search

openstreetmap / openstreetmap-website

The Rails application that powers OpenStreetMap
https://www.openstreetmap.org/
GNU General Public License v2.0
2.17k stars 910 forks source link

buttons on userpages visible after logging out #5199

Closed maro-21 closed 2 weeks ago

maro-21 commented 2 weeks ago

On a userpage https://www.openstreetmap.org/user/test?locale=en we have buttons like Send Message | Add Friend | Report this User | Mute this User and on the same userpage after logging out from above ones we can't see Report this User and Mute this User anymore but we still can see Send Message and Add Friend.

I think these two actions shouldn't be visible either, because they require logging in.

What do you think?

AntonKhorev commented 2 weeks ago

4920 proposes to split this link/button list into actions and non-actions. Then maybe we can show only non-actions for non-logged users.

tomhughes commented 2 weeks ago

Is there a good reason now to show them? if you use them then you're prompted to login and then you can continue?

mmd-osm commented 2 weeks ago

[...] actions shouldn't be visible either, because they require logging in.

I don't think this will work in the long run. Once we start working on GDPR recommendations, you would have to essentially remove nearly all the links there. The requirement to log in shouldn't determine if a link is shown or not.

AntonKhorev commented 2 weeks ago

Some of the actions depend on your account state. For example, friend/unfriend depends on if you're already friends with the user, which is impossible to know when not logged in. In this case you can see a link to befriend your own account too, which you'll be able to do after logging in. Undoing that would require gping to the dashboard.

nenad-vujicic commented 2 weeks ago

[...] actions shouldn't be visible either, because they require logging in.

I don't think this will work in the long run. Once we start working on GDPR recommendations, you would have to essentially remove nearly all the links there. The requirement to log in shouldn't determine if a link is shown or not.

I think the logic behind this issue is "if you removed Report / Mute, remove them all (Send Message, Add Friend / Unfriend), i.e. this looks unfinished, complete it".

tomhughes commented 2 weeks ago

Did we actually remove report and mute? or were they just never enabled for non-logged in users?

The point about friend/unfriend needing to know state is very valid though.

nenad-vujicic commented 2 weeks ago

Did we actually remove report and mute? or were they just never enabled for non-logged in users?

The point about friend/unfriend needing to know state is very valid though.

The report feature was added in commit bdc6add for both logged-in and not-logged-in users. Later, it was restricted to display only for logged-in users.

The mute feature was added in commit efc61f1 for logged-in users only.

tomhughes commented 2 weeks ago

It was 206e1309a95b498a220d8de6cf4ed5970ebd6778 in #1576 that hid report for non-logged in users and it's not clear what the reason was though I haven't tried to read the entire PR thread...