Patch #18128
closed
Make User profile 404 rendering more consistent (and speed up Users#show API)
90%
Description
Users#show (viewing the profile of any given user) can display three main sections of information:
- The name, email, registered on, last connection, and custom fields pertaining to the user (personal information)
- The user's memberships in projects
- The user's last activity in any projects
Currently, if the user has (a) at least one membership or (b) at least some activity, the user profile is shown, including the three sections above.
If the user has no membersip and no activity, the page is not shown and a 404 is returned.
I think this is not very consistent. In the latter case, a visitor of the user's profile page could still be interested in seeing the user's personal information, even if she/he has no memberships or activity.
This patch fixes this behaviour and always displays a user profile.
The reason for this patch was that we noticed that the Users#show API call takes considerable time currently. It turns out, this is due to the fact that the user's activity is pulled even in case of an API request (for which the actiity is not needed). So, in order to be able to move fetching of the activity to the format.html block, we made the change above. We think that both changes make sense, somehow.)
Files
Related issues
Updated by Jean-Philippe Lang about 10 years ago
- Category changed from Code cleanup/refactoring to Accounts / authentication
- Target version deleted (
Candidate for next minor release)
This patch is not refactoring as it affects the visibility of user accounts (and thus breaks a test). It makes all accounts visible to anyone and some people really don't want that. We need to setup some permissions to view user accounts before changing that.
Updated by Jean-Philippe Lang about 10 years ago
- Related to Feature #18093: Please add the permission "can see project members" to the roles, or better an "hidden member" attribute for roles or memberships added
Updated by Mischa The Evil about 10 years ago
- Related to Feature #11724: Prevent users from seeing other users based on their project membership added
Updated by Jan from Planio www.plan.io about 10 years ago
Jean-Philippe Lang wrote:
This patch is not refactoring as it affects the visibility of user accounts (and thus breaks a test). It makes all accounts visible to anyone and some people really don't want that. We need to setup some permissions to view user accounts before changing that.
Sorry about that. I did run the test suite, I must have missed that. Maybe it was too late in the evening.
I agree that a dedicated permission would be better. I just thought this change would not hurt since the decision on whether to display a 404 or not is already kind of implicit/technical (only if memberships or events present) rather than an explicit choice to be made by users and/or admins.
Next time, I will take a step back and think twice before marking stuff as candidate for a next release.
Updated by Mischa The Evil about 10 years ago
- Related to Feature #14601: Improve returned HTTP status code for requests for account/show added
Updated by Jean-Philippe Lang about 10 years ago
- Status changed from New to Closed
Superseded by r13584. User profile access is now allowed based on Users visibility setting on roles.
Updated by Jan from Planio www.plan.io about 10 years ago
Great solution and thanks as well for #11724!