The code I have written does not remove the enable names setting,[1] but adds to it:
- Add a
full_names_visible_to_groupssetting (which includesadminsandmoderatorsas mandatory values). - Add a
can_see_full_names?method toGuardian, which performs an “and” ofenable_namesand the group membership infull_names_visible_to_groups. - Use this new method in all the appropriate places where a full name is exposed/emitted by the server.
1 and 2 were easy. 3 is more complicated, and I know I hit some snags that I was not sure how to resolve without getting advice/guidance. I need to go back and review my code and notes in depth. (It has been 2+ months since I last immersed myself in this. 
)
(If I recall, display name on posts and the like are client-side settings, that affect the presentation of data received from the server. In other words, a restriction on top of whatever the server emits.)
I believe (1) is taken care of if enable_names is true, which will probably be what almost everyone wants once the new per-group setting is available.[2]
I think I encountered and dealt with (2) — mostly.[3]
I recall some other cases where full names are being leaked.[4]
Anyhow, I will go review notes and try to submit PR’s this week, and dredge up the open-questions/loose-ends in the process.
…for a number of reasons, among them: (a) I wasn’t sure what the actual intent of the setting is (see my question in an earlier post above), and (b) leaving it in there provides a safer incremental upgrade path. ↩︎
…if one takes that stance that
enable_names = falsemeans “This site does not use full names in any way.” ↩︎E.g., when an invite email is sent to some address (obviously not associated with a user, otherwise they would need no invite), does the email include the inviter’s full name or not? ↩︎
E.g.,
oneboxer.rb, when oneboxing a local user, writes the full name into the cooked post content, which makes it visible to everyone and anyone, forever. ↩︎