[#24992] - Correct username in plg_actionlog
- Fixed in Code Base
- 22 Jun 2019
- Medium
- Build: staging
- # 24992
- Diff
- tecpromotion:tecpromotion-correct-username_plg-actionlog
- Pending Hound Hound is busy sniffing around... Details
User tests: Successful: Unsuccessful:
Summary of Changes
In the User Actions Log extension, the user is always used in the output. The exception is the log entries related to the cache. Here, the user name is always used instead of the user.
With the change now value username is used instead of value name.
Testing Instructions
Create a new user with
name = Super User
and
username = test
Expected result
User test deleted cache group all
Actual result
User Super User deleted cache group all
Documentation Changes Required
--
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Front End Plugins |
| Labels |
Added:
?
|
||
I have tested this item
thx
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24992.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24992.
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-06-22 06:59:40 |
| Closed_By | ⇒ | zero-24 |
Merging thanks.
The filter by user is still using name and not username
This PR implies changes to the logcreator field.
Without a modification here I get
Issue solved if modifying the query to use username and not name
// Construct the query
$query = $db->getQuery(true)
->select($db->quoteName('u.id', 'value'))
->select($db->quoteName('u.username', 'text'))
->from($db->quoteName('#__users', 'u'))
->join('INNER', $db->quoteName('#__action_logs', 'c') . ' ON ' . $db->quoteName('c.user_id') . ' = ' . $db->quoteName('u.id'))
->group($db->quoteName('u.id'))
->group($db->quoteName('u.username'))
->order($db->quoteName('u.username'));
@infograf768 can you send the required changes as PR?
TBH, I am not sure about the whole thing
Yes, what is logged should be consistent BUT imho it should be the name and not the username displayed in the logs.
The reason is that the username is also the Login Name and this could be a security breach.
What do you think?
This means that we have to do the reverse of that PR, i.e. use ->name everywhere and keep the filter as is.
I do not see a security breach here. If you can see the action logs, then you can also access the users component and see the usernames. The improvement is that the username is unique and therefore faster to allocate.
You are right that the name is not unique indeed (which is weird btw...).
Note: it is always the Name which is displayed in the Managers and Created by field (and its modal), which imho demonstrates that we should make the Name unique too...
I don't think the name should be unique.
For a clear identification we already have 2 values, username and e-mail address. That's enough, or not?
But if it causes such far-reaching changes, is it perhaps sufficient to write the username in parentheses after the names in the output?
What do you all mean?
BTW, why keep using ->name in onUserAfterRemind($user)
It is not consistent imho.
username is unique, the name isn't. so imo it's better to use username
we must not make "name" unique. That would be terribly restrictive. Even with my almost unique family name there are two "brian teeman"
thats the reason that we stay with username instead using name.
Understood that. Tks.
Also see #24862