View Issue Details

IDProjectCategoryView StatusLast Update
0021304mantisbtadministrationpublic2016-08-28 01:12
Reportervboctor Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.0 
Target Version1.3.1Fixed in Version1.3.1 
Summary0021304: Don't prune system accounts

If a plugin or an administrator creates a system account that may be used to assign issues two or some other purpose, such accounts can be deleted when a user is pruned.

There are several options to consider:

  1. Require such accounts to be marked as protected, and not to prune protected accounts.
  2. Fake a login for such accounts after creating them. This may not work if we decide in the future to provide an option to prune accounts that have no associated data even if they have logged in.
  3. Do more checks to make sure an account is not used, e.g. no issues assigned to them, etc. Same checks that we would want to do when deleting an issue (we don't do that now either). This may not solve the issue, since the service account may not be used yet, but is needed for the future.

I suggest option 1. When 3 is available, we can also make such check.

TagsNo tags attached.


related to 0020805 new Protect administrators against deleting users without understanding implications 
related to 0021305 closedvboctor Don't allow deletion of users with associated data 


Related Changesets

MantisBT: master-1.3.x 8ac7f9c3

2016-08-26 20:14:38


Details Diff
Don’t prune protected accounts

Fixes 0021304
Affected Issues
mod - manage_user_prune.php Diff File