Groups can be given same name as existing username

I just came across this on my site - it is indeed possible to create a group with the same name as an existing username. Chaos ensues.

(Actually, not sure about the chaos - we had this situation for months before I noticed it today)


I think the reverse is also true, @tgxworld can you add this to your list, we definitely want to sort it out so usernames and groups can never share the same name.


I’ve added the missing server side validations for now in

@sam I’m unsure about how we should proceed here with regards to the database constraints though, do you think it is worth extracting User#username and Group#name into a separate table? Those two columns are used frequently so having to join on another table might be expensive. Instead of splitting into another table, I was thinking of treating Group#name as having a lower priority than User#username. We’ll just run a periodic job that ensures that no group names would clash with a user. If someone manages to sneak a group named
test past our server side validations when a user test already exists, the job would just rename the group to test1.


3 posts were split to a new topic: Add support for Groups and Usernames that completely overlap

I am assuming this is now sorted, so I am closing it.