0021304: Don't prune system accounts - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0021304	mantisbt	administration	public	2016-07-16 19:33	2016-08-28 01:12

Reporter	vboctor	Assigned To	vboctor
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	1.3.0
Target Version	1.3.1	Fixed in Version	1.3.1

Summary	0021304: Don't prune system accounts
Description	If a plugin or an administrator creates a system account that may be used to assign issues two or some other purpose, such accounts can be deleted when a user is pruned. There are several options to consider: Require such accounts to be marked as protected, and not to prune protected accounts. Fake a login for such accounts after creating them. This may not work if we decide in the future to provide an option to prune accounts that have no associated data even if they have logged in. Do more checks to make sure an account is not used, e.g. no issues assigned to them, etc. Same checks that we would want to do when deleting an issue (we don't do that now either). This may not solve the issue, since the service account may not be used yet, but is needed for the future. I suggest option 1. When 3 is available, we can also make such check.
Tags	No tags attached.

related to	0020805	new		Protect administrators against deleting users without understanding implications
related to	0021305	closed	vboctor	Don't allow deletion of users with associated data

MantisBT: master-1.3.x 8ac7f9c3 2016-08-26 16:14 vboctor Details Diff	Don’t prune protected accounts Fixes 0021304		Affected Issues 0021304
	mod - manage_user_prune.php		Diff File

vboctor 2016-08-26 20:15 manager ~0053897	PR: https://github.com/mantisbt/mantisbt/pull/871