Please keep in mind there are behavioral differences between when a guest user is on the site versus an authenticated user. So this adds another layer of complexity to turning on the tool to do something that most are going to need to use in an unauthenticated context.

I appreciate that, so why not add a notice in red it's left enabled within the dashboard? Only once on login. Even on the frontend announce a system message when it's a Joomla! Super user?

On 12 Jul 2017, 21:17 +0100, Michael Babker notifications@github.com, wrote:

Please keep in mind there are behavioral differences between when a guest user is on the site versus an authenticated user. So this adds another layer of complexity to turning on the tool to do something that most are going to need to use in an unauthenticated context.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

Specially for guest can an extra requirement be added?
Like a URL (variable) passphrase , that will be different per site be used to activate the console for a guest ?

The passphare will appear at the dashboard next to the enable debug parameter

Thus in order for a visitor to see the Debug console both the enable debug parameter and the passphrase
will be required

Furthermore besides the above, the enable debug parameter could be changed to:
No / Yes / Logged users

I forgot to mention that the URL (variable) passphrase , will only be needed once per session, the frontend guest user should only need to specify it once per session

This could be added as a config option but not by default

On 13 Jul 2017, 06:26 +0100, Georgios Papadakis notifications@github.com, wrote:

I forgot to mention that the URL (variable) passphrase , will only be needed once per session, the frontend guest user should only need to specify it once per session
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

I dont see the benefit of this - debug mode should not be enabled unless in exceptional circumstances anyway which should always be extremely short term

The point being @brianteeman is that it's left enabled by user error. A notice in the admin area that it is enabled for instance would be good, to remind these users.

On 13 Jul 2017, 10:22 +0100, Brian Teeman notifications@github.com, wrote:

I dont see the benefit of this - debug mode should not be enabled unless in exceptional circumstances anyway which should always be extremely short term
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

A notice in the admin showing that debug is enabled is ok although you would have to be fairly unobservant not to have noticed it anyway

That's all relative to the user in question; they may not know it's enabled to the public for a start? Or the pages are so long they don't notice it at the bottom.

On 13 Jul 2017, 10:29 +0100, Brian Teeman notifications@github.com, wrote:

A notice in the admin showing that debug is enabled is ok although you would have to be fairly unobservant not to have noticed it anyway
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

#ycfs

Seriously though a notice is fine but limiting it to certain usergroups is not going to work as that would require you to login and the majority of web sites do not have a front end login

You can already limit to certain access. I was suggesting we did it by default.

I'll do a pull for a post login message to be output in a warning state to super users only.

On 13 Jul 2017, 10:33 +0100, Brian Teeman notifications@github.com, wrote:

Seriously though a notice is fine but limiting it to certain usergroups is not going to work as that would require you to login and the majority of web sites do not have a front end login
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

Closing. No point in keeping it open any longer. All views have been expressed.