Closed
Bug 1009406
Opened 10 years ago
Closed 10 years ago
A user with local editcomponents privs cannot update the inclusion and exclusion lists when the flagtype is already restricted to products the user cannot edit
Categories
(Bugzilla :: Administration, task)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.4
People
(Reporter: mail, Assigned: mail)
References
Details
Attachments
(1 file)
|
1.71 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
UserA has editcomponents privilege on ProdA and ProdB FlagX currently has inclusion on ProdB and ProdC (presumably set up by a person with full editcomponents privileges) User A goes edit FlagX so the inclusions list also has ProdA in it. Expected result: FlagX now has ProdA, ProdB and ProdC in the inclusion list. Actual result: Either the product with the id [ProdC's id] does not exist or you don't have access to it. The issues is in the set_clusions sub in Bugzilla::FlagTypes, where it is checking all products, not just the changes. I'm not sure about the best way of fixing this.
|
Assignee | |
Comment 1•10 years ago
|
||
I think the best way is to get the current clusion list, and only check the difference. That seems the best way.
(my original idea was ->set_clusions(inclusions => { add => [...], remove => [...] }, exclusions => { add => [...], remove => [...] }}, but that really would be making more worse not better, and not solve the actual problem.Assignee: administration → sgreen
Status: NEW → ASSIGNED
|
|
||
Comment 2•10 years ago
|
||
Let's try a more descriptive bug summary. :) This bug exists since 4.2 when the ability for users with local editcomponents privs to edit flags has been implemented, see bug 529974.
Depends on: 529974
Summary: Unexpected error when updating flag clusion list → A user with local editcomponents privs cannot update the inclusion and exclusion lists when the flag is already restricted to products the user cannot edit
Target Milestone: --- → Bugzilla 4.4
Version: 4.4 → 4.2.9
|
|
||
Updated•10 years ago
|
Summary: A user with local editcomponents privs cannot update the inclusion and exclusion lists when the flag is already restricted to products the user cannot edit → A user with local editcomponents privs cannot update the inclusion and exclusion lists when the flagtype is already restricted to products the user cannot edit
|
|
Assignee | |
Comment 3•10 years ago
|
||
Attachment #8422096 -
Flags: review?(dkl)
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8422096 [details] [diff] [review] bug1009406-v1.patch Review of attachment 8422096 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl
Attachment #8422096 -
Flags: review?(dkl) → review+
|
|
||
Updated•10 years ago
|
Flags: approval?
Flags: approval4.4?
|
|
Assignee | |
Updated•10 years ago
|
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval+
|
|
||
Comment 5•10 years ago
|
||
Simon, do you have checkin capability with your new account name? Should I commit this for you? dkl
Flags: needinfo?(bugzilla)
|
|
Assignee | |
Comment 6•10 years ago
|
||
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git caf2197..847191a master -> master To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 1e5bdcd..8e3d2de 4.4 -> 4.4 (In reply to David Lawrence [:dkl] from comment #5) > Simon, do you have checkin capability with your new account name? Should I > commit this for you? Yeah, checkins are tied to ssh keys not e-mail address (at least for non Moco accounts). -- simon
Flags: needinfo?(bugzilla)
|
|
||
Updated•10 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•