Specific comments inline below. <rant - of sorts> A general comment: It's very hard to figure out how to patch JSPWiki, because it's so hard to figure out precisely how some of the functions are implemented. For example, I am intrigued by the workflow capabilities, but haven't a clue as to how to implement them. Same for e-mail factories, negative permissions, e-mail authentication, captcha capabilities, to name a few. Whenever I've plunged into the JSPWiki code I've usually come away with being genuinely impressed at the elegance of the implementation. But that same elegance also makes is pretty hard to reverse engineer. (An example of the COIK fallacy - "Clear Only If Known".) For me, JSPWiki has become a quite impressive set of code (helping me to improve my coding skills, among other things), providing an impressive set of capabilities, but at the same time becoming an application that's increasingly difficult to integrate custom code with (at least in a way that survives the next version change). </rant>
On Tue, 2008-05-06 at 23:26 -0400, Andrew Jaquith wrote: > I do know that > functionally the works as it should: you can change the various names > in your profile, and ACLs and groups still work. It's worth > remembering, by the way, that for a long time you could NOT change > your login name, or wiki name, or full name. Now you can. I think we may have become too flexible. Most systems of which I'm familiar allow you to change just about any element of a personal profile EXCEPT the login name. Not sure why it's desirable for JSPWiki to allow such a change (other than we can do it). Indeed, if we're logging application-level events, we usually employ the login name as a key - but when you allow a person to change that at will, you lose the continuity. > > If you need an ironclad guarantee that only particular things are > changed (e.g., if the login name hasn't changed, don't change the > login name), the code in GroupManager.actionPerformed() is what does > it. We'd gratefully accept a patch if you want it to work differently > (hint hint). A patch would probably be simple, but it seems pointless to provide a patch if we're going to allow the login name to be changed at will. > > This isn't a condition we test for as part of web unit tests, so I > can't tell if this is anomalous to you or not. If it's easy to > reproduce, then that would help members (and me) figure out if this is > a bug or just local to your customizations. It would also be useful if > we wanted to make a unit test out of it. I have no idea on how to make a standardized test for this condition. However, the problem is easily shown. When I login and go to My_Prefs and change my Name, if I return to My_prefs, I find that I no longer have membership in any groups (that I previously belonged to). However, after I logout and login again, My_Prefs now shows that the memberships are restored (using the new Name).
