#1890: Can create tickets anonymously using the username of an authenticated
user
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: cmlenz
Type: defect | Status: assigned
Priority: normal | Milestone: 0.10
Component: general | Version: 0.8.4
Severity: normal | Resolution:
Keywords: |
----------------------------------------+-----------------------------------
Comment (by cboos):
Back to the topic: well, adding the parenthesis was just one
implementation idea, I expected it to be not intrusive but you
proved me wrong.
The important point however is about the approach: I think what
matters is to record whether a particular contributor is
''authenticated or not'' at the time she made the contribution,
not if the username is a valid one or not.
As others said, the list of users might change over time or a username
can be made to look like the one of a valid user.
So adding an `authenticated` flag alongside the `author` field would
be a solution. A slightly less intrusive approach would be to reuse
the `ipnr` field already present in the `wiki` and `attachment` table:
as I believe that this information is not really relevant for
authenticated users, why not set it to NULL as a way to flag
the contributor as being authenticated?
The schema changes needed would be simply to add the `ipnr` field
to `ticket` and `ticket_change`, which would at the same time make
things more consistent with the Wiki (i.e. recording the IPNR
for non-authenticated users) and provide a way to fix this issue.
Independantly of the above, I'd also propose that we merge the
disabling of the ''Your email or username'' field for authenticated
users provided in attachment:authentic.patch.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/1890>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
