bsag's email address is the default admin_email
The default value for Preferences.admin_email is bsag's email address. There are a number of problems with this:
- It's not apparent that the user needs to change this configuration value when setting up an admin account.
- The value is stored even for non-admin users, where it's currently both irrelevant and inaccessible.
- If the Tracks instance is public and open signups are disabled, the email address of the administrator is exposed on the signup page.
Leave a comment
Right now the admin_email setting is weird because it is the only global setting that is editable in the UI but restricted to the admin. All other UI-editable preferences are truly per-user, and all other global settings are in site.yml (or hard-coded, etc.). This setting isn't consistent with either of those. To reconcile the difference, I see four options:
- (A) Get rid of it -- Since @lrbalt votes no, I'm fine scrapping this option.
- (B) Move it into site.yml to make it consistent with other global settings -- @lrbalt, this is your suggestion. I would take it one step further, though: it should, at the same time, be removed from the Preferences model. (It wouldn't make sense to provide a "default" for a preference that is then only stored one place. That creates confusing behavior, e.g., changing it in site.yml wouldn't actually change the value in the application.)
- (C) Move it into a new Settings model and establish a new consistent way of configuring global settings -- Separate from Preferences, and not per-user. Admins would have it as an additional option in the Admin menu. This would provide a framework to move other global configuration options, such as defaults for new users, into the UI and out of config files.
- (D) Leave it as the "odd man out," as-is -- In this case I would propose changing the model to a blank default email, and then adding an email field to the first-user (admin) signup with text such as "Email (visible to others)." This solves my (1) and (2) above, and provides fair warning for (3).
(In tracks-tickets:bd656ee1c7cd6e48e9073ec2afea331030582c10) fix #1350 by removing admin_email from preferences model and add it as a site option in
site.yml.tmpl. This one needs running migrations
Branch: master
site.yml.tmpl. This one needs running migrations
Branch: master