Description
In a non public wiki a newly created user seemed to have taken over the ID of the second user. All entries the second user that was created (also super user) ever made are now owned by the newest user.
Steps to reproduce
- Currently could not reproduce
Example
Component selection
- general
Details
I have now made a tar archive as backup of the user. The first user cant be found any more in date/user dir, but the new user has a file with the latest date. As this is a hidden wiki I can not share any information publicly but I could share some parts to selected developers.
MoinMoin Version |
Version 1.6.1 [Revision release] |
OS and Version |
(Gentoo 4.1.2 p1.0.2) |
Python Version |
2.5.1 (r251:54863, Feb 12 2008, 20:16:43) [GCC 4.1.2 ] |
Server Setup |
CGI |
Server Details |
|
Language you are using the wiki in (set in the browser/UserPreferences) |
german |
Workaround
Discussion
I think was rather a usability issue as this might have happpened:
- Situation was: many users should be created
- User A (super user), logs of.
- User A tries to create user for B
- On login he is asked for username and password. he might have thought this is needed for registering, so ...
- He logs in as A
- He is presented with the user settings and is able to change user name, add new password and new email address
- he saves
- Now the User A has become user B and user A is gone.
This also means that he cant be a superuser any more because he is named different.
Sure this is ALL users fault - but if you dont move forward carefully you can very easily remove the super user without getting a notice. I think Moin really needs a LOT of usbality improvements, the reaosn why user A tried to create users was because most users were not able to do it themselves - and thats because its all but obvious. I try to make some tweaks that make things easier. -- ThiloPfennig 2008-02-17 18:06:15
Well everything is configurable. May be we should add some hints to the docs. E.g. if one enables the superuser feature or uses acls he should configure user_form_disable = ['name']. It is always not easy to get someome misses something which looks quite obviously to someone else. -- ReimarBauer 2008-02-18 10:28:23
Plan
- Priority:
- Assigned to:
- Status: