Question: in our forum we have made a difference between club members and visitors. This means that members that are club members have extra permissions that a registered memeber does not have.
One of those permission is the permission to choose an avatar.
After the upgrade to SMF2.1 I now notice that there is no way to restrict the use of gravatars using permissions. Though there are permissions for using avatars, there is no possibility to limit the use of Gavatars...
Is this an oversight, or am I missing something here?
by the very concept of Gravatar - if it exists, the associated account should have access to it....
so, limiting the use of gravatar seems counterproductive and AFAIK, there is not separate permission.
If the user can have an avatar and the admin has allowed gravatars, then they can use it.
not an oversight
That's just the thing: we do NOT allow these users to use an avatar, yet the gravatar is showing.
You may find it counterproductive, but this is not logical...
So we should disable the gravatars alltogether then.
Haven't tested it, but looks like avatar settings for gravatars override group permissions.
I read the OP (and title...) like Kindred - that the request was for separate permissions for gravitars vs avatars...
Yes, avatar permissions should govern gravitars as well. If confirmed, this is a bug.
Well unfortunately there is no permission for that indicates that a membergroup is allowed avatars as such. The only available permissions are the one I listed in my post...
Select an avatar from the server
Upload an avatar to the server
Choose a remotely stored avatar
These are all disabled, but the Gravatar is still showing up in the member profile...
Not sure how my post was 'misunderstood' though...
Quote from: @rjen on November 30, 2022, 12:16:51 PMThat's just the thing: we do NOT allow these users to use an avatar, yet the gravatar is showing.
ah --- see, that was not clear from your original post
Confirmed, & bug logged:
https://github.com/SimpleMachines/SMF/issues/7635
Moved to Bug Reports.
This sounds like it's also highly relevant in a GDPR context: if my privacy policy doesn't include Gravatar, but personal data (mail address, IP) is sent there, I'm potentially f'ed, no?
Well, Gravatar still has a main setting to disable or enable, so GDPR-wise I'd think that is the setting to look at.
Still, it makes sense that there should be a permission as well, since all other avatar options have one too. Gravatar could perhaps be included in the "external avatars" permission?
Quote from: Aleksi "Lex" Kilpinen on December 01, 2022, 04:22:26 PMGravatar could perhaps be included in the "external avatars" permission?
Makes sense to me...
Quote from: Aleksi "Lex" Kilpinen on December 01, 2022, 04:22:26 PMWell, Gravatar still has a main setting to disable or enable, so GDPR-wise I'd think that is the setting to look at.
Quote from: @rjen on November 30, 2022, 12:16:51 PMThat's just the thing: we do NOT allow these users to use an avatar, yet the gravatar is showing.
Ok, contrived example, but: Assume a forum where the admin doesn't allow any user to use avatars. I'd understand if the admin could be of the impression that allowing no avatars at all to anybody would automatically exclude gravatars from showing up, even if gravatars still are enabled.
From the top of my head, I'm not sure if Gravatars are enabled by default or not, but I'd sort of expect not as it's a 3rd party service. So ending up in that situation would mean having to explicitly enable Gravatars first. This could be good to check though. Including it in the outside avatar permissions would fix the visible issue of still showing Gravatars in that situation as well though.
Gravatars are enabled by default, that should not override group permissions. Part of the problem is they're in two different places in ACP, so it's not obvious what the current settings are.
Quote from: shawnb61 on December 01, 2022, 04:25:49 PMQuote from: Aleksi "Lex" Kilpinen on December 01, 2022, 04:22:26 PMGravatar could perhaps be included in the "external avatars" permission?
Makes sense to me...
After a little more thought, actually I would say a dedicated permission would be better.
Allowing outside avatars would allow using any outside source, where as Gravatars actually have age ratings and stuff that you can control - so allowing just any outside avatars probably shouldn't be required for Gravatar usage.
Fixed in #7638 (https://github.com/SimpleMachines/SMF/pull/7638)
Will be included in 2.1.5 patch.