#1350
  • Created on
    2012-10-27 00:57
  • Reported by
    zoombody
  • Status
    Fixed
  • Priority
    Normal (3)
  • Assigned to
    zoombody
  • Milestone
    2.2
  • Plan Level
    -
  • Due Date
    -

Attachments

bsag's email address is the default admin_email

The default value for Preferences.admin_email is bsag's email address. There are a number of problems with this:

  1. It's not apparent that the user needs to change this configuration value when setting up an admin account.
  2. The value is stored even for non-admin users, where it's currently both irrelevant and inaccessible.
  3. If the Tracks instance is public and open signups are disabled, the email address of the administrator is exposed on the signup page.
User picture
  on 2012-10-27 00:58 *
By zoombody
Due primarily to (3), I propose simply removing this column from the database entirely. Thoughts?
User picture
  on 2012-10-28 12:51 *
By lrbalt
isn't (3) intended behaviour, i.e. a way to contact the admin?
User picture
  on 2012-10-29 01:10 *
By zoombody
"A way to contact the admin" is a good intention, but it is generally considered poor privacy practice to yield an email address, particularly when it is not obvious or explicitly approved that such exposure will occur.
User picture
  on 2012-11-16 15:39 *
By lrbalt
1) I don't mind changing the default admin email from bsag to a default in site.yml
2) we could change it to empty for non-admin users
3) we could add a comment to site.yml that admin email is published on signup page.
User picture
  on 2012-11-16 15:39 *
By lrbalt
Type set to enhancement
Milestone set to 2.2
Type set to enhancement
Milestone set to 2.2
User picture
  on 2012-11-17 04:46 *
By zoombody
Right now the admin_email setting is weird because it is the only global setting that is editable in the UI but restricted to the admin. All other UI-editable preferences are truly per-user, and all other global settings are in site.yml (or hard-coded, etc.). This setting isn't consistent with either of those. To reconcile the difference, I see four options:

  • (A) Get rid of it -- Since @lrbalt votes no, I'm fine scrapping this option.
  • (B) Move it into site.yml to make it consistent with other global settings -- @lrbalt, this is your suggestion. I would take it one step further, though: it should, at the same time, be removed from the Preferences model. (It wouldn't make sense to provide a "default" for a preference that is then only stored one place. That creates confusing behavior, e.g., changing it in site.yml wouldn't actually change the value in the application.)
  • (C) Move it into a new Settings model and establish a new consistent way of configuring global settings -- Separate from Preferences, and not per-user. Admins would have it as an additional option in the Admin menu. This would provide a framework to move other global configuration options, such as defaults for new users, into the UI and out of config files.
  • (D) Leave it as the "odd man out," as-is -- In this case I would propose changing the model to a blank default email, and then adding an email field to the first-user (admin) signup with text such as "Email (visible to others)." This solves my (1) and (2) above, and provides fair warning for (3).
User picture
  on 2012-12-23 22:16 *
By lrbalt
Status changed from New to Fixed
Status changed from New to Fixed
(In tracks-tickets:bd656ee1c7cd6e48e9073ec2afea331030582c10) fix #1350 by removing admin_email from preferences model and add it as a site option in
site.yml.tmpl. This one needs running migrations

Branch: master