Bugzilla:Email Change Design
From MozillaWiki
This is a design for achieving the following design goals:
Goals
- Allow Bugzilla to be configured to hide the email addresses of all users
- Continue to have human-viewable unique identifiers for users in all configurations
Non-Goals
- Individual user configurability of email address hiding even when not turned on globally
Bugs Fixed
- bug 218917 - Allow login_name != email_address, so address isn't displayed (anti-spam effect too)
- bug 163551 - Implement complete email address privacy
- bug 179622 - Flags should be listed with full email (or new username field unique across the installation)
Changes
The fix will follow the path of the excellent work done by wurblzap in bug 218917.
- Database acquires new email column in profiles table.
- Migration: email is populated from login_name + Param("emailsuffix"), if present. Param("emailsuffix") is removed - the use case for it is now covered from the other direction by 'nick', or admins can configure Bugzilla to use non-email login_names, which would be shorter.
- There is a new Param("use_email_as_login"), which defaults to on, unless Param("emailsuffix") is set, in which case it defaults to off. If it's on, it means that the email and login_name fields should be identical at all times. If it's turned off, it means the users may have a different login value from their email address, and email addresses are not revealed to any user ("email privacy").
- If Param("use_email_as_login") is off, the separate login_name field is referred to as "Username" in the UI. The user is prompted for it at account creation time. It must be unique.
- If Param("allowemailchange") is set, and if Param("use_email_as_login") is on, updating your email updates both fields. If Param("use_email_as_login") is off, it just updates the email field, and they have to ask an admin to change their login_name using editusers.cgi. (I.e. if logins are separate, users may not change their own login_name. Logic: this seems to be common practice on other systems where the two values are distinct.)
- If Param("use_email_as_login") is on, we use login_name in <a href="mailto:">, for logged-in users. If the param is off, then usernames do not have mailto: links at all, to maintain privacy. A template can abstract away this decision.
- The data in the email column is only used for sending mail, and should never be available to other users.
Bugzilla::User
The interface of Bugzilla::User will be as follows:
- name()
- returns the real name, the DB realname value, which is a non-unique human-readable value.
- login()
- returns the DB login_name value, which the user uses to log in, and which is used to uniquely identify them in the UI.
- email()
- returns the DB email value, the user's actual email address to send email to. Only used for this purpose.
- identity()
- presentational method; returns the string "name() <login()>".
- nick()
- presentational method; Param("use_email_as_login") ? part of login() before the @ sign (so not unique) : login() (so unique)
- extern_id()
- external ID is used by external authentication methods to store related information. It exists along with login() because some Bugzillas support multiple login methods. (This is why the argument here is wrong.)
