Hi,
I'm really sad about notice EOL of booked, when I wanted to upgrade my installations for some non profit organisations. So I'm very happy finding this amazing project be forked :-) (congrats to @nkorbel too for his fantastic work and personal effort until here, THX a lot).
Here's the Issue:
In view-schedule.php the reservation label is showing (privacy data instead hiding it).
The popup is 'blocked' correctly.
This bug was already fixed in an older version by Nick. I used v2.7.7 at least, it was fine. After upgrading directly to v2.8.5.3 I got it again. Now I upgraded step by step and found the bug occours again with release change v2.8.1 -> v2.8.2 again.
Some of my configs I'm using might help:
$conf['settings']['schedule']['show.inaccessible.resources'] = 'true'; // whether or not resources that are inaccessible to the user are visible
$conf['settings']['schedule']['reservation.label'] = '{att7}: {title} - {name}'; // format for what to display on the reservation slot label. Available properties are: {name}, {title}, {description}, {email}, {phone}, {organization}, {position}, {startdate}, {enddate} {resourcename} {participants} {invitees} {reservationAttributes}. Custom attributes can be added using att with the attribute id. For example {att1}
$conf['settings']['schedule']['hide.blocked.periods'] = 'false'; // if blocked periods should be hidden or shown
/**
* Privacy configuration
*/
$conf['settings']['privacy']['view.schedules'] = 'true'; // if unauthenticated users can view schedules
$conf['settings']['privacy']['view.reservations'] = 'false'; // if unauthenticated users can view reservations
$conf['settings']['privacy']['hide.user.details'] = 'false'; // if personal user details should be displayed to non-administrators
$conf['settings']['privacy']['hide.reservation.details'] = 'false'; // if reservation details should be displayed to non-administrators. options are true, false, current, future, past
$conf['settings']['privacy']['allow.guest.reservations'] = 'false'; // if reservations can be made by users without a Booked account, if true this overrides schedule and resource visibility
Especially not hiding sensitive personal user information (like name, email, phone etc.) in public installations is a problem.
Unfortunately my coding skills are not good enough to fix it myself. I tried unsuccessfully yet.
I'd appreciate someone could handle it or have an idea.
At this times the system became very helpful to comply with corona virus regulations for us.
Thanks a lot
PS: I'm not sure, couldn't test it really yet. I may found some signs for a similar privacy issue in the ical-integration with this set-up.