Closed
Bug 201018
Opened 21 years ago
Closed 21 years ago
editusers.cgi never calls DeriveGroup prior to changing a bug
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: justdave, Assigned: justdave)
References
Details
(Whiteboard: [fixed in 2.17.4])
Attachments
(1 file, 2 obsolete files)
1.77 KB,
patch
|
justdave
:
review+
myk
:
review+
|
Details | Diff | Splinter Review |
This means if you edit a user's groups, and they have privileges which are inherited from a group you changed, those privilege changes aren't taken into account. I fixed this on Zippy's install by calling DeriveGroup from editusers after changing the user's groups. Patch coming
Assignee | ||
Comment 1•21 years ago
|
||
Assignee | ||
Updated•21 years ago
|
Attachment #119673 -
Flags: review?(myk)
Comment 2•21 years ago
|
||
This shouldn't be needed. Bugzilla::login calls |&::ConfirmGroup($userid);| in CVS, and this was in the old login code too.
Assignee | ||
Comment 3•21 years ago
|
||
How does it know it needs to update though? changing a user's groups doesn't change the timestamps on the groups... the only way to make ConfirmGroups work in that case is to set the refreshed_when on the user to Some Date In The Far Past...
Comment 4•21 years ago
|
||
Comment on attachment 119673 [details] [diff] [review] Patch v1 Thats not good enough, because you could be changing the login_name too, which affects regexps. Also, given the lack of transaction safety, to be really safe you should start off by setting refreshed_when to <some date in the past>, then rederive at the end (just do it unconditionally, I think, althogh you can have a flag for email+grop changes only, I guess). That protects against server failure in the middle.
Attachment #119673 -
Flags: review?(myk) → review-
Assignee | ||
Comment 5•21 years ago
|
||
Assignee | ||
Updated•21 years ago
|
Attachment #119673 -
Attachment is obsolete: true
Assignee | ||
Updated•21 years ago
|
Attachment #119674 -
Flags: review?(bbaetz)
Comment 6•21 years ago
|
||
Comment on attachment 119674 [details] [diff] [review] Patch v2 OK, this works. Do we need a checksetup fix for this? We should add one, unconditionally for now, but then conditional on the next schema change when we have one.
Attachment #119674 -
Flags: review?(bbaetz) → review+
Assignee | ||
Comment 7•21 years ago
|
||
probably wouldn't hurt. UPDATE profiles SET refreshed_when='1900-01-01 00:00:00' would probably do the trick.
Comment 8•21 years ago
|
||
Can we get this in now, or is this going to wait for the release? It doesn't affect 2.16. Theres a schema patch (bug 180086) which shoudl go in in the next few days, and we can put it in with that. If you want this to wait, though, then we'll have issues with people who upgrade to that before the release, and we'll have to make it unconditional until the change after that.
Target Milestone: --- → Bugzilla 2.18
Comment 9•21 years ago
|
||
I'm waiting on bug 180086 for a reply to a mail I sent to developers@ about checma change locations. In teh meantime, we can put this in to always run the refersh, although that schema change also depends on the answer to my message... http://bugzilla.org/cgi-bin/mj_wwwusr?func=archive-index-date&list=developers&extra=200304 is the post.
Summary: process_bug.cgi never calls DeriveGroup prior to changing a bug → editusers.cgi never calls DeriveGroup prior to changing a bug
Updated•21 years ago
|
Assignee | ||
Updated•21 years ago
|
Flags: approval?
Comment 10•21 years ago
|
||
Just the schema change; no other changes from the previous patch.
Attachment #119674 -
Attachment is obsolete: true
Assignee | ||
Updated•21 years ago
|
Attachment #121585 -
Flags: review+
Comment 11•21 years ago
|
||
Comment on attachment 121585 [details] [diff] [review] adds schema change too r=myk; works for me too
Assignee | ||
Updated•21 years ago
|
Flags: approval? → approval+
Assignee | ||
Updated•21 years ago
|
Whiteboard: [wanted for 2.17.5] → [wanted for 2.17.4]
Comment 12•21 years ago
|
||
Fixed for 2.17.4: Checking in checksetup.pl; /cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v <-- checksetup.pl new revision: 1.229; previous revision: 1.228 done Checking in editusers.cgi; /cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v <-- editusers.cgi new revision: 1.43; previous revision: 1.42 done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Whiteboard: [wanted for 2.17.4] → [fixed in 2.17.4]
Assignee | ||
Comment 13•21 years ago
|
||
Security Advisory has been posted, removing security group
Group: webtools-security
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•