GDPR mode for staff/admins

[dirkx]

Currently admins can see a lot - without much in terms of audit; or much that protects them from seeing things they should not see - or would rather not know about.

But it is useful to be able to debug things. So a solution would be to create 'SUDO' like function in the top bar - a 'become admin for a bit' sort of GDPR upgrade.

So the rule for having ‘super user’ or ‘admin view’ is then:

Check:
if super user
yes
and only make Trustee's real super users.*

if staff
	if pressed on the ‘upgrade me to admin’ in the top bar in the last 15 mins or if I used that power yes
		return yes

return normal user.

Top bar:

extra ‘become admin’ button

	When pressed - button with ‘why’ - with a few pre-canned settings such as ‘debugging’.

So that that staff can normally intertact as normal users. And keep a nice GDPR audit log for when we need to violate it in the course of our good work for the space.

And it has the nice side effect that people hacking the code can see exactly what non-devs are seeing.

*: probably will need to make them also ‘normal’ power users - once the dutch govt. issues their clarification on the interpretation of the rules later this year.