-
Notifications
You must be signed in to change notification settings - Fork 489
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not expose ugly user identifiers when assigning roles #1123
Comments
@scolapasta we talked about this yesterday right? you had a solution for it, yes? |
I was waiting until we have the final discussion on user identifiers / names to do this. We had previously said we would show the real name here and you would search for "Gustavo Durand" instead of @gdurand. (that is the solution I spoke of) I want to make sure what we decide that before using it, or if we go with usernames. Bu if I have time, I'll try to get this before our review with Merce on Monday, so it looks nice for the discussion. |
This sounds like a fine solution. I opened this ticket because I don't want us to expose the internal user identifiers which can be quite ugly. Showing the name instead (i.e. "Gustavo Durand") sounds great! |
This is done, but needs discussion. Right now I show name and e-mail (as an example). I could show Affiliation, though that requires a (hopefully minor) back end change. |
We probably shouldn't show email addresses. When the whole world can sign up for an account, anyone could sign up and discover people's email addresses. #749 is about how we a sign up should let people know that display names will be searchable, not email addresses. In #759 we stopped indexing email addresses for privacy. |
Yes, that's why I said as an example. We never got to this in the meeting Monday, but it was meant to be a point of discussion. |
Changed it to name and affiliation for now. So I can pass this to QA (we still can decide what is best, but this way no one is upset with e-mail there). |
OK, currently uses name and affilation. |
This is a follow on to #1080 about how we currently see
@
signs when assigning roles and permissions.For Shibboleth users especially, the user identifier is long and ugly (screenshot below) and should not be shown. For example:
@https://idp.testshib.org/idp/shibboleth|myself@testshib.org
The text was updated successfully, but these errors were encountered: