incubator-bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Dreimann <joachim.dreim...@wandisco.com>
Subject Re: Acct creation?
Date Fri, 04 Jan 2013 19:14:44 GMT
On 3 Jan 2013, at 01:40, Gary Martin <gary.martin@wandisco.com> wrote:

> On 2 January 2013 22:34, Gavin McDonald <gavin@16degrees.com.au> wrote:
> 
>> 
>> 
>>> -----Original Message-----
>>> From: Gavin McDonald [mailto:gavin@16degrees.com.au]
>>> Sent: Thursday, 3 January 2013 8:48 AM
>>> To: bloodhound-dev@incubator.apache.org
>>> Subject: RE: Acct creation?
>>> 
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: Peter Koželj [mailto:peter@digiverse.si]
>>>> Sent: Wednesday, 2 January 2013 5:11 PM
>>>> To: bloodhound-dev@incubator.apache.org
>>>> Subject: Re: Acct creation?
>>>> 
>>>>>> So, if you want to keep it, you have to, IMO, do the following:
>>>>>> 
>>>>>>  * do not duplicate in Apps what's accessible from one of the
>>>>>>    navigation bars
>>>>>>  * do not leave in Apps important links (such as, e.g., Register)
>>>>>>  * do not call it Apps; I suppose, once the previous two
>>>>>> conditions
>>> are
>>>>>>    met, the heading could be called "Plugins" or "Tools" or some
>>>>>>    similar, more obvious name.
>>>>> 
>>>>> I agree , especially with (2) .
>>>> I agree with all of the above as well so I took the liberty to open a
>>>> ticket: https://issues.apache.org/bloodhound/ticket/321
>>> 
>>> As the instigator to this thread I need to follow up.
>>> 
>>> I did indeed find 'Register' under the apps drop down menu.
>>> I registered fine so thanks.
>>> 
>>> A few points.
>>> 
>>> 1) no email validation or captcha was required, that's a spam target.
>> 
>> Ok this one I did get an email asking for verification, by this time though
>> an
>> acct is already created and I was allowed to login beforehand.
>> 
>> Perhaps the email + token verification should happen before being allowed
>> to login for the first time?
> 
> At the moment our site is set up so that additional permissions have to be
> granted by an admin user to allow for any kind of editing. Perhaps this
> sets the bar too high but any user can make the request them on this
> mailing list.
> 
> However, the fact that you have to login to get an email sent for the
> verification can certainly be confusing and so I would not mind that being
> changed.
> 
> 
>> Gav...
>> 
>>> 
>>> 2) I agree 'Login' link at top of page should be Login/Register with a
>> link on
>>> the Login page to register.
> 
> Yeah, sounds good to me.
> 
>> 3) Delete Account ? Really? - What happens to tickets assigned and/or
>>> created by a user if he can delete his/her own acct?
>>>   Personally I think that should be removed and placed in admin hands
>> only.
> 
> Perhaps I am missing the problem.. tickets associated with such a user as
> reporter, assignee, commenter and so on will retain the specified username.
> I can't think of any huge issue around this at the moment but perhaps I am
> too tired at the moment to work out all the problems.

How do others know that the user has been deleted? This is relevant no matter who deletes
the account. Currently the username gets displayed the same way even if it points to someone
that isn't defined (ie the "someone" user, a misspelled username or a deleted user). That's
because it links to a custom query that always exists.

I think it would be more helpful to show the link to undefined objects in general as grey,
just like we already do with wiki pages.


> The only problem I
> can think of right now is that old usernames might be reclaimable so that
> another user could pretend to be the previous owner of a username. So
> perhaps it would be better if usernames could not be reused unless an admin
> user creates an account.
> 
> Cheers,
>    Gary

Mime
View raw message