[
https://issues.apache.org/jira/browse/VCL-908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Thompson resolved VCL-908.
-------------------------------
Resolution: Fixed
Fix Version/s: 2.5
The owner field was being validated in most cases already, this was a corner
case.
It would be unusual to have a case where someone needed to set the owner to
someone else while initially creating an image, but given that this was a rare
corner case, I decided just to fix the issue rather than change functionality.
> Image owner string is not validated when creating a new image
> -------------------------------------------------------------
>
> Key: VCL-908
> URL: https://issues.apache.org/jira/browse/VCL-908
> Project: VCL
> Issue Type: Bug
> Components: web gui (frontend)
> Affects Versions: 2.4.2
> Reporter: Andy Kurth
> Fix For: 2.5
>
>
> This issue came up in this
> [thread|http://markmail.org/message/bugb4fobnafvpxe7] on the dev list. I
> have not verified this myself, but apparently a user creating a new image can
> enter a string in the image owner field which doesn't match an existing
> _user.unityid_ value. This could potentially be dangerous but also causes
> the image capture initiation to fail. The _INSERT_ query in the web code
> fails because _image.ownerid_ is NULL.
> I don't see much of a need to have this field displayed when capturing a new
> image. Image owners do need to be changed on rare occasion, however, why
> would someone want to change it before it is captured? The person capturing
> it would usually test the image after a successful capture. What happens if
> someone changes the owner but accidentally enters the wrong _user.unityid_
> value? Could the first user lock himself out of controlling the image after
> it is captured?
> Another issue... if someone changes the owner to another valid user, the
> other user (new owner) would not receive any capture successful/delayed
> messages. These are only sent to the image capture request user
> (_request.userid_).
> I propose removing the owner field for new image captures. The field should
> still be available from _Manage Images_ --> _Edit Image Profiles_ but this
> field should always be validated. Long term, we should think about
> separating the action of changing an image owner from _Edit Image Profiles_.
> Perhaps a specific action could be added similar to the new _Edit Computer
> Profiles_ actions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
