Closed Bug 1137368 Opened 9 years ago Closed 9 years ago

Allow the bug's assignee to edit attachment fields, even if they do not have editbugs

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: kgrandon, Assigned: glob)

References

Details

Attachments

(1 file)

1137368_1.patch
987 bytes, patch
dkl
: review+
Details | Diff | Splinter Review 
See bug 1126638 comment 8. Currently gaia autolander attaches pull requests to bugzilla bugs, but new contributors don't have permission to modify these attachments.

I'm not sure what the best component is for this, but I feel that in order to solve this we may need to change something from the bugzilla side? Feel to move if appropriate.
One option might be to allow any user to modify attachments by the autolander user? I'm not sure if that could cause abuse though.
the bug's assignee alreafy has the ability to edit any field on the bug; we could extend this to attachments too.

while possible, i don't think it's with the added complexity of restricting this to attachments made by a single user -- it's much clearer conceptually that an assignee can edit the bug and its attachments.  it's open to as much abuse as the current "assignee can edit any field" privileged, which is easy to catch and address.

implementation wise this is a trivial change to B::Attachments::validate_can_edit()

dkl, thoughts?
Component: Extensions: BMO → General
Flags: needinfo?(dkl)
Summary: Contributors need a way to request review on autolander attachments → Allow the bug's assignee to edit attachment fields, even if they do not have editbugs
(In reply to Byron Jones ‹:glob› from comment #2)
> the bug's assignee alreafy has the ability to edit any field on the bug; we
> could extend this to attachments too.
> 
> while possible, i don't think it's with the added complexity of restricting
> this to attachments made by a single user -- it's much clearer conceptually
> that an assignee can edit the bug and its attachments.  it's open to as much
> abuse as the current "assignee can edit any field" privileged, which is easy
> to catch and address.
> 
> implementation wise this is a trivial change to
> B::Attachments::validate_can_edit()
> 
> dkl, thoughts?

I am fine with the change and I also do not see any easier way of doing this. If we are going on the scenario of the assignee can edit bug fields, we should probably include qa contact as well.

dkl
Flags: needinfo?(dkl)
Byron - seems like we've have a decision. Any chance you could have this prioritized or someone to look at it? Thanks!
Flags: needinfo?(glob)
Assignee: nobody → glob
Flags: needinfo?(glob)
Attached patch 1137368_1.patchSplinter Review 
for clarity i unpacked the multifaceted condition into separate commented lines.

the editbugs check in validate_can_edit is redundant (as it's covered by being able to edit the bug itself), but i left it in to make it easier to maintain later (it's clearer that it's the whole upstream condition).
Attachment #8571743 - Flags: review?(dkl)
Comment on attachment 8571743 [details] [diff] [review]
1137368_1.patch

Review of attachment 8571743 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8571743 - Flags: review?(dkl) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   f569d5e..8d20ba6  master -> master
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: