I just came across this on my site - it is indeed possible to create a group with the same name as an existing username. Chaos ensues.
(Actually, not sure about the chaos - we had this situation for months before I noticed it today)
I just came across this on my site - it is indeed possible to create a group with the same name as an existing username. Chaos ensues.
(Actually, not sure about the chaos - we had this situation for months before I noticed it today)
I think the reverse is also true, @tgxworld can you add this to your list, we definitely want to sort it out so usernames and groups can never share the same name.
I’ve added the missing server side validations for now in
https://github.com/discourse/discourse/commit/221503cd10d1421f1a0e02931c034d6cd468e57c
@sam I’m unsure about how we should proceed here with regards to the database constraints though, do you think it is worth extracting User#username
and Group#name
into a separate table? Those two columns are used frequently so having to join on another table might be expensive. Instead of splitting into another table, I was thinking of treating Group#name
as having a lower priority than User#username
. We’ll just run a periodic job that ensures that no group names would clash with a user. If someone manages to sneak a group named
test
past our server side validations when a user test
already exists, the job would just rename the group to test1
.
3 posts were split to a new topic: Add support for Groups and Usernames that completely overlap
I am assuming this is now sorted, so I am closing it.