Closed Bug 1215501 Opened 9 years ago Closed 8 years ago

[modal ui only?] When moving a bug to a different product and removing a security-group, the other product's security group gets added automatically anyway

Categories

(bugzilla.mozilla.org :: Bug Creation/Editing, defect)

Product:
bugzilla.mozilla.org
Component:
Bug Creation/Editing
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: Gijs, Assigned: dkl)

Details

Attachments

(1 file)

1215501_1.patch
4.18 KB, patch
dylan
: review+
Details | Diff | Splinter Review 
This is essentially bug 1182500 regressing, AFAICT.

(this just happened to me with bug 1215456)
Taking a look.
Assignee: nobody → dkl
Status: NEW → ASSIGNED
I am not able to reproduce this locally. If I uncheck the default core-security group for Core, it is not added back automatically for me. And firefox-core-security is removed as expected since it is not valid for Core product.

I may need to try this on production to be sure.

dkl
(In reply to David Lawrence [:dkl] from comment #2)
> I am not able to reproduce this locally. If I uncheck the default
> core-security group for Core, it is not added back automatically for me. And
> firefox-core-security is removed as expected since it is not valid for Core
> product.
> 
> I may need to try this on production to be sure.
> 
> dkl

No, the problem is that when the product is still in firefox, you remove the security group, then you move it to a different product, and at that point the security group gets reinstated (to core-security, which I can't remove because I'm not in the right security group on bmo).
(In reply to :Gijs Kruitbosch from comment #3)
> No, the problem is that when the product is still in firefox, you remove the
> security group, then you move it to a different product, and at that point
> the security group gets reinstated (to core-security, which I can't remove
> because I'm not in the right security group on bmo)

Ok. I see more now of what you are saying. I also tried it that way with a test user that is in the firefox security group but not core-security and I was still unable to make it fail in the way you describe.

(as a privileged user that is not an admin)
1. Enter or go to a Firefox bug marked private to firefox-core-security.
2. Click 'edit' and uncheck the firefox-core-security checkbox.
3. On the same page, choose Core as a new product with component Security.
4. The core-security group is now checked by default, but editable.
5. Uncheck the core-security checkbox before submitting.
6. Click submit and observe that the bug is now fully public under the new product.
   The core-security group is not on and is not present as the test user is not in the
   core-security group.

Am I missing a step somewhere? glob, any ideas on this?

dkl
Flags: needinfo?(glob)
(In reply to David Lawrence [:dkl] from comment #4)
> (In reply to :Gijs Kruitbosch from comment #3)
> > No, the problem is that when the product is still in firefox, you remove the
> > security group, then you move it to a different product, and at that point
> > the security group gets reinstated (to core-security, which I can't remove
> > because I'm not in the right security group on bmo)
> 
> Ok. I see more now of what you are saying. I also tried it that way with a
> test user that is in the firefox security group but not core-security and I
> was still unable to make it fail in the way you describe.
> 
> (as a privileged user that is not an admin)
> 1. Enter or go to a Firefox bug marked private to firefox-core-security.
> 2. Click 'edit' and uncheck the firefox-core-security checkbox.
> 3. On the same page, choose Core as a new product with component Security.
> 4. The core-security group is now checked by default, but editable.

Yes, but I didn't expect this bit. Why is it now checked? It shouldn't be. I didn't know that moving the bug to a different product was going to re-mark the bug as sec-sensitive, so I submitted, and then the bug got "stuck" in core-security until someone in that group removed it again.
(In reply to :Gijs Kruitbosch from comment #5)
> Yes, but I didn't expect this bit. Why is it now checked? It shouldn't be.

it's checked because the code that builds the group checkboxes looks at the server-side state of the bug, and doesn't take into account the client-side change making the bug public before a new product is selected.  this is a bug.
Flags: needinfo?(glob)
(In reply to Byron Jones ‹:glob› from comment #6)
> (In reply to :Gijs Kruitbosch from comment #5)
> > Yes, but I didn't expect this bit. Why is it now checked? It shouldn't be.
> 
> it's checked because the code that builds the group checkboxes looks at the
> server-side state of the bug, and doesn't take into account the client-side
> change making the bug public before a new product is selected.  this is a
> bug.

Ah thanks glob. Now that I understand the issue it makes more sense. I can still take a look at solving this now that I know where to look.

dkl
Sorry for the ping, but is there any progress here, dkl? This just bit me again in bug 1230080.
Flags: needinfo?(dkl)
(In reply to :Gijs Kruitbosch (PTO Nov. 17-20 inclusive) from comment #8)
> Sorry for the ping, but is there any progress here, dkl? This just bit me
> again in bug 1230080.

Sorry this fell through the cracks all this time. Working on it now.

dkl
Flags: needinfo?(dkl)
Attached patch 1215501_1.patchSplinter Review 

        Attachment #8812926 -
        Flags: review?(dylan)

    
    

    
  
Comment on attachment 8812926 [details] [diff] [review]
1215501_1.patch

Review of attachment 8812926 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan

testing this was a lot of setup. wish we had test cases for all these variations of admin/non-admin and various groups. :-/

        Attachment #8812926 -
        Flags: review?(dylan) → review+

    
    

    
  
(In reply to Dylan Hardison [:dylan] from comment #11)
> Comment on attachment 8812926 [details] [diff] [review]
> 1215501_1.patch
> 
> Review of attachment 8812926 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> r=dylan
> 
> testing this was a lot of setup. wish we had test cases for all these
> variations of admin/non-admin and various groups. :-/

Agreed :-/ Should be a quarter goal IMO in the near future to get a good set of tests for the modal UI.

To https://github.com/mozilla-bteam/bmo.git
   6d01972..2dec6dc  master -> master

dkl
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: