-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make duplicate sharee autocomplete results easier to distinguish #28979
Comments
The quickest solution would be to detect duplicates in the frontend side and when duplicates exist, display the contents of the tooltip inline: "hallo (user1)", "hallo (user2)", etc. Email address would also be a solution but it might not always be available. Also in the case of LDAP, there might be multiple email addresses. I'd assume that there is a main email address (@tomneedham might know) Note that whatever logic we decide to use here we might also need to apply to other app's autocomplete like the customgroups members autocomplete. |
Preventing duplicate display names is not a good idea considering that display names can come from LDAP or any custom user backend. I'd rather not explore that route as it could become complex. |
Let's try with the main email address. If not set, fallback to the user id. |
privacy concern: this would too easily reveal email addresses in contexts where it might not be desirable to let people know each other's emails |
right now there is always a primary mail address yes |
There was a ticket about this somewhere - where someone was adding the email to the hover over |
Looks like for the guests app we'd like to have an additional indicator behind users ? @pmaier1 See owncloud/guests#149. I'd have hoped that the email address would be enough. |
I think we are going the right way with #28979 (comment). If there's more to be discussed, please approach me. This is a release blocker for 10.0.4. Adjusting priority. |
Regarding #28979 (comment): |
Need to first resolve privacy concern: #28979 (comment). Exposing email addresses feel wrong. Anyone could just type each letter "a", then "b" and harvest email addresses from the results. (they could script that) |
One idea would be to have a list of fields that can be used: "id", "email" and in the future potentially LDAP "search_terms" attributes. The admin could decide to allow displaying the email address there instead of the id, as an opt-in solution. For now the field could be a simple dropdown in the admin sharing sections with two choices:
Thoughts ? |
Display name output format settings
|
Open
|
To scope this specific ticket I'd like to limit the application of the user display names to only the share autocomplete and the list of user shares in the sidebar panel. We can then evaluate further locations like author comments, custom groups, and extend the usage of the format there. Considering that we want this reusable, we could even have a new method on Thoughts or objections ? @butonic @DeepDiver1975 @jvillafanez |
As a user I typically look at the Avatar, the displayname and the email address, in that order. If a user has no email set we could fall back on the owncloud internal username. Falling back on the login can be considered a security issue because you can then look up logins. On the other hand, same goes for email. The userid might be cryptic and confusing to users, IMO it should only be visible for admins (in the user list). Even more problematic: db users can set their avatar and displayname at will, easily impersonating other users. For emails we send a verification mail, so it might be safe enough to rely on that ... if it is set. an |
@butonic are you talking about login or user id ? Note that user id is already visible in the tooltip currently. You're right about |
oC already shows the "Username"/Login name in the mouse-over tooltip.
Sounds nice! Another thing that came to my mind: If the admin sets "only display name", then duplicates which are not distinguishable can still occur. Didn't think about that when we were talking. Actually we need to find a way that this can't happen in general or we add a hint to the option. Hmhm, not that satisfying.
Essentially agreed. Is userid the same as "Username" in the user list? Wouldn't it be possible to provide another solution when user names are cryptic (mainly with LDAP, right?) and still rely on user name for basic cases?
|
login would make at least sense to show in the ui. userid is cryptic and hes no value to end users. admins may use it with occ. but currently we dont store the login (ldap can even have multiple login attributes, eg samaccountname and userprincipalname) |
Note this is already considered to be too much information released for some customers - who want to hide the LDAP GUID for example |
They could then use "display name only" which would make them happy as we drop the tooltip and really only display names would be accessible for users. The drawback of potential indistinguishability would be given as a hint in the settings. |
PR here, please try it out: #29334 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Steps
Expected result
Three distinguishabe entries.
Actual result
All three entries say "hallo".
With no avatars set, there is no visual way for distinction.
The tooltip shows the user id but might not be suitable in the case of LDAP uuids.
Version
ownCloud 10.0.3RC1
See also owncloud/guests#142 (comment)
@pmaier1 @tomneedham
The text was updated successfully, but these errors were encountered: