Context Navigation

Modify ↓

#6748 closed defect (fixed)

Some missing e-mail obfuscation in reports and query

Reported by:	osimons	Owned by:	osimons
Priority:	normal	Milestone:	0.11
Component:	ticket system	Version:	devel
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Following on from #153.

In query: If owner is an e-mail, it gets correctly obfuscated in the table. However, if you group by owner, the e-mail is displayed in full.

In reports: Testing the standard reports, I can't see that owner gets obfuscated at all?

Attachments (0)

Change History (4)

comment:1 by osimons, 16 years ago

Owner:	changed from Christian Boos to osimons
Status:	new → assigned

Fix for the query committed as [6499].

I'll look into the reports now.

comment:2 by osimons, 16 years ago

Onto reports. By it's nature it makes assertion of specific field names quite uncertain as it is all up to the query and how it is formed. Only for default queries can we be (quite) certain.

Un-noticed by me the first time, we already obfuscate 'cc' and 'reporter' fields. The following patch adds 'owner' to that list, but in reports 'group by' is implemented as field __group__ ( for instance owner as __group__) so when it arrives it is next to impossible without parsing the query to actually know what field it represents. My patch simply checks them all for email, and hopefully with the help of #6609 it may be quite accurate? We don't know if the field will be one word or several, or how the content is actually made up, but as far as I can see it is the best we can do.

trac/ticket/report.py

                     # Detect and create new group
                     if col == '__group__' and value != prev_group_value:
                         prev_group_value = value
+                        row_groups.append((value, []))
+                        # Brute force handling of email in group by header
+                        row_groups.append(
+                            (Chrome(self.env).format_author(req, value), []) )
                     # Other row properties
                     row['__idx__'] = row_idx
                     if col in ('__style__', '__color__',
 …
                         row['id'] = value
                     # Special casing based on column name
                     col = col.strip('_')
                     if col in ('reporter', 'cc'):
+                    if col in ('reporter', 'cc', 'owner'):
                         email_cells.append(cell)
                     elif col == 'realm':
                         realm = value

I haven't committed yet due to the 'brute' approach. Is it good enough?

comment:3 by Christian Boos, 16 years ago

Another approach would be to make the obfuscation explicit, by introducing another keyword (e.g. __email_group__). But that may be overkill and I think why you did is OK.

comment:4 by osimons, 16 years ago

Resolution:	→ fixed
Status:	assigned → closed

Query and Reports patches committed as [6499:6500], and that should be it for this ticket. Closing.

Modify Ticket

Change Properties

Summary:
Description:	Following on from #153. In query: If owner is an e-mail, it gets correctly obfuscated in the table. However, if you group by owner, the e-mail is displayed in full. In reports: Testing the standard reports, I can't see that owner gets obfuscated at all? You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain osimons.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from osimons to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: