Closed Bug 148079 Opened 23 years ago Closed 20 years ago

Disabled accounts shouldn't get responsibilities

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.17
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 97662

People

(Reporter: jouni, Assigned: myk)

Details

Attachments

(1 file)

patch to disable sending email to disabled users.
947 bytes, patch
Details | Diff | Splinter Review
Currently there is no code to check whether or not the bug assignees/qa_contact etc. are disabled accounts. There should be, because it's not a good idea for people to assign their bugs to dude(tte)s who can no longer use their account. This is not without problems, though: what if the default component owner is disabled? What about bugs that are assigned (etc.) when the account is disabled? And so on. We should consider this at some point. The longer Bugzilla lives, the more important account disabling becomes.
See also bug #97869. I'm thinking here there should be warnings whenever you disable an account, warnings whenever you change the assignee/QA, and warnings whenever you change the default assignee/QA.
Target Milestone: --- → Bugzilla 2.20
Additionally, I would argue that disabled accounts should not be sent email. There doesn't seem to be such a check, at least in 2.16.x. The most likley reason for an account to be disabled is that a person has left a company. Continuing to send emails to such people is a security hole, as well as annoying to all concerned.
I don't have the skills to generate a formal patch, but here's a CVS diff on processmail that implements my suggestion that mail not be sent to disabled accounts (works at my installation): 518c518 < SendSQL("SELECT emailflags FROM profiles WHERE " . --- > SendSQL("SELECT emailflags,disabledtext FROM profiles WHERE " . 521,522c521,526 < my ($userFlagString) = FetchSQLData(); < --- > my ($userFlagString,$disabledtext) = FetchSQLData(); > # If the account is disabled, don't send email. > if (defined ($disabledtext) && $disabledtext =~ /\w/) { > push (@excludedAddresses,$person); > next; > }
If you're that far, the skills to create a formal patch are probably already at your disposal :-) Do a "cvs diff -u >mypatch.txt" and attach the resulting file into this bug.
Warning: this patch was generated (using the instructions in comment 4) off of our local CVS repository of bugzilla. Therefore all the version numbers and dates and stuff are likely to be way off. I don't know if this is any more useful than the diff I posted earlier, but just in case, here it is...
This patch will not be accepted, disabled users continuing to receive mail is a feature, not a bug, used by various installations. This proposal has come up before and been decided to be a bad idea. Disabling mail is a separate feature and the proper fix is bug #100953.
Let's see, according to this bug, you can assign bugs to disabled accounts, and it has been decided that disabled accounts should continue to get mail. So it seems like the only thing disabling an account does is prevent a particular email address from reporting bugs (at least until they register a different account). Well that and showing their username crossed out. Has anyone asked whether this account disabling feature is actually useful for anything real? It sure seems like it would be nice to have some single UI action that would *actually* disable someone's account (i.e. remove them from bug groups, stop sending them email, restrict their access, etc., etc.).
My key point originally (see comment 0) was that it shouldn't be possible to give disabled accounts _new_ responsibilities. This includes at least QA, Assignee and flag requestees. Mail about the existing responsibilities and possibly reporter/CC related is fine with me, unless specifically disabled by nomail. I do agree that disabling mail is separate from disabling logins by accounts. I also agree there should be a trivial way to disable everything for an account. This situation will be somewhat helped by the nomail ui bug MattyT referred to. Matty: >This patch will not be accepted, disabled users continuing to receive mail is >a feature, not a bug, used by various installations. >This proposal has come up before and been decided to be a bad idea. It may be a feature and even used by various installations, but it does seem counter-intuitive at first glance. As such, revising that might be in order. I'm not going to argue about this until I've read the past discussion. Got any bug number or other reference to the "before"?
The reason that they get disabled is so we can use mailing lists as assignees. Which probably dictates that we'd need something to distinguish these lists from users for this purpose.
jouni, is there any good reason to keep this bug open? Sounds like a dupe of bug 97662 to me.
*** This bug has been marked as a duplicate of 97662 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
clearing target for resolved other than fixed, so they'll show up as untriaged if they ever get reopened.
Target Milestone: Bugzilla 2.20 → ---
Status: RESOLVED → VERIFIED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: