Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-53416

Add a confirmation dialog (with consequences spelled out) when people use the Invite to Edit feature

    XMLWordPrintable

    Details

    • Support reference count:
      1
    • Feedback Policy:
      We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      General Description

      When you invite a user or group to edit a page, there is no sanity check or confirmation in place to verify that this won't cause a large amount of spam to users.

      Example

      Example: If there is a group called "all" and someone attempts to invite "Allison" to invite a page, they may instead invite everybody in the "all" group, which could be potentially thousands of users. Same thing for email as well. 

      References

      In our Release Notes for 6.2 Notes, it notes that you can invite any user, or email, or group to edit.

      There is no known workaround to prevent this behavior from happening other than removing the permissions to invite for a given Confluence user.

      Suggestions

      This feature request to add some type of "hey, wait a minute" confirmation dialog or restriction to prevent these kinds of issues.

      Possible things to add

      • add a confirmation dialog that tells them explicitly that their action will send an email to the users and/or groups selected with the consequences
      • add a configurable threshold to disallow inviting more than X users or groups with more than Y users in a given timeframe (invite flood protection)
      • enhance permissions (per CONFSERVER-7089 ) in order to let users only invite users and not groups or emails (or some combination thereof)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              bcostales Ted Costales
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: