Plots2: Username should be non editable

Oops, great, thanks!!! And is it blocked in the controller too?

On Sun, Dec 23, 2018, 5:44 AM Sidharth Bansal <[email protected]
wrote:

Closed #4367 https://github.com/publiclab/plots2/issues/4367 via #4363
https://github.com/publiclab/plots2/pull/4363.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/publiclab/plots2/issues/4367#event-2042420064, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AABfJ6bAXgqEtidfdiZLzp5k91u0FLmVks5u715QgaJpZM4ZfyjO
.

Right now just in the view.

We should make it non editable at database level too. @kunalvaswani123 are you willing to send patch for this too?

Thanks @jywarren for input. I hope you are enjoying at the mountains. We are taking care of reviewing tasks in your absence.
Have a great wonderful journey

We should make it non editable at database level too. @kunalvaswani123 are you willing to send patch for this too?

I am not sure about keeping database columns readonly but I'll try.

We are there to help. You try your level best. If you need help. Ping us

On Sun, Dec 23, 2018, 9:08 PM Kunal Vaswani <[email protected] wrote:

We should make it non editable at database level too. @kunalvaswani123
https://github.com/kunalvaswani123 are you willing to send patch for
this too?

I am not sure about keeping database columns readonly but I'll try.

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
https://github.com/publiclab/plots2/issues/4367#issuecomment-449644265,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AUACQzpG46WjEjKLIwOeFfgOXWWZNhuqks5u76OJgaJpZM4ZfyjO
.

@SidharthBansal thank you! I believe we can just look at the users_controller.rb file and ensure that we are not accepting the username as modifiable. We could potentially add a functional test to ensure this.

Aside from directly assigning it, the only place this could happen is in mass assignment of parameters, which I'm not even sure Rails allows anymore. Thanks!

@jywarren I agree a simple check in user_params that current username is equal to previous .. I'll send a patch for this after my https://github.com/publiclab/plots2/pull/4386 is merged since I have made some changes for update action in that thus to avoid conflicts

This issue is assigned to @kunalvaswani123.

@kunalvaswani123 you can work on atmost 3 issues at a time. Obviously there are lot of conflicts. We will resolve it before the merges. Don't get afraid of the conflicts. We are here to help you with the conflicts.

Sorry @SidharthBansal I didn't know about it .. I'll start working on this issue..

@kunalvaswani123 how is it going here? Can you please link the PR.

@SidharthBansal I was busy with https://github.com/publiclab/plots2/pull/4568 and my college assignments so didn't start here ..
I have to do this right:

@jywarren I agree a simple check in user_params that current username is equal to previous .. I'll send a patch for this after my #4386 is merged since I have made some changes for update action in that thus to avoid conflicts

I could quickly create a PR for this .. Sorry for the delays..

@SidharthBansal I have linked the PR..