Problem/Motivation
Visiting one's own contact form produces a 403 Access denied error, confusing users into believing the site is broken.
Contact form settings checkbox description text contains a link to a broken URL:
Emails sent via a user's contact form contains a link to a non-working URL
These links are unusable for ordinary users since there is a policy against non-admin users having access to their own contact form. Also there is not much point in giving such access anyway - users don't need to contact themselves. (Comment #57)
Steps to reproduce
- Enable the "personal contact form" under "My Account"> "Edit".
- Clicked on the link that led to user/4/contact
- It says "Access denied You are not authorized to access this page." however there are no permissions for the personal contact form, but the account administrator can see this form at user/4/contact just like normal.
Proposed resolution
The primary goal is a Usability improvement: to eliminate the source of site-is-broken confusion for registered site users.
Option A:
Remove the links that trigger permission denied. See comments #9, #30, #35, #57, and patch in #9 and #57 and #63, Workarounds in #32 (form-alter ) & #43 (string override)). This solution in #63 was committed to Drupal 8, however this solution requires two core string changes, which David Rothstein (D7 maintainer) does not want to do for D7 stable unless absolutely necessary (Comment #124). Gisle in comment #125 argues that this is a major issue making a string change justifiable: "When clicking a hyperlink leads to a "Permission denied" page, it gives the end-user the idea that the site is broken, which is not the message I (as the designer of the site) wants to send."
Option B:
Ensure non-admin users can always see their own “Contact” tab and that the link to the page works, but prevent user from contacting themselves (Comment #11). Eg, show error message on form submit if from/to are the same stating: "For security reasons, you cannot use your own contact form.” (Comment #12) addd as #markup to the form (Comment #13) (Patch #20) and/or disable the "Send e-mail" button and output a short message explaining why it is disabled (Comment #29).
Option B tries to solve the larger usability issues: people want to see their functioning contact form, so they can link people to it; people may want to test the site to prove that email sending is working, and emailing yourself is a perfectly valid use case.
Caveats to Option B:
"For security reasons” — If you register and then change your e-mail address in your account, you could then use your own contact form to send spam to unwilling addresses. That is why it is not allowed (Comment #23). However, this is easy to circumvent by opening two accounts and then spam one from the other -- an unavoidable security problem, not one that exists solely from allowing people to email themselves (Comment #24 & 27). Forcing users to validate changed email addresses, would seem to be the only way to block this security hole. However, it should be noted that issue #601250: Allow anonymous users to use personal contact forms allows anonymous users to use contact forms, so it becomes an UX oddity that members can't access their own form logged in, but can anonymously.
Remaining tasks
Commit solution to D8
Backport a solution to D7.
User interface changes
Non-functional links will be removed from email messages and user profile form contact settings.
API changes
String changes will affect Drupal translations.
Data model changes
None