Feature #4179

Link to user in wiki syntax

Added by Felix Schäfer almost 8 years ago. Updated 3 months ago.

Status:ClosedStart date:2009-11-08
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Text formatting
Target version:3.4.0
Resolution:Fixed

Description

It would be nice to have some "user" Links in the wiki syntax, something like user:3866 or user:felix, which would the be replaced by the full name as configured in the global settings, with a link to the user page if the viewing user is entitled to seeing that page.

4179_link_to_user_in_wiki_syntax.patch Magnifier (7.25 KB) Marius BALTEANU, 2017-05-07 14:16

4179_show_login_attribute_in_user_page_v2.patch Magnifier (553 Bytes) Marius BALTEANU, 2017-05-13 17:35

4179_show_login_attribute_in_user_show_v3.patch Magnifier (2.29 KB) Marius BALTEANU, 2017-05-14 09:17

link_to_user_profile_by_id.patch Magnifier (1.43 KB) Marius BALTEANU, 2017-06-08 08:42

link_to_user_profile_by_id_v2.patch Magnifier (1.66 KB) Marius BALTEANU, 2017-06-16 00:13


Related issues

Related to Redmine - Feature #867: Want more wiki link types Closed 2008-03-15
Related to Redmine - Feature #5228: Users are just numbers New 2010-03-31
Related to Redmine - Feature #13919: Mention user on comment/description using @user with auto... New
Related to Redmine - Feature #26127: Display user logins on profiles New
Related to Redmine - Patch #26188: Documentation (detailed syntax help & code) additions/imp... Closed
Related to Redmine - Defect #26443: User link syntax (user:login) doesn't work for logins con... Confirmed
Related to Redmine - Defect #26892: Link to user in wiki syntax only works when login is writ... New
Duplicated by Redmine - Patch #6690: Redmine link to user profile Closed 2010-10-18

Associated revisions

Revision 16636
Added by Jean-Philippe Lang 5 months ago

Link to user in wiki syntax (#4179).

Patch by Marius BALTEANU.

Revision 16638
Added by Jean-Philippe Lang 5 months ago

Fixes wrong condition (#4179).

Revision 16671
Added by Jean-Philippe Lang 4 months ago

Link to user by id (#4179).

Patch by Marius BALTEANU.

History

#1 Updated by Victor Dulepov almost 8 years ago

My vote goes for this feature. Got used to that in Confluence...

#2 Updated by Angelo Quaglia over 7 years ago

It would be very useful, I agree.

#3 Updated by Dominic Clifton over 6 years ago

+1

#4 Updated by Roman Surikov over 6 years ago

+1

#6 Updated by Jonathan East almost 6 years ago

+1

#7 Updated by Dongju Kim almost 6 years ago

+1

#8 Updated by Ming-Chin Chen over 5 years ago

+1

#9 Updated by Denny Schäfer over 5 years ago

+1

#10 Updated by Namho Kim over 5 years ago

+1

#11 Updated by Anonymous over 5 years ago

+1

#14 Updated by Rainer Putzinger about 5 years ago

+1

#15 Updated by José Campos about 5 years ago

+1

#17 Updated by Andriy Lesyuk almost 5 years ago

Just wanted to let you know, that it has been implemented in WikiNG...

#18 Updated by Thomas Robbs almost 5 years ago

+1

#19 Updated by Mischa The Evil over 4 years ago

  • Target version set to Unplanned

#20 Updated by Diego Antunes over 4 years ago

+1, but please check this link http://www.redmine.org/issues/13919

#21 Updated by Mariusz Dalewski over 4 years ago

+1

#22 Updated by Jaroslav Povolný over 4 years ago

My +1 here. The most nice would be to use twitter-like annotation: @felix

#23 Updated by Julien Huang about 4 years ago

+1 for Twitter-like user-mention (see also #13919)

Also, this feature raises the issue about notification when a user is mentioned in an issue/wiki page/commit msg...

#24 Updated by Toshi MARUYAMA about 4 years ago

  • Duplicated by deleted (Patch #6690: Redmine link to user profile)

#25 Updated by Toshi MARUYAMA about 4 years ago

  • Related to Patch #6690: Redmine link to user profile added

#26 Updated by Hugo da Silva da Silva almost 4 years ago

+1
This would be very useful for me too. It would be nice if I could create the RACI Matrix and reference eache person by their own users page.

#28 Updated by Lucky Boy over 3 years ago

+1

#29 Updated by Jaromír Rys over 3 years ago

+1

#30 Updated by Kevin Palm over 3 years ago

+1

#31 Updated by Jurgen Reniers about 3 years ago

+1

#32 Updated by Stephane Lapie about 3 years ago

+1

#33 Updated by Dmitry Rizhikov almost 3 years ago

+1

#34 Updated by Moisés Bites over 2 years ago

+1

#35 Updated by Michal Kowalski over 2 years ago

+1

#36 Updated by John Wang almost 2 years ago

+1

#37 Updated by Wolfi F. over 1 year ago

+1

#38 Updated by Matthias Pohl about 1 year ago

+1

#39 Updated by Toshi MARUYAMA about 1 year ago

  • Category changed from Wiki to Text formatting

#40 Updated by Jonatã Bolzan Loss 10 months ago

+1

#41 Updated by Marius BALTEANU 6 months ago

I've attached a patch that adds two syntaxes for user links:
user:marius.balteanu
@marius.balteanu
Users privacy is checked by this patch.

Regarding the proposed syntax with id (user:107353), even if it's easy to be added, I think that it is not worth it because is hard to retain the ids. For example, I don't know my user id from the instance that I administrate for more than 3 years.

Even if the syntax with @ required some changes in the wiki formatting (to support logins name with @), I really think that is it important to have it because the syntax "@user" is very well known and used by many applications (like: Github, Gitlab, etc).

This is another top voted feature, maybe we can include this in 3.4.0 in order to work at the mention feature (#13919) in version:3.5.0. These 2 features will improve the collaboration level.

#42 Updated by Go MAEDA 6 months ago

Marius BALTEANU, thank you for the patch. I really want this feature.

But I am not certain about whether the proposed implementation is proper or not because User#login is treated as secret information in the current implementation of Redmine. Please see source:trunk/app/views/users/show.html.erb@16464#L9. Only admin can see User#login.

#43 Updated by Marius BALTEANU 6 months ago

Unfortunately, I don't see to many alternatives for the implementation:
  1. First Name and Last Name cannot be used, it is hard to find a user after these properties and also, they are not unique.
  2. ID could be a solution, but without an autocomplete feature to search users like in the watchers modals it'll be hard to find their ids. Also, I find it quite strange to see "user:107353" in texts comments/wikis.
  3. Email addresses, but the users have the option to hide this attribute.

From my point of view, User#login is the best solution and I do not see to many disadvantages because:
- in many companies, you can easily guess the login name of your colleagues because they have the same format
- comparing with the Last Name, First Name or the email addresses, it is less considered personal data.
Of course, if you get the login name of another user, you can try some brute force to login with his user, but this "security" issue can be prevented using a mechanism like Captcha.

@Go Maeda, how do you see this implementation? I'm open to create a patch only with "user:id", but I want some feedback before. In this note (#6690#note-2), Jean-Philippe Lang said only about the user.visible? check that wasn't implemented in the respective patch.

#44 Updated by Go MAEDA 5 months ago

  • Target version changed from Unplanned to Candidate for next major release

Marius BALTEANU wrote:

@Go Maeda, how do you see this implementation? I'm open to create a patch only with "user:id", but I want some feedback before. In this note (#6690#note-2), Jean-Philippe Lang said only about the user.visible? check that wasn't implemented in the respective patch.

I prefer using User#login as you suggested but it violates current design.
I think we should change current design of Redmine. That is, Stop handling user#login as secret information. Personally I don't think User#login as confidential. Many services treats user id as public.

#45 Updated by Marius BALTEANU 5 months ago

Go MAEDA wrote:

I prefer using User#login as you suggested but it violates current design.
I think we should change current design of Redmine. That is, Stop handling user#login as secret information. Personally I don't think User#login as confidential. Many services treats user id as public.

Totally agree. I'm going to update the patch this weekend and after that, we'll see what Jean-Philippe Lang says about this change.

#46 Updated by Jan from Planio www.plan.io 5 months ago

I think it's fine to not hide login names. I would think that users don't expect logins to be secret/personal today. And I also like the feature ;-)

#47 Updated by Marius BALTEANU 5 months ago

  • File 4179_show_login_attribute_in_user_page.patch added

Thanks Go MAEDA and Jan for your feedback. I've attached a new patch that shows the login attribute in user page also for non admin users.

If the patch will be accepted, we can implement also #5228.

#48 Updated by Marius BALTEANU 5 months ago

Attached the correct one. Please remove attachment:4179_show_login_attribute_in_user_page.patch.

#49 Updated by Jan from Planio www.plan.io 5 months ago

  • File deleted (4179_show_login_attribute_in_user_page.patch)

#50 Updated by Go MAEDA 5 months ago

Marius BALTEANU wrote:

Thanks Go MAEDA and Jan for your feedback. I've attached a new patch that shows the login attribute in user page also for non admin users.

Thanks for working on this. I found that we also have to change the behavior of API.

diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb
index e4c49f9b8..e711bc482 100644
--- a/app/views/users/show.api.rsb
+++ b/app/views/users/show.api.rsb
@@ -1,6 +1,6 @@
 api.user do
   api.id         @user.id
-  api.login      @user.login if User.current.admin? || (User.current == @user)
+  api.login      @user.login
   api.firstname  @user.firstname
   api.lastname   @user.lastname
   api.mail       @user.mail if User.current.admin? || !@user.pref.hide_mail

#51 Updated by Marius BALTEANU 5 months ago

Indeed. Thanks for pointing this out.

Updated the patch to include this change and also to fix the tests.

#52 Updated by Go MAEDA 5 months ago

  • Target version changed from Candidate for next major release to 3.4.0

This issue has many "+1"s and watchers. Many people want this feature.
I am setting target version to 3.4.0.

#53 Updated by Mischa The Evil 5 months ago

Marius BALTEANU wrote:

Regarding the proposed syntax with id (user:107353), even if it's easy to be added, I think that it is not worth it because is hard to retain the ids. For example, I don't know my user id from the instance that I administrate for more than 3 years.

I agree that an implementation based on User#login is ok1, but I also like to second the above quote, for two reasons:
  1. many people (including myself) do rely on the usage of user ids (they are easily retrievable — also for non-admins — by looking at the target of the linked [to users profile] username)
  2. it would make it more consistent with the existing Redmine links which all accept an id variant

1 I do however see the issue that with opening up the users' login, we make it easier for bad adversaries to bruteforce user account passwords. This might be considered a blocker for some users...

#54 Updated by Marius BALTEANU 5 months ago

Thanks for you feedback.

Mischa The Evil wrote:

I agree that an implementation based on User#login is ok1, but I also like to second the above quote, for two reasons:
  1. many people (including myself) do rely on the usage of user ids (they are easily retrievable — also for non-admins — by looking at the target of the linked [to users profile] username)
  2. it would make it more consistent with the existing Redmine links which all accept an id variant

We can do it, I'll add a new patch soon to add the functionality also for ids.

1 I do however see the issue that with opening up the users' login, we make it easier for bad adversaries to bruteforce user account passwords. This might be considered a blocker for some users...

Agree with you, but the solution for this problem is not to hide the login names (which are easily to guess in many companies), but to use a mechanism like Captcha (see my note #4179#note-43) which could be very useful on this site too.

#55 Updated by Jean-Philippe Lang 5 months ago

  • Subject changed from Link to user in wiki syntax. to Link to user in wiki syntax
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

The patch that adds support for links to user is committed, thanks.

But I prefer to postpone the display of user logins on profiles until we get more feedback. Those who are fine with this can still use logins as display names right now.

#56 Updated by Marius BALTEANU 5 months ago

@Jean-Philippe Lang, thanks for committing this patch.

@Mischa The Evil, I've attached the patch that adds support also for user:id (user:1).

#57 Updated by André Lozovey 5 months ago

In my company we have firstname.lastname as a default for user logins. Nevertheless, we have a wiki page that lists all logins so we can mention them if anyone forgets anything.
As you can see, we don't think displaying user logins is such a problem. I understand it could be a security issue, but I'm not worried about that. We encourage people to change passwords every now and then.

Jean-Philippe Lang wrote:

The patch that adds support for links to user is committed, thanks.

But I prefer to postpone the display of user logins on profiles until we get more feedback. Those who are fine with this can still use logins as display names right now.

#58 Updated by Mischa The Evil 5 months ago

  • Related to deleted (Patch #6690: Redmine link to user profile)

#59 Updated by Mischa The Evil 5 months ago

  • Duplicated by Patch #6690: Redmine link to user profile added

#60 Updated by Mischa The Evil 5 months ago

Jean-Philippe Lang wrote:

The patch that adds support for links to user is committed, thanks.

I'm glad to see this integrated. However, the current implementation is practically useless to all sites that use a user format (display name) other than the one consisting of the user login, as (regular) users won't be able to retrieve the user logins under such circumstances. This can be prevented by also adding support for a numerical variant of the link (user:id or more preferable user#id) like eg. provided by Marius' additional patch attached in note-56. Would you please consider that for inclusion into 3.4.0?

Jean-Philippe Lang wrote:

But I prefer to postpone the display of user logins on profiles until we get more feedback. [...]

I have opened #26127 to track that specific proposal.

#61 Updated by Mischa The Evil 5 months ago

Marius BALTEANU wrote:

@Mischa The Evil, I've attached the patch that adds support also for user:id (user:1).

Thanks. I've had a look at it and it seems okay. One note though: all link keywords that take a numerical id are using # as the separator whereas the ones that take a name, instead use the : separator. With your patch (as also proposed by the OP of this issue) we diverge from this convention. Maybe it's better to use user#id along with user:login and @login. What do you think?

#62 Updated by Mischa The Evil 5 months ago

#63 Updated by Mischa The Evil 4 months ago

  • Status changed from Closed to Reopened

Reopened in light of note-60.

#64 Updated by Marius BALTEANU 4 months ago

Mischa The Evil wrote:

Thanks. I've had a look at it and it seems okay. One note though: all link keywords that take a numerical id are using # as the separator whereas the ones that take a name, instead use the : separator. With your patch (as also proposed by the OP of this issue) we diverge from this convention. Maybe it's better to use user#id along with user:login and @login. What do you think?

I agree with you, I'll update the patch to use the # as separator.

#65 Updated by Marius BALTEANU 4 months ago

Here it is.

#66 Updated by Mischa The Evil 4 months ago

Marius BALTEANU wrote:

Here it is.

Nice. LGTM! Thanks for working on this.

@Jean-Philippe: I think that this issue would be completely implemented for 3.4.0 when note-65 (instead of note-56) patch gets integrated along with r16636 and r16638. Please consider the integration of this last patch.

#67 Updated by Jean-Philippe Lang 4 months ago

  • Status changed from Reopened to Closed

Thanks.

#68 Updated by Mischa The Evil 4 months ago

  • Related to Patch #26188: Documentation (detailed syntax help & code) additions/improvements added

#69 Updated by Vu Anh 3 months ago

Seem it isn't working well with syntax "user:" (Login name contain "@" character)

#70 Updated by Go MAEDA 3 months ago

Vu Anh wrote:

Seem it isn't working well with syntax "user:" (Login name contain "@" character)

This issue has been closed and the feature has already been delivered. Could you open a new issue to report the problem?

#71 Updated by Mischa The Evil 3 months ago

  • Related to Defect #26443: User link syntax (user:login) doesn't work for logins consisting of an email adress added

#72 Updated by Mischa The Evil 3 months ago

Go MAEDA wrote:

Vu Anh wrote:

Seem it isn't working well with syntax "user:" (Login name contain "@" character)

This issue has been closed and the feature has already been delivered. Could you open a new issue to report the problem?

Done. #26443.

@Vu Anh: you can alternatively use the short syntax (@abc@example.com), which should work fine.

#73 Updated by Go MAEDA 28 days ago

  • Related to Defect #26892: Link to user in wiki syntax only works when login is written in lower case added

Also available in: Atom PDF