View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0010964 | mantisbt | authentication | public | 2009-09-18 11:10 | 2014-01-21 17:06 |
Reporter | Wim van Ravesteijn | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | confirmed | Resolution | open | ||
Platform | NA | OS | NA | OS Version | NA |
Product Version | 1.1.8 | ||||
Summary | 0010964: Anonymous account problems at 'reporter' access level (no bugnote_edit_threshold, public/private problems) | ||||
Description | The anonymous access is not properly implemented. Any person using the anonymous account has same access as somebody that has a personal reporter account. This means that any bug posted by anonymous as private is visible for every anonymous user, but not registered reporters. Also notes of anonymous can be edited by any other user logged in as anonymous. | ||||
Additional Information | Anonymous actions should be limited to 'add', 'edit' or 'delete' should be disabled. Also private bugs should not be visible anymore after reporting them. Possible solution: any action of 'anonymous' should be stored in the database under a different user_id than the ID of $g_anonymous_account. | ||||
Tags | No tags attached. | ||||
What access level is your anonymous account set at? MantisBT does allow you to set the access level to "reporter" (or whatever else you like) although this is obviously not recommended. Usually you should only set the anonymous account to a "viewer" access level. Also please make sure you mark your anonymous account as "protected" so the account cannot be updated by non-administrators. |
|
The access level of anonymous account is 'reporter'. The idea of using the anonymous account is to make it easier for users to report bugs, without having to register first an account. Obvious 'anonymous' needs to be reporter for this. If the anonymous account is only meant for viewing, a note about this in the documentation wouldn't be bad, to warn people about the issues I mentioned. The anonymous account is marked as protected. |
|
It isn't currently possible to set a threshold for who can edit bugnotes (it is just an on/off toggle). There is a threshold for deleting bugnotes however. It wouldn't be too hard to implement a bugnote editing threshold and create a new (default) access level called "anonymous" which is below the bugnote editing threshold. Public/private won't really work properly with anonymous accounts unless you don't mind the anonymous users losing read access to it right after posting. The whole purpose of being anonymous is that you shouldn't be able to tell different anonymous users apart. This means we can't work out which anonymous user posted a bug or bugnote that is marked as private. What we could do is provide password access to bugs so that anonymous users can use a password to access the private bug they've submitted? |
|
That public/private does not work properly with anonymous is not such a big problem I would say. Of course not nice, but in that case people should simply not use anonymous and register first. With password access you mean that somebody has to fill in a password when submitting a bug anonymous, which he can use to access it afterwards? Might be an option, but than it might get almost easier to fully register. One could simply add a warning behind the private option that access is lost immediately after posting, unless you register first. For the moment I've installed a cronjob that changes the user_id of posts made by anonymous to a second anonymous user. This works, but takes some time before it gets into effect. I suppose that an option to store the anonymous posts under different user_id than it uses to view will solve biggest part of the problem. That you indeed cannot edit your own stuff should be accepted (for that you can register). |
|
AFAICT the problem here is that anonymous is mapped to a real user with a given set of privileges, corresponding to the chosen user's access level. I think that was a shortcut during development of the feature and if we decide it's a feature important enough we should rethink how that's handled. |
|
The more I think about it, the more I can understand why you may want more than one anonymous account at a time... ie, if you want to have different permissions for anonymous users from different IP ranges (internal vs external for example). Therefore I think it would be best to aim for Mantis to not have a single hardcoded anonymous account. |
|
Uhm, that starts to be cumbersome... so we should rely on the client's IP address to grant permissions? doesn't sound right |
|
@Wim van Ravesteijn: This may not solve all your problems, but could be a temporary workaround. What I did for my project was to give anonymous user a Viewer profile, but then I granted Viewers the right to create reports (from Manage Config > Workflow Thresholds), but not to add/edit notes. I had to go for this as I was getting lots of spam notes otherwise (probably from bots), while I would like to keep the right for reporting for anonymous users. |
|