Hide export button (by role)
Is there a hook or another method to hide the export button? Preferably by role. I know I can hide in CSS, but that’s not very rigorous (and you’ve previously changed the CSS class in an update, causing the button to reappear).
We don’t have a hook to alter that behavior.
But in fact, the button is also hidden with CSS by us.
We do this based on the body class ‘ac-hide-export-button’.
So you could add this class to the body for specific rules and we do the rest.
Would that be a good solution for you?
No, it’s a terrible solution. It’s a massive security loophole.
Anyone can unhide the export button, simply by using “Inspect Element” in any common browser.
For example, if your plugin is used on an ecommerce site, an employee can use this to export all data for all customers. This is enough data to start up and market a rival business; or it could simply be sold to a competitor.
The user can only export data that is already accessible to that user. They can already export the information themselves by copy-pasting that information from the list table to a spreadsheet. Our export feature does not facilitate any additional data access. So, I would not call this a security breach.
Our export would make that process a little faster, and thus save the user some time, but if someone has the intention in ‘stealing’ data they would not mind a few extra minutes creating their own sheet.
That said, I think we could add some more fine-grained capabilities which would allow you to have more control over what a user can do with Admin Columns. We’ll discuss this in more detail with the team.
I would also like to state that a role based option to remove the export function is a must. I have just updated the plugin to the latest from an older version and was shocked to see that this feature/button appeared no matter what the role is.
“Our export would make that process a little faster, and thus save the user some time…”
This is an underestimation of the issue. With a click of a button hundreds/thousands of orders and personal data can be exported. Is it realistic that someone copy-pastes all this by hand? The time difference between the two processes is not “a few extra minutes” but in most cases probably days or weeks.
We’ll discuss this in more detail with the team.
Thank you in advance. We hope you will implement it ASAP, in the meantime I hid it by CSS
Hi, how can i use the body class ‘ac-hide-export-button’ hiding method? i mean, i know how do css works but i dont know where to put it to affect the dashboard info.
As of Admin Columns Pro 5.0, you can hide the export button per role. Below the column settings, there are optional settings. Here you will find the section “hide on screen”. Simply by selecting “Export” you will be able to hide it.
If you want to only hide it for certain roles you can select a role under the section Conditionals. I would recommend creating a separate column set for exporting and another one for viewing.
You must be logged in to reply to this topic.