View Issue Details

IDProjectCategoryView StatusLast Update
0003116mantisbtbugtrackerpublic2023-05-04 16:23
Reporterhacker Assigned Todregad  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionunable to reproduce 
Summary0003116: If a user reports a bug, and gets purged for inactivity, updating the bug changes the username
Description

If a user reports a bug, and goes inactive for a year or some period of time, and their account gets purged for inactivity, updating the bug report that they've created will reset the Reporter field for that bug to the very first user in the alphabetical list of usernames, AND send the reporter email to that NEW user.

Steps To Reproduce
  1. Create a bug as a new user
  2. Purge that user
  3. Update the bug, check the "Reporter" field
  4. Submit the changes, watch your mail logs
Additional Information

I'm not sure if there's a way to set the Reporter field to nothing, or perhaps display a warning page, and set the Reporter field to the "Guest" account or something (a "generic" catch-all user?), but sending the wrong user an email for a bug they never reported is probably bad too ;)

TagsNo tags attached.

Relationships

related to 0010141 feedback Disabled users are no more liste in filter 
related to 0008309 closeddregad 'update' changes 'Reporter' and 'Assigned To' 
has duplicate 0003260 closedjlatour Delete/disabling a reporter causes bug reported by them to move to another user as reporter 
has duplicate 0005736 closedthraxisp Don't delete name of user if user is removed 
has duplicate 0005784 closedthraxisp Reported field updated with incorrect user 
has duplicate 0003413 closedthraxisp Deleting users causes confusion in old bugs 
has duplicate 0005071 closedthraxisp issue with deleting and disabling users 
related to 0003819 closeddregad delete currently logged user 
related to 0007224 closedvboctor "Update issue" and "move" is not good in some casses 
related to 0007260 new Moving multiple issues from an obsolete user to an existing user 
child of 0004181 closed Features in Mantis 1.1 release 

Activities

aarjona

aarjona

2003-07-28 19:34

reporter   ~0004462

Confirmed with 0.18.a4 and the latest CVS.

A protected 'nobody' account must be created and when a user is deleted, all his bugs must be changed to this account.

vboctor

vboctor

2003-08-05 01:03

manager   ~0004485

If a user is deleted, his/her identity should be returned by concatinating a prefix with the user id. Following is the code that handles this in user_api.php:

function user_get_name( $p_user_id ) {
$row = user_cache_row( $p_user_id, false );

if ( false == $row ) {
    return lang_get( 'prefix_for_deleted_users' ) . (integer)$p_user_id;
} else {
    return $row['username'];
}

}

The same behaviour should be done whereever necessary.

aarjona

aarjona

2003-08-05 18:50

reporter   ~0004491

This approach certainly helps noticing when a user was deleted, but wouldn't it be better to preserve relational integrity? We already delete records related to his/her id in the preferences table for example.

vboctor

vboctor

2003-08-06 01:00

manager   ~0004493

Would you want to delete bugs reported by users when the user click "Purge inactive users"? I don't think this is a good idea. If we care about integrity, then we can have a script which recreated these users. Or recreate them as they are references and not found.

aarjona

aarjona

2003-08-06 04:58

reporter   ~0004495

Records which do not affect the tracker's purpose, like user preferences should be deleted. Important records like bugs for example should not be deleted. However, I think it is not the best practice to have orphan references in the database since one always expects the database to keep its relational integrity.

I think the reporter's proposal of a catch-all account is the most reasonable way to deal with the situation, in addition to the present code to gracefully manage the cases when orphan key references are in fact present (on installs that have been upgraded from previous Mantis versions for example).

gwagenknecht

gwagenknecht

2005-06-01 02:35

reporter   ~0010304

What does this "Sponsoreship" mean ... isn't this a "vote" feature like bugzilla's vote feature? How can I remove sponsorship?

gwagenknecht

gwagenknecht

2005-06-01 02:50

reporter   ~0010306

please delete my sponsorship

vboctor

vboctor

2005-06-01 03:40

manager   ~0010307

gwagenknecht, you can remove your sponsorship by setting the sponsorship amount to 0.

thraxisp

thraxisp

2005-06-14 17:46

reporter   ~0010524

IMHO, we should not be deleting users at all. Disabling them locks the account and nothing new can be added. They are no longer listed in any of the active lists (reporters, etc). This has the advantage of keeping the name displays intact until someone wants to change the associated user.

malaussena

malaussena

2005-06-15 09:33

reporter   ~0010540

I do agree with thraxisp.

We could "logically" delete a user.

If a user is just inactive, so it appears in users list (as inactive).
If deleted, it doesn't appear any more in users list but it is not really deleted. It's just a "deleted" status.

We may have so, in admin/system_utils.php, a way to list all "deleted" users and :

  • undelete selected users,
  • purge definitively selected users, so as the actual delete does.
rscott

rscott

2005-09-29 09:33

reporter   ~0011443

Just to point out - the original problem also occurs if the user is disabled.

Perhaps the reported by list should list all users in the system, even disabled ones?

dregad

dregad

2023-04-18 07:18

developer   ~0067670

This is not reproducible in the latest release.