Closed
Bug 166332
Opened 22 years ago
Closed 2 years ago
Should be given option to mass change when not logged in
Categories
(Bugzilla :: Query/Bug List, enhancement)
Bugzilla
Query/Bug List
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mozeditor, Unassigned)
Details
(Keywords: polish)
Attachments
(1 file)
2.41 KB,
patch
|
goobix
:
review-
LpSolit
:
review-
|
Details | Diff | Splinter Review |
Steps: 1) without being logged into bugzilla, do a bug search. results: "Change Several Bugs at Once" option is not there. It should be, for 2 reasons. First off, if you are usually logged in when using bugzilla, and then do a search when not logged in, it's not obvious why that option has disappeared. Secondly, if you bring up a specific bug and make a change, Bugzilla prompts you to login AFTER you try to commit the change. The way it should work is that "Change Several Bugs at Once"" is always present at the bottom of search results, and if you make changes it should then prompt you for login.
Comment 1•22 years ago
|
||
You can just add &tweak=1 to the url, but yeah, this seems reasonable. Patch coming. You'll still have to login before seeing the page, though. This is partly for groups-issues, but mainly because theres no point in letting someone fill out a form which they won't be able to submit...
Assignee: myk → bbaetz
Keywords: polish
Summary: inconsistent and undiscovereable differences on when you can change bugs → Should be given option to mass change when not logged in
Target Milestone: --- → Bugzilla 2.18
Comment 2•22 years ago
|
||
This also fixes the problem that process_bug doesn't check for editgroups before letting you do a mass change.... The actual text of the error message hasn't been tested, though - see bug 164038 comment 15
Comment 3•20 years ago
|
||
Unloved bugs targetted for 2.18 but untouched since 9-15-2003 are being retargeted to 2.20 If you plan to act on one immediately, go ahead and pull it back to 2.18.
Target Milestone: Bugzilla 2.18 → Bugzilla 2.20
Comment 4•19 years ago
|
||
This bug has not been touched by its owner in over six months, even though it is targeted to 2.20, for which the freeze is 10 days away. Unsetting the target milestone, on the assumption that nobody is actually working on it or has any plans to soon. If you are the owner, and you plan to work on the bug, please give it a real target milestone. If you are the owner, and you do *not* plan to work on it, please reassign it to nobody@bugzilla.org or a .bugs component owner. If you are *anybody*, and you get this comment, and *you* plan to work on the bug, please reassign it to yourself if you have the ability.
Target Milestone: Bugzilla 2.20 → ---
Comment 5•19 years ago
|
||
My vote to wontfix this bug!
Comment 6•19 years ago
|
||
Comment on attachment 97584 [details] [diff] [review] patch Asking for review. This bug asks for displaying the option for a mass change when logged out, not for allowing the actual mass change. Displaying the option when logged out and then asking to log in when it's actually requested is consistent to what is what we're doing elsewhere, too.
Attachment #97584 -
Flags: review?
Comment 7•19 years ago
|
||
Comment on attachment 97584 [details] [diff] [review] patch The current status of Bugzilla: -> not logged in users miss the "Change multiple" link in the footer. -> any logged in user can do multiple changes. -> logged in user with editbugs can see the "Change multiple" link in the footer, the other logged in user can not, but can still perform it by manually visiting the URL. This bug should not change the current permission scheme, as its summary clearly indicates that this is not the topic here. Besides, if in another bug we decide to change the current permission scheme, then I'd probably object to it. This patch has 3 parts. The first two parts change the permission scheme; discussion about them needs to be moved in another bug and they are not relevant here. The third part is wrong, because it needs to display "change multiple" to logged in users with editbugs as well (since the code allows them to do this currently). - [% IF bugs.size > 1 && caneditbugs && !dotweak %] + [% IF bugs.size > 1 && (caneditbugs || NOT user.login) && !dotweak %] should be in the lines of: - [% IF bugs.size > 1 && caneditbugs && !dotweak %] + [% IF bugs.size > 1 && !dotweak %] So we need (Marc? :) ) only the third part of the patch, giving the link out to everybody.
Attachment #97584 -
Flags: review? → review-
Comment 8•19 years ago
|
||
s/logged in user/logged in users/ s/the other logged in user/the other logged in users/ s/logged in users with editbugs as well/logged in users without editbugs as well/ (in the previous comment)
Comment 9•19 years ago
|
||
Comment on attachment 97584 [details] [diff] [review] patch Hmm, forget the previous 2 comments, I had editbugs inheritance turned on and so all the testing turned out to be wrong.
Attachment #97584 -
Flags: review- → review?
Comment 10•19 years ago
|
||
Comment on attachment 97584 [details] [diff] [review] patch The patch is wrong because the cant_edit_multiple thing that it's trying to introduce is nowadays done in user-error.html.tmpl using LpSolit's generic auth_failure template: [% ELSIF object == "multiple_bugs" %] multiple [% terms.bugs %] at once So the first two parts need to be removed. I think the 3rd part (Marc? :) ) is what we need. The code in the 3rd part is correct, since not having editbugs means no multiple changes :(.
Attachment #97584 -
Flags: review? → review-
Comment 11•19 years ago
|
||
Comment on attachment 97584 [details] [diff] [review] patch >@@ -86,6 +86,11 @@ > || DisplayError("You did not select any bugs to modify.") > && exit; > >+# mass changes require editbugs >+if (scalar(@idlist) > 1 && !UserInGroup("editbugs")) { >+ ThrowUserError("cant_edit_multiple"); >+} Which version of Bugzilla has been used here??? Looks like 2.16.x or older, due to the DisplayError() routine. >+ [% ELSIF message_tag == "cant_edit_multiple" %] >+ [% title = "Permission Denied" %] >+ Sorry, you do not have sufficient privileges to edit multiple bugs. First, you have to write [% terms.bugs %]. Second, as Vlad said, we have a generic auth failures template. >- [% IF bugs.size > 1 && caneditbugs && !dotweak %] >+ [% IF bugs.size > 1 && (caneditbugs || NOT user.login) && !dotweak %] Unfortunately, I'm not allowed to put my veto on it. But: we have bugs requesting to disable fields which the user is not allowed to edit, such as bug 95923. Here, you offer all users the possibility to do several changes at once and then they will get a great red error message saying "sorry, you don't have enough privs to do this". Changing several bugs at once requires editbugs privs. These guys know how Bugzilla works well enough to log in first. Changing several bugs at once is powerful.... and dangerous. I would tend to hide it as much as possible instead of allowing anyone to use it, even if process_bug.cgi will block any unallowed change. Again, my vote to wontfix it.
Attachment #97584 -
Flags: review-
Comment 12•19 years ago
|
||
> instead of allowing anyone to use it, even if process_bug.cgi
> will block any unallowed change.
process_bug will block unallowed changes only if they hack the URL.
The blocking will be made most of the time by buglist.cgi. Either they have a
valid account and log in successfully, or they get the auth error message and
don't even see the interface for changing multiple bugs.
Comment 13•19 years ago
|
||
LpSolit: see previous comment.
Comment 14•19 years ago
|
||
Vlad, if I understand you correctly, the steps for a logged out user are: 1) I'm logged out and run a query. 2) buglist.cgi displays the list of bugs and at the end a link to "change several bugs at once". 3) If I click this link, I have to identify myself before the edit-multiple template is displayed. 4) If I have editbugs privs, I can access edit-multiple, else I get a auth error. Is that what you meant?
Comment 15•19 years ago
|
||
LpSolit: yeah. When I've said about buglist.cgi performing the "block", I was talking about your step 3: the "edit-multiple template" is displayed by buglist.cgi.
Comment 16•19 years ago
|
||
ok. I thought you meant "let the user access the edit-multiple template, doing all the changes and after he spent 10 minutes on it, throw him a big red error message at his face". This was the reason I was opposed to this option. Now it sounds *much* better! I remove my "veto" then. ;)
Updated•18 years ago
|
QA Contact: mattyt-bugzilla → default-qa
Comment 17•15 years ago
|
||
(In reply to comment #0) > Steps: > 1) without being logged into bugzilla, do a bug search. > results: "Change Several Bugs at Once" option is not there. > > It should be, for 2 reasons. First off, if you are usually logged in when using > bugzilla, and then do a search when not logged in, it's not obvious why that > option has disappeared. Secondly, if you bring up a specific bug and make a > change, Bugzilla prompts you to login AFTER you try to commit the change. I don't see the behavior mentioned as the second point above of making a change to a specific bug
Whiteboard: [has minused patch]
Updated•8 years ago
|
Assignee: bbaetz → query-and-buglist
Severity: normal → enhancement
Component: Creating/Changing Bugs → Query/Bug List
Whiteboard: [has minused patch]
Comment 18•2 years ago
|
||
As of Bugzilla 6 (a predecessor of which is what you're using to view this bug report), you are no longer permitted to make changes even to individual bugs without being logged in first. The fields to make changes aren't even present on the bug display until you log in. Thus the current behavior with "change several bugs at once" is consistent with the current individual bug view, and this change is no longer needed to make it consistent.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•