Open
Bug 774403
Opened 12 years ago
Updated 2 months ago
User's permissions should be checked when autolinkifying bug ids in comments
Categories
(Bugzilla :: User Interface, enhancement)
Bugzilla
User Interface
Tracking
()
NEW
People
(Reporter: koosha.khajeh, Unassigned)
Details
Attachments
(1 file, 2 obsolete files)
1.15 KB,
patch
|
LpSolit
:
review-
|
Details | Diff | Splinter Review |
Right now, when autolinkying bug ids (in case of the existence of those ids) in comments, all bugs are linkified regardless of user's permissions. So, if I click on a linkfied bug id that I do not have the required permission to see that, I will see the respective error. In this case, it would be a good idea to not linkify the bug id. Instead, we could use the tag <abbr> or <acronym> with a text like "You are not allowed to see this bug."
Comment 1•12 years ago
|
||
Note that the link contains the status and resolution of the bug. We shouldn't loose this information. But your proposal makes sense, assuming it's clear to users why they cannot click some "bug XXX" links while some others work.
Attachment #645105 -
Flags: review?(LpSolit)
Comment 3•12 years ago
|
||
Comment on attachment 645105 [details] [diff] [review] patch - v1 >=== modified file 'template/en/default/bug/link.html.tmpl' >+[% IF NOT user.can_see_bug(bug) %] >+ <abbr title="[% link_title FILTER collapse FILTER html %]"> >+ [%~ link_text FILTER html %]</abbr> >+ [% RETURN %] >+[% END %] If we follow this path, then you should put this code into a [% ELSE %] block following the existing [% IF user.can_see_bug(bug) %] block with all the relevant code in it. This is logically much nicer than the RETURN directive inserted here. Now thinking about it a bit more, I often click on bugs I cannot see (because I'm logged out) because I know Bugzilla will ask me to log in to see it and so I will be able to enter my credentials and view the secure bug automatically. If we replace the link by <abbr>, then I won't be able to click on it at all and I will first have to log in, and then click on the link, which is not a big deal. :) I wonder if using a CSS class similar to the existing 'forbidden' class in admin.css wouldn't be better. This way, the text would look like not clickable, but could still be clicked by advanced users. Seems like a good compromise to me.
Attachment #645105 -
Flags: review?(LpSolit) → review-
Updated•12 years ago
|
Target Milestone: --- → Bugzilla 4.4
Assignee: ui → koosha.khajeh
Attachment #645105 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #651510 -
Flags: review?(LpSolit)
Comment 5•12 years ago
|
||
Comment on attachment 651510 [details] [diff] [review] patch - v1.1 As I said in comment 3, leave "bug XXX" as clickable, but use CSS to alter the way it's displayed to users who cannot access the bug.
Attachment #651510 -
Flags: review?(LpSolit) → review-
Updated•12 years ago
|
Target Milestone: Bugzilla 4.4 → Bugzilla 5.0
Updated•10 years ago
|
Whiteboard: [Good Intro Bug] → [good first bug][lang=perl]
Updated•10 years ago
|
Target Milestone: Bugzilla 5.0 → ---
Comment 6•9 years ago
|
||
Dylan, can you confirm that this bug is still valid in the current code base? If so, could you relink to where the source is, what file to edit and add a mentor to the bug?
Flags: needinfo?(dylan)
Comment 8•7 years ago
|
||
I'm a newbie, but maybe I can work on this bug ? thanks
Comment 9•7 years ago
|
||
No assignee is set so anyone can work on this - no 'permissions' in general. :)
Updated•7 years ago
|
Keywords: good-first-bug
Comment 10•5 years ago
|
||
Removing good-first-bug
keyword because team does not have bandwidth to mentor at the moment.
Keywords: good-first-bug
Updated•4 years ago
|
Whiteboard: [good first bug][lang=perl]
Comment hidden (spam) |
Updated•2 months ago
|
Attachment #9383642 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•