Feature Proposal: Allow USERINFO macro to display users that are not view restricted

Motivation

Currently USERINFO is all or nothing. If $Foswiki::cfg{AntiSpam}{HideUserDetails} is enabled, then the USERINFO macro hides the existence of the user, not just the details. This greatly restricts the usefulness of autocomplete of the users in the Group UI.

Description and Documentation

Allow USERINFO to reveal the existence of a user, provided that:

• The user topic exists in the Main web
• The current user has view authority for that topic.

If SEARCH can reveal that the user exists, there is no reason for USERINFO to filter the user.

This would greatly improve the utility of the Group UI. And it would still prevent "fishing" for Users by passing random user names to the USERINFO macro.

Examples

Impact

WhatDoesItAffect:

%WHATDOESITAFFECT%

edit

Implementation

The following diff implements the changes. The unit tests still pass with this change applied, so additional tests are required to verify the change.

diff --git a/core/lib/Foswiki/Macros/USERINFO.pm b/core/lib/Foswiki/Macros/USERINFO.pm
index 66576ba..e4e8078 100644
--- a/core/lib/Foswiki/Macros/USERINFO.pm
+++ b/core/lib/Foswiki/Macros/USERINFO.pm
@@ -7,6 +7,7 @@ use warnings;
 sub USERINFO {
     my ( $this, $params ) = @_;
     my $format = $params->{format} || '$username, $wikiusername, $emails';
+    my $info = $format;
 
     my $user = $this->{user};
 
@@ -17,16 +18,34 @@ sub USERINFO {
         # map wikiname to a login name
         $user = $this->{users}->getCanonicalUserID($user);
         return '' unless $user;
-        return ''
-          if ( $Foswiki::cfg{AntiSpam}{HideUserDetails}
+
+        if (   $Foswiki::cfg{AntiSpam}{HideUserDetails}
             && !$this->{users}->isAdmin( $this->{user} )
-            && $user ne $this->{user} );
+            && $user ne $this->{user} )
+        {
+
+            my $wikiname = $this->{users}->getWikiName($user);
+            return ''
+              unless (
+                Foswiki::Func::topicExists( $Foswiki::cfg{UsersWebName},
+                    $wikiname )
+                && Foswiki::Func::checkAccessPermission(
+                    'VIEW', $this->{user}, '', $wikiname,
+                    $Foswiki::cfg{UsersWebName}
+                )
+              );
+
+            # Reveal very limited user information
+            $info =~ s/\$username//g;
+            $info =~ s/\$emails//g;
+            $info =~ s/\$groups//g;
+            $info =~ s/\$cUID//g;
+            $info =~ s/\$admin//g;
+        }
     }
 
     return '' unless $user;
 
-    my $info = $format;
-
     if ( $info =~ /\$username/ ) {
         my $username = $this->{users}->getLoginName($user);
         $username = 'unknown' unless defined $username;

-- Contributors: GeorgeClark - 12 Dec 2011

Discussion

Rather than stopping the clock on this just yet, are there other user attributes that should be considered for "revelation" in the USERINFO macro. or should this be Yet Another Configure Parameter. For example, the following would be equivalent to the current behavior. {AntiSpam}{UserDetailFilter} = (wikiname|username|emails|groups|cUID|admin); Allowing wikiname would let the User selection dropdown work. This way a site could choose exactly which fields can be revealed to guests. Consistent with the above patch, we could omit wikiname by default.

-- GeorgeClark - 29 Dec 2011

Is it a safe assumption that any "logged in" user except WikiGuest can get all user information? Or in enterprises are there cases where information should be hidden.

-- GeorgeClark - 01 Jan 2012

It is a safe assumption that in enterprise intranets there aren't any non-authenticated users. That's why $Foswiki::cfg{AntiSpam}{HideUserDetails} is set to zero in 99.99% of these kind of installs. People need each other's email address, telephone numbers etc to work together.

-- MichaelDaum - 02 Jan 2012

Commenting is disabled while not logged in