Closed Bug 207895 Opened 22 years ago Closed 21 years ago

except for adding themselves, users without editbugs should not be able to change the cc: list

Categories

(Bugzilla :: Creating/Changing Bugs, defect)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 28849

People

(Reporter: myk, Assigned: myk)

Details

cc: list changes are changes like any other, and users should not be able to make them when they don't have "edit bugs" privileges. Such users should be able to cc: themselves, however, so they can keep track of bugs they reported or are interested in.
Summary: except for adding themselves, users with editbugs should not be able to change the cc: list → except for adding themselves, users without editbugs should not be able to change the cc: list
i don't mind preventing people from removing others from the cc list. however people should be able to cc users to bugs, even if it's just an attempt to cc. not everyone accepts foreign emails. i can point to many cases where people who don't have editbugs and who don't need editbugs have usefully cc'd people. relying on out of bounds communication is a bad idea. at some point there might not be any way for people to attempt such a communique. (even in today's world just because you can try to email someone doesn't mean it will work. try emailing the account from which i'm writing this comment.) if you don't want to allow people to actually cc others to bugs there are a few alternatives to consider: 1. a bug flag 'cc' a user sets cc?(myk@mozilla.org). It appears in myk's request queue (up to one email is generated for this request). If myk wants to be cc'd myk sets cc+ and is cc'd. at which point standard bugmail rules apply for the bug 2. delegation user myk defines a list of people who are (dis)allowed to a. remove myk from cc list b. add myk to cc list c. set myk as qa d. set myk as assignee the list can either be a whitelist or a blacklist. the default would be a Bugzilla Param.
I don't think many people would really be able to use white-/blacklisting very efficiently... It will only make a difference on large installations like bmo, and I doubt whether the important people (those who somebody would like to cc) could efficiently write and maintain whitelists. And blacklisting is made largely useless by the fact that any serious misuse of ccing permissions should lead to action by the administrators anyway - so, at the point when you know to blacklist somebody, his account is already dead.
Is there strong support for preventing users from adding others to cc: without editbugs? I see that aspect as potentially contentious while preventing users without editbugs from removing others is a no-brainer. There are two issues - the potention spamming problem (adding) and a real data-management problem seen at bmo (removing). If there are no objections I'd advocate changing this bug to cover just the removing aspect (for the purpose of expediency) and filing another bug on adding, where folks can duke out that issue.
*** This bug has been marked as a duplicate of 28849 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.