If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Fix permissions model

RESOLVED FIXED in Bugzilla 2.18

Status

()

Bugzilla
Bugzilla-General
RESOLVED FIXED
15 years ago
5 years ago

People

(Reporter: gerv, Assigned: gerv)

Tracking

2.17
Bugzilla 2.18

Details

(Assignee)

Description

15 years ago
Our permissions model is currently a mess. Newsgroup discussion came up with the
following, which I intend to implement:

No permissions - can add comments and change CCs

Has canconfirm - can add comments, change CCs, and confirm a bug

Has canedit - can edit any aspect of a bug
QA Contact - can edit any aspect of a bug
Assignee - can edit any aspect of a bug

(So, being the QA Contact or the Assignee can be implemented as having canedit
for that bug only.)

Reporter - can edit any aspect of a bug, except:
confirmed status
priority unless Param("letsubmitterchoosepriority")
target milestone

(So, being a reporter has to be an extra flag, because they are different.) 

Gerv
(Assignee)

Updated

15 years ago
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.18
Version: unspecified → 2.17
This is related to/a dupe of several bugs, the most obvious probably being the
2.16 bug on this issue.
(Assignee)

Comment 2

15 years ago
OK, having carefully read the code, here (I think) are the deviations the
current model has from the ideal:

- An unpermissioned user can change NEW -> ASSIGNED and REOPENED -> ASSIGNED by 
  hacking templates, although there's no UI.
- The reporter can possibly confirm bugs, using the same method as above, but
  I couldn't get it to work.
- The reporter can currently change priority and TM.
- Anyone can edit dependencies (bug 141593) because the Check function isn't
called for them

Gerv
(Assignee)

Comment 3

15 years ago
I fixed this when I rewrote CheckCanChangeField.

Gerv
Status: ASSIGNED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.