Closed Bug 1151293 Opened 10 years ago Closed 10 years ago

Review counts include reviews that the user cannot see

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: mail, Unassigned)

Details

Not sure if this is a bug or a feature, feel free to WONTFIX if it is a feature. In the add attachment page, under suggested reviews, it shows the number of patches in a persons queues, e.g. "David Lawrence <dkl@mozilla.com> (10 reviews in queue)" However, an unprivileged user should only see seven reviews in the queue, since there are three reviews that are private. See: https://bugzilla.mozilla.org/request.cgi?action=queue&requester=&product=&type=all&requestee=dkl%40mozilla.com&component=&group=type&do_union=1 (until such point as dkl does my reviews for the embargoed bug)
Some sure that a count of total bugs in a person's review queue is giving away anything sensitive and should be changed. I will let glob give his opinion when he is back from break. dkl
Component: Extensions: MozReview → Extensions: Review
Flags: needinfo?(glob)
the count of bugs isn't security sensitive. this was clarified by the security team when the product dashboard was implemented.
Group: bugzilla-security
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(glob)
Resolution: --- → INVALID
Component: Extensions: Review → Extensions
You need to log in before you can comment on or make changes to this bug.