View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0024432 | mantisbt | security | public | 2018-05-14 15:01 | 2018-06-06 00:39 |
Reporter | mahindra | Assigned To | atrol | ||
Priority | immediate | Severity | block | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.14.0 | ||||
Target Version | 2.15.0 | Fixed in Version | 2.15.0 | ||
Summary | 0024432: Update-Blocker:User-ID instead of Realname 0024139 as due to security policy requirements which prohibit IDs in mails and masks | ||||
Description | Update-Blocker:User-ID instead of Realname 0024139 as due to security policy requirements which prohibit IDs in mails and masks Since 2.12.0 $g_show_realname = ON; does not work as it used to be in previous versions, since 2003 One of the reasons for the use of mantisbt since 2003.... That's why we're current stuck with version 2.11.1. as well as others who have participated in tickets 0024069, 0024087 and 0024139 . Cause is 0004226 - from 2004-07-30 (!), which could be handled by a simple unique to the real name instead of a mask change to the user ID. In the name of the affected persons I ask for the fastest possible implementation of 0024139:0059327 to be able to perform the current Uprades to 2.14, 2.15, ... Or better - build it back like before 2.12 and make real names unique, simply! Thank you! | ||||
Additional Information | Feel free to change the category to upgrade Ticket is related to 0024139 In the corporate environment, it is common practice to display real names instead of user IDs. - show users with their real name or not$ g_show_realname = ON; | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Real names are not unique. |
|
It doens't matter if real names are unique, but there are some old Tickets, which are not really important for the Major use case |
|
As you are not asking for unique real names, do you are asking for something that is not covered in 0024432 ? |
|
Please build $g_show_realname = ON back like it was until <= 2.11.1 - the change in 2.12 is the blocker. The non plus Ultra solution is your recommendation 0024139:0059327 until 0024139:0059327, the blocker must be made gone |
|
Resolved as duplicate of 0024139 as tracking two issues for the same problem does not add value. |
|
Dear atrol, I do not agree with setting this ID as resolved as duplicate of 0024139, because 0024139 is a minor bug - 0024432 This ticket describes a structurally conceptual error in the implementation of loss of required functions in Display the Realname in masks and statusmails, while # 24139 describes a general improvement. Best regards, |
|
@mahindra I don't understand what you want to tell. |
|
0024139:0059829 Thank you jensberke has written a summary |
|
https://mantisbt.org/bugs/view.php?id=24186. Please built the visibility of Realnames back like 2.11.1 or make a security version 2.11.1.1 |
|
Have a look at this the ID is visable with Realname=ON |
|
The reason for this misdirection is - how to add users monitoring a ticket: Similar to the filter selection for user You are moving in circle with 0024436, 0024435 and all the other IDs currently In order to see this topic you have to work in the corresponding representation - only user ID or only real name instead of user ID - then it is easy to understand |
|
Thanks again atrol When we get 0024139:0059859 in release 2.15, we have a solution, a compromise and a base for further development. @vboctor please wave that through! |
|
https://mantisbt.org/bugs/view.php?id=24186. Please built the visibility of Realnames back like 2.11.1 or make a security version 2.11.1.1 we are sticking here until we see Realnames! The concept can be improved like 0024139:0059566, parallel to the releases, if needed or someone has time... |
|
Resolved in 2.15.0 after merge of PR https://github.com/mantisbt/mantisbt/pull/1351 |
|
This is a theme from the versatility of Mantis that makes it so good, on the other hand, to understand quite abstractly - especially if you do not need some function yourself. From an application point of view, I can only recommend user selection - where possible outside of the text (reminder, combo, etc.) to make and ask for display conversions - straight, when it comes to naming - straight to lead. Thanks again - I will report if I get topics because of the better user-ID view, which is better hidden in ours, where possible. Ticket can be closed. Thank you very much! |
|
MantisBT: master 85a2e55f 2018-05-19 07:57 Details Diff |
Send usernames in e-mail notifications again based on show_realnames This reverts the changes from 0024239 that have been needed as we were no longer able to protect realnames by show_user_realname_threshold. The change assumes that we agree, that show_realnames = ON allows any user to see the realnames. show_user_realname_threshold is just used on view user page if show_realnames = OFF (behavior before version 2.12.0) Issue 0024432 |
Affected Issues 0024432 |
|
mod - core/email_api.php | Diff File | ||
MantisBT: master 1b6ba0ff 2018-05-20 09:44 Details Diff |
Send usernames in history of e-mail notifications based on show_realnames This reverts the changes from 0024167 that have been needed as we were no longer able to protect realnames by show_user_realname_threshold. The change assumes that we agree, that show_realnames = ON allows any user to see the realnames. show_user_realname_threshold is just used on view user page if show_realnames = OFF (behavior before version 2.12.0) Issue 0024432 |
Affected Issues 0024432 |
|
mod - core/history_api.php | Diff File |