limited userbase but allow outsiders to take part without having to manually create accounts.

With the current backend / database architecture it would probably be difficult to implement a purely link based guest mode as a number of current features require a user to be logged in to provide some measure of traceability (who added / changed what).

Just so I understand correctly. You essentially mean that if one knows a special guest / invite link one could edit transactions without having an user account in the abrechnung instance, right?

Yes, that is correct.

The idea behind that feature was to be able to restrict a self hosted instance to a limited userbase but allow outsiders to take part without having to manually create accounts.

I understand. So, my next question would then if it's somehow planned/feasable to disable e-mail verification. Right now I create all accounts and tell my friends "use your first name, password first name" because I don't want to deal with e-mails not arriving, people not having access to them at their phone or laptop. I can understand if that is too specific to my use case and will not be implemented.

I think having a config flag to disable the requirement for emails to be verified seems quite reasonable to me, if that is sufficient for your use case I'll have a look.

Otherwise if you've got time and motivation I'd be happy to accept a pull request for such a config option.

Thank you!