Feature #4179

Link to user in wiki syntax

Added by Felix Schäfer over 7 years ago. Updated 6 days ago.

Status:ClosedStart date:2009-11-08
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Text formatting
Target version:3.4.0
Resolution:Fixed

Description

It would be nice to have some "user" Links in the wiki syntax, something like user:3866 or user:felix, which would the be replaced by the full name as configured in the global settings, with a link to the user page if the viewing user is entitled to seeing that page.

4179_link_to_user_in_wiki_syntax.patch Magnifier (7.25 KB) Marius BALTEANU, 2017-05-07 14:16

4179_show_login_attribute_in_user_page_v2.patch Magnifier (553 Bytes) Marius BALTEANU, 2017-05-13 17:35

4179_show_login_attribute_in_user_show_v3.patch Magnifier (2.29 KB) Marius BALTEANU, 2017-05-14 09:17

link_to_user_profile_by_id.patch Magnifier (1.43 KB) Marius BALTEANU, 2017-06-08 08:42

link_to_user_profile_by_id_v2.patch Magnifier (1.66 KB) Marius BALTEANU, 2017-06-16 00:13


Related issues

Related to Redmine - Feature #867: Want more wiki link types Closed 2008-03-15
Related to Redmine - Feature #5228: Users are just numbers New 2010-03-31
Related to Redmine - Feature #13919: Mention user on comment/description using @user with auto... New
Related to Redmine - Feature #26127: Display user logins on profiles New
Related to Redmine - Patch #26188: Documentation (detailed syntax help & code) additions/imp... New
Duplicated by Redmine - Patch #6690: Redmine link to user profile Closed 2010-10-18

Associated revisions

Revision 16636
Added by Jean-Philippe Lang 16 days ago

Link to user in wiki syntax (#4179).

Patch by Marius BALTEANU.

Revision 16638
Added by Jean-Philippe Lang 16 days ago

Fixes wrong condition (#4179).

Revision 16671
Added by Jean-Philippe Lang 6 days ago

Link to user by id (#4179).

Patch by Marius BALTEANU.

History

#1 Updated by Victor Dulepov over 7 years ago

My vote goes for this feature. Got used to that in Confluence...

#2 Updated by Angelo Quaglia over 7 years ago

It would be very useful, I agree.

#3 Updated by Dominic Clifton over 6 years ago

+1

#4 Updated by Roman Surikov about 6 years ago

+1

#6 Updated by Jonathan East over 5 years ago

+1

#7 Updated by Dongju Kim over 5 years ago

+1

#8 Updated by Ming-Chin Chen over 5 years ago

+1

#9 Updated by Denny Schäfer over 5 years ago

+1

#10 Updated by Namho Kim over 5 years ago

+1

#14 Updated by Rainer Putzinger almost 5 years ago

+1

#15 Updated by José Campos almost 5 years ago

+1

#17 Updated by Andriy Lesyuk over 4 years ago

Just wanted to let you know, that it has been implemented in WikiNG...

#18 Updated by Thomas Robbs over 4 years ago

+1

#19 Updated by Mischa The Evil over 4 years ago

  • Target version set to Unplanned

#20 Updated by Diego Antunes about 4 years ago

+1, but please check this link http://www.redmine.org/issues/13919

#21 Updated by Mariusz Dalewski about 4 years ago

+1

#22 Updated by Jaroslav Povolný about 4 years ago

My +1 here. The most nice would be to use twitter-like annotation: @felix

#23 Updated by Julien Huang almost 4 years ago

+1 for Twitter-like user-mention (see also #13919)

Also, this feature raises the issue about notification when a user is mentioned in an issue/wiki page/commit msg...

#24 Updated by Toshi MARUYAMA almost 4 years ago

  • Duplicated by deleted (Patch #6690: Redmine link to user profile)

#25 Updated by Toshi MARUYAMA almost 4 years ago

  • Related to Patch #6690: Redmine link to user profile added

#26 Updated by Hugo da Silva da Silva over 3 years ago

+1
This would be very useful for me too. It would be nice if I could create the RACI Matrix and reference eache person by their own users page.

#28 Updated by Lucky Boy about 3 years ago

+1

#29 Updated by Jaromír Rys about 3 years ago

+1

#30 Updated by Kevin Palm about 3 years ago

+1

#31 Updated by Jurgen Reniers over 2 years ago

+1

#32 Updated by Stephane Lapie over 2 years ago

+1

#33 Updated by Dmitry Rizhikov over 2 years ago

+1

#34 Updated by Moisés Bites over 2 years ago

+1

#35 Updated by Michal Kowalski about 2 years ago

+1

#36 Updated by John Wang over 1 year ago

+1

#37 Updated by Wolfi F. over 1 year ago

+1

#38 Updated by Matthias Pohl 9 months ago

+1

#39 Updated by Toshi MARUYAMA 9 months ago

  • Category changed from Wiki to Text formatting

#40 Updated by Jonatã Bolzan Loss 6 months ago

+1

#41 Updated by Marius BALTEANU about 1 month ago

I've attached a patch that adds two syntaxes for user links:
user:marius.balteanu
@marius.balteanu
Users privacy is checked by this patch.

Regarding the proposed syntax with id (user:107353), even if it's easy to be added, I think that it is not worth it because is hard to retain the ids. For example, I don't know my user id from the instance that I administrate for more than 3 years.

Even if the syntax with @ required some changes in the wiki formatting (to support logins name with @), I really think that is it important to have it because the syntax "@user" is very well known and used by many applications (like: Github, Gitlab, etc).

This is another top voted feature, maybe we can include this in 3.4.0 in order to work at the mention feature (#13919) in 3.5.0. These 2 features will improve the collaboration level.

#42 Updated by Go MAEDA about 1 month ago

Marius BALTEANU, thank you for the patch. I really want this feature.

But I am not certain about whether the proposed implementation is proper or not because User#login is treated as secret information in the current implementation of Redmine. Please see source:trunk/app/views/users/show.html.erb@16464#L9. Only admin can see User#login.

#43 Updated by Marius BALTEANU about 1 month ago

Unfortunately, I don't see to many alternatives for the implementation:
  1. First Name and Last Name cannot be used, it is hard to find a user after these properties and also, they are not unique.
  2. ID could be a solution, but without an autocomplete feature to search users like in the watchers modals it'll be hard to find their ids. Also, I find it quite strange to see "user:107353" in texts comments/wikis.
  3. Email addresses, but the users have the option to hide this attribute.

From my point of view, User#login is the best solution and I do not see to many disadvantages because:
- in many companies, you can easily guess the login name of your colleagues because they have the same format
- comparing with the Last Name, First Name or the email addresses, it is less considered personal data.
Of course, if you get the login name of another user, you can try some brute force to login with his user, but this "security" issue can be prevented using a mechanism like Captcha.

@Go Maeda, how do you see this implementation? I'm open to create a patch only with "user:id", but I want some feedback before. In this note (#6690#note-2), Jean-Philippe Lang said only about the user.visible? check that wasn't implemented in the respective patch.

#44 Updated by Go MAEDA about 1 month ago

  • Target version changed from Unplanned to Candidate for next major release

Marius BALTEANU wrote:

@Go Maeda, how do you see this implementation? I'm open to create a patch only with "user:id", but I want some feedback before. In this note (#6690#note-2), Jean-Philippe Lang said only about the user.visible? check that wasn't implemented in the respective patch.

I prefer using User#login as you suggested but it violates current design.
I think we should change current design of Redmine. That is, Stop handling user#login as secret information. Personally I don't think User#login as confidential. Many services treats user id as public.

#45 Updated by Marius BALTEANU about 1 month ago

Go MAEDA wrote:

I prefer using User#login as you suggested but it violates current design.
I think we should change current design of Redmine. That is, Stop handling user#login as secret information. Personally I don't think User#login as confidential. Many services treats user id as public.

Totally agree. I'm going to update the patch this weekend and after that, we'll see what Jean-Philippe Lang says about this change.

#46 Updated by Jan from Planio www.plan.io about 1 month ago

I think it's fine to not hide login names. I would think that users don't expect logins to be secret/personal today. And I also like the feature ;-)

#47 Updated by Marius BALTEANU about 1 month ago

  • File 4179_show_login_attribute_in_user_page.patch added

Thanks Go MAEDA and Jan for your feedback. I've attached a new patch that shows the login attribute in user page also for non admin users.

If the patch will be accepted, we can implement also #5228.

#48 Updated by Marius BALTEANU about 1 month ago

Attached the correct one. Please remove attachment:4179_show_login_attribute_in_user_page.patch.

#49 Updated by Jan from Planio www.plan.io about 1 month ago

  • File deleted (4179_show_login_attribute_in_user_page.patch)

#50 Updated by Go MAEDA about 1 month ago

Marius BALTEANU wrote:

Thanks Go MAEDA and Jan for your feedback. I've attached a new patch that shows the login attribute in user page also for non admin users.

Thanks for working on this. I found that we also have to change the behavior of API.

diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb
index e4c49f9b8..e711bc482 100644
--- a/app/views/users/show.api.rsb
+++ b/app/views/users/show.api.rsb
@@ -1,6 +1,6 @@
 api.user do
   api.id         @user.id
-  api.login      @user.login if User.current.admin? || (User.current == @user)
+  api.login      @user.login
   api.firstname  @user.firstname
   api.lastname   @user.lastname
   api.mail       @user.mail if User.current.admin? || !@user.pref.hide_mail

#51 Updated by Marius BALTEANU about 1 month ago

Indeed. Thanks for pointing this out.

Updated the patch to include this change and also to fix the tests.

#52 Updated by Go MAEDA about 1 month ago

  • Target version changed from Candidate for next major release to 3.4.0

This issue has many "+1"s and watchers. Many people want this feature.
I am setting target version to 3.4.0.

#53 Updated by Mischa The Evil 21 days ago

Marius BALTEANU wrote:

Regarding the proposed syntax with id (user:107353), even if it's easy to be added, I think that it is not worth it because is hard to retain the ids. For example, I don't know my user id from the instance that I administrate for more than 3 years.

I agree that an implementation based on User#login is ok1, but I also like to second the above quote, for two reasons:
  1. many people (including myself) do rely on the usage of user ids (they are easily retrievable — also for non-admins — by looking at the target of the linked [to users profile] username)
  2. it would make it more consistent with the existing Redmine links which all accept an id variant

1 I do however see the issue that with opening up the users' login, we make it easier for bad adversaries to bruteforce user account passwords. This might be considered a blocker for some users...

#54 Updated by Marius BALTEANU 16 days ago

Thanks for you feedback.

Mischa The Evil wrote:

I agree that an implementation based on User#login is ok1, but I also like to second the above quote, for two reasons:
  1. many people (including myself) do rely on the usage of user ids (they are easily retrievable — also for non-admins — by looking at the target of the linked [to users profile] username)
  2. it would make it more consistent with the existing Redmine links which all accept an id variant

We can do it, I'll add a new patch soon to add the functionality also for ids.

1 I do however see the issue that with opening up the users' login, we make it easier for bad adversaries to bruteforce user account passwords. This might be considered a blocker for some users...

Agree with you, but the solution for this problem is not to hide the login names (which are easily to guess in many companies), but to use a mechanism like Captcha (see my note #4179#note-43) which could be very useful on this site too.

#55 Updated by Jean-Philippe Lang 16 days ago

  • Subject changed from Link to user in wiki syntax. to Link to user in wiki syntax
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

The patch that adds support for links to user is committed, thanks.

But I prefer to postpone the display of user logins on profiles until we get more feedback. Those who are fine with this can still use logins as display names right now.

#56 Updated by Marius BALTEANU 15 days ago

@Jean-Philippe Lang, thanks for committing this patch.

@Mischa The Evil, I've attached the patch that adds support also for user:id (user:1).

#57 Updated by André Lozovey 15 days ago

In my company we have firstname.lastname as a default for user logins. Nevertheless, we have a wiki page that lists all logins so we can mention them if anyone forgets anything.
As you can see, we don't think displaying user logins is such a problem. I understand it could be a security issue, but I'm not worried about that. We encourage people to change passwords every now and then.

Jean-Philippe Lang wrote:

The patch that adds support for links to user is committed, thanks.

But I prefer to postpone the display of user logins on profiles until we get more feedback. Those who are fine with this can still use logins as display names right now.

#58 Updated by Mischa The Evil 14 days ago

  • Related to deleted (Patch #6690: Redmine link to user profile)

#59 Updated by Mischa The Evil 14 days ago

  • Duplicated by Patch #6690: Redmine link to user profile added

#60 Updated by Mischa The Evil 14 days ago

Jean-Philippe Lang wrote:

The patch that adds support for links to user is committed, thanks.

I'm glad to see this integrated. However, the current implementation is practically useless to all sites that use a user format (display name) other than the one consisting of the user login, as (regular) users won't be able to retrieve the user logins under such circumstances. This can be prevented by also adding support for a numerical variant of the link (user:id or more preferable user#id) like eg. provided by Marius' additional patch attached in note-56. Would you please consider that for inclusion into 3.4.0?

Jean-Philippe Lang wrote:

But I prefer to postpone the display of user logins on profiles until we get more feedback. [...]

I have opened #26127 to track that specific proposal.

#61 Updated by Mischa The Evil 14 days ago

Marius BALTEANU wrote:

@Mischa The Evil, I've attached the patch that adds support also for user:id (user:1).

Thanks. I've had a look at it and it seems okay. One note though: all link keywords that take a numerical id are using # as the separator whereas the ones that take a name, instead use the : separator. With your patch (as also proposed by the OP of this issue) we diverge from this convention. Maybe it's better to use user#id along with user:login and @login. What do you think?

#62 Updated by Mischa The Evil 14 days ago

#63 Updated by Mischa The Evil 8 days ago

  • Status changed from Closed to Reopened

Reopened in light of note-60.

#64 Updated by Marius BALTEANU 8 days ago

Mischa The Evil wrote:

Thanks. I've had a look at it and it seems okay. One note though: all link keywords that take a numerical id are using # as the separator whereas the ones that take a name, instead use the : separator. With your patch (as also proposed by the OP of this issue) we diverge from this convention. Maybe it's better to use user#id along with user:login and @login. What do you think?

I agree with you, I'll update the patch to use the # as separator.

#65 Updated by Marius BALTEANU 7 days ago

Here it is.

#66 Updated by Mischa The Evil 7 days ago

Marius BALTEANU wrote:

Here it is.

Nice. LGTM! Thanks for working on this.

@Jean-Philippe: I think that this issue would be completely implemented for 3.4.0 when note-65 (instead of note-56) patch gets integrated along with r16636 and r16638. Please consider the integration of this last patch.

#67 Updated by Jean-Philippe Lang 6 days ago

  • Status changed from Reopened to Closed

Thanks.

#68 Updated by Mischa The Evil 5 days ago

  • Related to Patch #26188: Documentation (detailed syntax help & code) additions/improvements added

Also available in: Atom PDF