View Issue Details

IDProjectCategoryView StatusLast Update
0011399mantisbtsecuritypublic2019-11-25 11:31
Reporterdhx Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status newResolutionreopened 
Product Version1.2.0 
Summary0011399: Deprecate $g_show_realname and use $g_show_user_realname_threshold instead
Description

There are two similar configuration options: $g_show_realname (either ON or OFF) and $g_show_user_realname_threshold (a threshold). Throughout the codebase these these options are used interchangeably which is wrong - because we should always be checking the access threshold against $g_show_user_realname_threshold.

Therefore I propose deprecation of the $g_show_realname option and replacement of all uses of this configuration option with a proper access check against $g_show_user_realname_threshold

This will help ensure that user real name's aren't exposed if the administrator sets configuration options as such.

TagsNo tags attached.

Relationships

related to 0008100 new Ability to change displayed names projectwise 
related to 0008583 closeddhx User Lists - Display Realname (yes:no) 
related to 0023339 confirmed User real name can't be fetched as Manager (or lower than Admin in general) 

Activities

dregad

dregad

2012-04-02 08:11

developer   ~0031588

I'm not sure; I think these settings actually control two different things.

  • $g_show_realname globally drives the use of Realname vs Username, anywhere in the application, e.g. Reporter, Assigned To, User selection lists...
    <pre>
    show_realname OFF ON
    Reporter trep Test Reporter
    Assigned To tdev Test Developer
    </pre>
  • $g_show_user_realname_threshold is only used in view_user_page.php, to determine if the current user is authorized to view the realname (if not, "Access Denied" is displayed instead).

One may want to use realnames everywhere (i.e. $g_show_realname = ON), in which case I agree with dhx that it would not make sense to set $g_show_user_realname_threshold to anything other than ANYBODY.

But if you want to work with usernames ($g_show_realname = OFF), it makes sense to be able to restrict who can see realnames.

sge

sge

2013-02-13 09:53

reporter   ~0035125

I've tried this solution on a working config, but I'm getting an Internal Server Error 500 as soon as I restart the webserver when I've implemented the following code:
$g_show_realname = ON;
or
$g_show_user_realname_threshold = ANYBODY;
What could be the reason?

dregad

dregad

2013-02-14 15:21

developer   ~0035151

@sge

I've tried this solution

What solution are you talking about ?

If you get an HTTP 500 error, you should look for further details in your system's logs.

In any case, unless I misunderstand, I don't think what you describe has anything to do with this issue's topic. Kindly open a separate issue if that's the case.

sge

sge

2013-02-15 01:52

reporter   ~0035162

There was a semicolon missing in the config nevermind.

dregad

dregad

2013-03-08 04:31

developer   ~0035412

Reminder sent to: grangeway

Based on my comment 0011399:0031588, I think your commit 5d6b1bb4 should be reverted as you're removing functionality by doing this, and therefore introducing a regression for instances using these configs in the manner I described.

grangeway

grangeway

2014-05-26 20:28

reporter   ~0040644

Reminder sent to: dregad

Damien: How good's your memory? In short, I guess we got to the point of needing to keep both variables that dhx proposed deprecating one of. I plan to have a look (And rethink at what these do over the next few days).

What i'm actually thinking about doing atm is the following:

a) keep both variables for reasons you described
b) Rename $g_show_realname to $g_use_realname
c) Change the new $g_use_realname to instead of being ON|OFF, to being a threshold value.

At first glance, i'd probably use the new value at work (i.e. I currently use username's so as not to show students firstnames - whereas i'd set staff to udpater or whatever, and then set use_realname to updater

Thoughts?

dregad

dregad

2014-05-27 03:23

developer   ~0040647

I don't really care about the implementation, as long as the existing functionality is maintained, i.e. we need be able to
a) work with realnames, with a threshold to determine who can see them (that's the setup I had at Merck)
b) enforce use of work usernames, while restricting who can see realnames (like on this tracker)