Description to follow...

Logged In: NO 

I have a roundup instance (roundup-0.8.4) which seems to
have several users registered with the same username.

I have username set as a key on the user class, like:

user = Class(db, "user",
                username=String(),
                password=Password(),
                address=String(),
                realname=String(),
                phone=String(),
                organisation=String(),
                alternate_addresses=String(),
                queries=Multilink('query'),
                roles=String(),     # comma-separated string
of Role names
                timezone=String())
user.setkey("username")

But when I use the following command line command, it shows
some duplicate users :

% roundup-admin -i /home/roundup/trackers/support list user

...
4720: zagar001
4721: zagar001
4722: Rod_Landis
4723: lars
4724: lars
4725: tiner
4726: akibal
4727: akibal
4728: jlesueur
4729: jlesueur
4731: jlesueur
4732: jlesueur
4733: jlesueur
4730: jlesueur
4734: jlesueur
4735: gerda
4736: gerda
4737: elqaya
4738: bdunkel
4739: mary.kalantizs
...

Inspecting the Postgres _user table I see that there is no
unique key requirement of the username field:

roundup=> \d _user
                      Table "public._user"
        Column        |            Type             | Modifiers 
----------------------+-----------------------------+-----------
 _activity            | timestamp without time zone | 
 _actor               | integer                     | 
 _address             | text                        | 
 _alternate_addresses | text                        | 
 _creation            | timestamp without time zone | 
 _creator             | integer                     | 
 _organisation        | text                        | 
 _password            | character varying(255)      | 
 _phone               | text                        | 
 _realname            | text                        | 
 _roles               | text                        | 
 _timezone            | text                        | 
 _username            | text                        | 
 id                   | integer                     | not null
 __retired__          | integer                     | default 0
Indexes:
    "_user_pkey" primary key, btree (id)
    "_user_retired_idx" btree (__retired__)
    "_user_username_idx" btree (_username)

Would you consider enforcing unique keys at the database
level (or at least for all the backends which will support
uniqueness)?

Many thanks for the roundup software!

Gus Gollings

Unfortunately, I don't think we can actually make them UNIQUE on the backend. The following is valid in the hyperdb:

Make an object A with key "foo".
Retire object A.
Make an object B with key "foo".

If we enforced UNIQUE-ness at the SQL level this would fail because there would be two keys "foo".

That said, the hyperdb is supposed to enforce its own notion of uniqueness. A quick code inspection shows the create_inner for the backends check to see if the key is in use and raises an exception if you try to create a duplicate. I tried creating two users with the same username from the web interface and received the expected error.

If you were able to create duplicate keys from normal roundup usage we should investigate that further to figure out how and why. I don't suppose there is a reproduction scenario available for this?

This is pretty old so maybe something was fixed in roundup in the interim. I'll keep this open for a few days in case there is further input and then close it as Won't Fix or Works For Me.