Uploaded image for project: 'VCL'
  1. VCL
  2. VCL-908

Image owner string is not validated when creating a new image



    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.4.2
    • 2.5
    • web gui (frontend)
    • None


      This issue came up in this thread on the dev list. I have not verified this myself, but apparently a user creating a new image can enter a string in the image owner field which doesn't match an existing user.unityid value. This could potentially be dangerous but also causes the image capture initiation to fail. The INSERT query in the web code fails because image.ownerid is NULL.

      I don't see much of a need to have this field displayed when capturing a new image. Image owners do need to be changed on rare occasion, however, why would someone want to change it before it is captured? The person capturing it would usually test the image after a successful capture. What happens if someone changes the owner but accidentally enters the wrong user.unityid value? Could the first user lock himself out of controlling the image after it is captured?

      Another issue... if someone changes the owner to another valid user, the other user (new owner) would not receive any capture successful/delayed messages. These are only sent to the image capture request user (request.userid).

      I propose removing the owner field for new image captures. The field should still be available from Manage Images --> Edit Image Profiles but this field should always be validated. Long term, we should think about separating the action of changing an image owner from Edit Image Profiles. Perhaps a specific action could be added similar to the new Edit Computer Profiles actions.




            Unassigned Unassigned
            arkurth Andrew Kurth
            0 Vote for this issue
            2 Start watching this issue