Closed
Bug 155400
Opened 22 years ago
Closed 22 years ago
Fix permissions model
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: gerv, Assigned: gerv)
Details
Our permissions model is currently a mess. Newsgroup discussion came up with the following, which I intend to implement: No permissions - can add comments and change CCs Has canconfirm - can add comments, change CCs, and confirm a bug Has canedit - can edit any aspect of a bug QA Contact - can edit any aspect of a bug Assignee - can edit any aspect of a bug (So, being the QA Contact or the Assignee can be implemented as having canedit for that bug only.) Reporter - can edit any aspect of a bug, except: confirmed status priority unless Param("letsubmitterchoosepriority") target milestone (So, being a reporter has to be an extra flag, because they are different.) Gerv
Assignee | ||
Updated•22 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.18
Version: unspecified → 2.17
Comment 1•22 years ago
|
||
This is related to/a dupe of several bugs, the most obvious probably being the 2.16 bug on this issue.
Assignee | ||
Comment 2•22 years ago
|
||
OK, having carefully read the code, here (I think) are the deviations the current model has from the ideal: - An unpermissioned user can change NEW -> ASSIGNED and REOPENED -> ASSIGNED by hacking templates, although there's no UI. - The reporter can possibly confirm bugs, using the same method as above, but I couldn't get it to work. - The reporter can currently change priority and TM. - Anyone can edit dependencies (bug 141593) because the Check function isn't called for them Gerv
Assignee | ||
Comment 3•22 years ago
|
||
I fixed this when I rewrote CheckCanChangeField. Gerv
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•