Feature Proposal: Allow USERINFO macro to display users that are not view restricted
Motivation
Currently USERINFO is all or nothing. If
$Foswiki::cfg{AntiSpam}{HideUserDetails}
is enabled, then the USERINFO macro hides the existence of the user, not just the details. This greatly restricts the usefulness of autocomplete of the users in the Group UI.
Description and Documentation
Allow USERINFO to reveal the existence of a user, provided that:
- The user topic exists in the Main web
- The current user has view authority for that topic.
If SEARCH can reveal that the user exists, there is no reason for USERINFO to filter the user.
This would greatly improve the utility of the Group UI. And it would still prevent "fishing" for Users by passing random user names to the USERINFO macro.
Examples
Impact
Implementation
The following diff implements the changes. The unit tests still pass with this change applied, so additional tests are required to verify the change.
diff --git a/core/lib/Foswiki/Macros/USERINFO.pm b/core/lib/Foswiki/Macros/USERINFO.pm
index 66576ba..e4e8078 100644
--- a/core/lib/Foswiki/Macros/USERINFO.pm
+++ b/core/lib/Foswiki/Macros/USERINFO.pm
@@ -7,6 +7,7 @@ use warnings;
sub USERINFO {
my ( $this, $params ) = @_;
my $format = $params->{format} || '$username, $wikiusername, $emails';
+ my $info = $format;
my $user = $this->{user};
@@ -17,16 +18,34 @@ sub USERINFO {
# map wikiname to a login name
$user = $this->{users}->getCanonicalUserID($user);
return '' unless $user;
- return ''
- if ( $Foswiki::cfg{AntiSpam}{HideUserDetails}
+
+ if ( $Foswiki::cfg{AntiSpam}{HideUserDetails}
&& !$this->{users}->isAdmin( $this->{user} )
- && $user ne $this->{user} );
+ && $user ne $this->{user} )
+ {
+
+ my $wikiname = $this->{users}->getWikiName($user);
+ return ''
+ unless (
+ Foswiki::Func::topicExists( $Foswiki::cfg{UsersWebName},
+ $wikiname )
+ && Foswiki::Func::checkAccessPermission(
+ 'VIEW', $this->{user}, '', $wikiname,
+ $Foswiki::cfg{UsersWebName}
+ )
+ );
+
+ # Reveal very limited user information
+ $info =~ s/\$username//g;
+ $info =~ s/\$emails//g;
+ $info =~ s/\$groups//g;
+ $info =~ s/\$cUID//g;
+ $info =~ s/\$admin//g;
+ }
}
return '' unless $user;
- my $info = $format;
-
if ( $info =~ /\$username/ ) {
my $username = $this->{users}->getLoginName($user);
$username = 'unknown' unless defined $username;
--
Contributors: GeorgeClark - 12 Dec 2011
Discussion
Rather than stopping the clock on this just yet, are there other user attributes that should be considered for "revelation" in the USERINFO macro. or should this be Yet Another Configure Parameter. For example, the following would be equivalent to the current behavior.
{AntiSpam}{UserDetailFilter} = (wikiname|username|emails|groups|cUID|admin);
Allowing wikiname would let the User selection dropdown work. This way a site could choose exactly which fields can be revealed to guests. Consistent with the above patch, we could omit wikiname by default.
--
GeorgeClark - 29 Dec 2011
Is it a safe assumption that any "logged in" user except WikiGuest can get all user information? Or in enterprises are there cases where information should be hidden.
--
GeorgeClark - 01 Jan 2012
It is a safe assumption that in enterprise intranets there
aren't any non-authenticated users. That's why
$Foswiki::cfg{AntiSpam}{HideUserDetails}
is set to zero in 99.99% of these kind of installs. People need each other's email address, telephone numbers etc to work together.
--
MichaelDaum - 02 Jan 2012