Is it possible to disable the custodian feature without deleting the custodian user?

[larrykind]

What version of GlobaLeaks are you using?

4.13.16 and previous (tested also in 4.9.9)

What browser(s) are you seeing the problem on?

All

What operating system(s) are you seeing the problem on?

Linux

Describe the issue

An example follows:

• Suppose that custodian is installed and regularly working

1. if I go disabling custodian role from advanced settings

2. Cusotdian user is not deleted ( it can make sense anyway )

3. make a report declaring identity

4. Receiver correctly see the button "view"

5. Receiver press "view" ---> system says that request is forwarded to custodian ( KO )

6. No motivation pop up is anyway shown in this case. ( this should not happen in this flux)

7. Disabling the custodian without deleting it doesn't change the behavior.

8. Made a test deleting also the custodian user -> everything ok.

Proposed solution

Disabling custodian role should make that, existing or not the custodian user in the system, the system will show identity to the receiver without custodian authorization.
Maybe the "enabled" custodian user flag shoud be forcely be in deactivated state when custodian role is disabled by advanced options.
Don't agree to delete the custodian user when its role is deactivated.

[evilaliv3]

Thank you @larrykind

I agree that till we will have the enabler that enable to create custodians, we could use it also to enable or disable the feature.

At the moment to disable the custodian feature, you do not need to delete the custodian users but you just need to disable every custodian user.

---

I explain the reason of the current status.
Currently the feature is considered enabled if you have a custodian user in enabled state. as long that you disable the users the feaure is disabled.
We are not confident at all of the custodian user feature that is used by few users and it seems the feature is very confusing for the rest of users; this is why the enabler of the feature exists in the settings but it currently just enable or disable the possibility to create custodian users. We are in doubt if either removing the enabler or either remove the feature entirely.

[larrykind]

Thanks for the reply @evilaliv3.
Following the concept that an administrator should exactly know what it's doing, I agree with the idea to remove the custodian enabler at all: custodian user should be normally selectable in the user's pofiles set.
Then the custodian report flux will be enabled only if at least one of the existing custodian users has the user attribute "enabled" to true. If all custodians are disabled or no custodian at all, the custodian flux will not be used.

In our set-ups we use custodian role in the most part of the tenants, so for us it could be better to just remove the enabler.

As a side quest, I think that just one custodian should be created on a tenant. If more than one custodian are allowed, they should be assignable on a per-context basis following the same logic of the user enabled/disabled-missing, so some context could use cutodian feature, some do not.

[evilaliv3]

Closing for the moment since it is possible to disable custodians to disable the feature.

Regarding the possibility to assign custodian to channels lets' eventually have a dedicated ticket. Unfortunately would be a major change with respect to current very simple design.