I've spent some time looking at ticket #460, but I keep running in to
problems. The underlying cause of these problems seems to be the
free-form handling of user accounts and settings.
I reopened #460 because it seemed strange that the email address I'd
entered in the session settings was ignored when I created a new ticket
as an authenticated user. My first reaction, as in the comments on that
ticket, was to append the email address even to authenticated users. But
allowing additional information in the reporter or owner field would
cause problems elsewhere: reports would have to use "owner LIKE
'%$USER%'", and this could pick up false-positives. Grouping by either
of these fields could break if email address usage is inconsistent.
I propose the following solution:
* Leave the behavior I complained about in #460 as-is. Only the
authenticated username will be entered. Other users wishing to assign/cc
tasks to a user with an account should also use the username by itself.
* Associate session-data more closely with authenticated users. Rather
than requiring a session key, establish session variables as soon as the
user authenticates. It may even be desirable to hide the parts of the
settings page that deal with session keys from authenticated users.
Behavior for anonymous users remains as-is.
* When sending out notifications to a list which includes the name of a
known user, query the user's saved session data for an email address.
Comments?
--
Cap Petschulat <cap@cdres.com>
Crowley Davis Research, Inc.
problems. The underlying cause of these problems seems to be the
free-form handling of user accounts and settings.
I reopened #460 because it seemed strange that the email address I'd
entered in the session settings was ignored when I created a new ticket
as an authenticated user. My first reaction, as in the comments on that
ticket, was to append the email address even to authenticated users. But
allowing additional information in the reporter or owner field would
cause problems elsewhere: reports would have to use "owner LIKE
'%$USER%'", and this could pick up false-positives. Grouping by either
of these fields could break if email address usage is inconsistent.
I propose the following solution:
* Leave the behavior I complained about in #460 as-is. Only the
authenticated username will be entered. Other users wishing to assign/cc
tasks to a user with an account should also use the username by itself.
* Associate session-data more closely with authenticated users. Rather
than requiring a session key, establish session variables as soon as the
user authenticates. It may even be desirable to hide the parts of the
settings page that deal with session keys from authenticated users.
Behavior for anonymous users remains as-is.
* When sending out notifications to a list which includes the name of a
known user, query the user's saved session data for an email address.
Comments?
--
Cap Petschulat <cap@cdres.com>
Crowley Davis Research, Inc.