Visiting another persons profile lists your own spaces and work items, but not accounts #1340
Comments
|
Also, when viewing your profile with spaces, workitems and accounts. Perhaps a link to manage/create new in each section would be good. |
|
@catrobson we need to work out the right flow and access here. |
|
@mindreeper2420 please look at this as soon as possible. We need to determine if there should be the same view for my profile vs. me viewing someone else's profile - or if there is a different view that I get as a viewer. |
|
Currently, viewing a user's profile is no different than viewing their own. There is definitely a problem with the fact that the system cannot keep track of whether you are looking at your profile or some else's. We should have different views depending on whether you are viewing your own profile or someone else's. There should also be checks in place to prevent anyone from erasing another user's environment (like what @Rydekull found and what I have verified - I can erase your environment). @dgutride @dlabrecq is there anything in the routing that would be getting confused/lost during all of this? I believe that buttons like 'Update Profile' and URLs can be hidden, depending on recognition of the logged in user? |
|
To be clear. You should not be able to erase another user's environment. Even if you see this option in UI it should not work. Can you confirm that if you click on that "erase environment" button it actually erases the env? |
|
@alexeykazakov I'm not sure I want to try this, just in case it does work :-) Is there a 'donor' account that we can try it on? |
|
Fill free to try to nuke mine openshift.io/alkazako :) |
|
The UI didn't allow me to erase your env |
|
well... I wouldn't say that. It was partially successful to me.
Also worth noting, suddenly I see a "Log in" button in top right, I was logged in before the reset. |
UI is not correct here. That request did nothing to my account. |
|
And it actually was the reason why you were forced to logout. UI caught 401 and logged-out. So, there are a several major UX/UI issues in that flow. But at least we don't have security issue with allowing nuking another user's accounts in that page. |
|
Well, that's good news :-) |
|
The Spaces are now correctly listed, but the work item list is still wrong (e.g., the space selection drop-down is a list of my spaces). We probably shouldn't even be displaying the work items. UXD has an Epic to clean up the UI. |
|
The profile page has been redesigned and the work item and space widgets look to behave correctly. As well, editing the profile is no longer an available option. Closing this issue. |
When you visit someone elses profile. You'll see the following widgets:
My spaces
This widget loads the most recent state of "loaded" spaces into the browser. If you go to someones profile, hit ctrl+shift+r, load someone elses profile, you'll see the spaces of the previous person.
My work items
Always displays your own items, regardless who's profile you are watching
My connected accounts
Shows their OpenShift account-name (probably not a good idea) and what accounts they have connected with in general.
The update profile button
Also, you can click for example "update profile" when you are visiting someone else's profile, and it'll bring you to an update page where the URL lists their username, but you are seeing your own details.
But, when you are there, you can click "reset environment" which will once again list their information, not yours. Potentially this could reset someone elses environment, havnt tested that part yet :-)
Parent Epic
The text was updated successfully, but these errors were encountered: