View Issue Details

IDProjectCategoryView StatusLast Update
0022967mantisbtuipublic2017-09-03 18:41
Reporteratrol Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version2.6.0Fixed in Version2.6.0 
Summary0022967: Questionable display of "Access Denied" on view_user_page
Description

E-Mail and Real Username are displayed as Access Denied on view_user_page if the user has no rights to access for it.

It's better to suppress the display of this information instead of showing "Access Denied".

TagsNo tags attached.

Relationships

related to 0022981 closedatrol Display of hardcoded string on view_user_page if e-mail address is empty 

Activities

atrol

atrol

2017-06-04 07:11

developer   ~0057023

PR https://github.com/mantisbt/mantisbt/pull/1119

dregad

dregad

2017-06-08 05:20

developer   ~0057040

For the record, I do not think that such display is "questionable". It is a stating the fact that information is not displayed due to the user's insufficient permissions. I'll agree that the wording of the message could be put more nicely though.

That being said, I'm also fine with completely removing the table row.

atrol

atrol

2017-06-08 07:31

developer   ~0057043

I thought it's questionable as it would look quite curious if we would display "Access Denied" everywhere where we don't display information at the moment if users don't meet one of our *_threshold options.
e.g. assume you have set view_history_threshold, view_attachments_threshold, ... = NOBODY.

BTW, hardly a real use case, but you could not distinguish between a user who entered "Access Denied" as his real name and "Access Denied" as the message for missing access rights.

Related Changesets

MantisBT: master bf8d05bb

2017-06-04 06:59:32

atrol

Details Diff
Supress display of "Access Denied" messages on view_user_page

Fixes 0022967
Affected Issues
0022967
mod - view_user_page.php Diff File