Closed Bug 1988539 Opened 4 months ago Closed 3 months ago

Adding a comment to bug with a user story value with editbugs permission causes a permission error and the comment cannot be added

Categories

(bugzilla.mozilla.org :: Editbugs Requests, task)

Product:
bugzilla.mozilla.org
Component:
Editbugs Requests
Version:
Production
Type:
task

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: aaron.developer.allstate, Assigned: dkl)

References

Details

Attachments

(1 file)

[mozilla-bteam/bmo] Bug 1988539 - Adding a comment to bug with a user story value with editbugs permission causes a permission error and the comment cannot be added (#2494)
46 bytes, text/x-github-pull-request
Details | Review

I recently opened Bug 1987110, but I was told to add the details to Bug 1875540 as it was a duplicate.

When I try to add a comment, I get this error message:
You tried to change the User Story field from
platform:windows,mac,linux,android impact:unsupported-warning configuration:general affects:all branch:release user-impact-score:200 diagnosis-team:webcompat to
platform:windows,mac,linux,android impact:unsupported-warning configuration:general affects:all branch:release user-impact-score:200 diagnosis-team:webcompat , but only a user with the required permissions may change that field.

Additonal information:
Specific permissions are required to make this change

If you are attempting to confirm an unconfirmed bug or edit the fields of a bug, find out how to get the necessary permissions.

I appear to need "editbugs" permissions to add the comments to the existing bug.

I am not able to grant editbugs for your account quite yet as you have very little history of using our instance of Bugzilla. But given that, you should be able to leave a comment on a bug that is public. The issue here is there must be a bug where Bugzilla thinks you are altering the user story field when you are not. I will try to reproduce and find a solution to the issue. Sorry for any inconvenience.

Assignee: nobody → dkl
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: Require editbugs permissions to update bug → Adding a comment to bug with a user story value with editbugs permission causes a permission error and the comment cannot be added
Duplicate of this bug: 1988922

Hi,
Has there been any updates on this? I do need to make the updates to this other defect.
Thanks.

(In reply to Aaron from comment #3)

Hi,
Has there been any updates on this? I do need to make the updates to this other defect.
Thanks.

I did look at this briefly and could not replicate it in my dev environment. What browser version and OS are you currently using? Something is happening where the form submissions thinks the original version of the user story field value has been altered in a subtle way which is difficult to see in the error being thrown.

Flags: needinfo?(aaron.developer.allstate)

I don't know if this makes a difference, but to be pedantically sure: Did you go straight to the bottom of the bug and enter your comment in the "Add Comment" box, or did you press the "Reply" button attached to the User Story at the top and let that take you to the Add Comment field?

I do not expect that to make a difference and the inserted "(Commenting on User Story)" text should be just text, but sometimes computers do goofy things. I can't think of any reason you should get that message because the page wouldn't have let you edit the User Story in the first place without the right permissions, and if you didn't change it this is a "grasping at straws" guess at why it thinks you did.

Using a non-editbugs account on our test instance that runs the same version of software as this site, I could not reproduce your error by replying to the User Story: https://bugzilla.allizom.org/show_bug.cgi?id=1173474#c25

Although the software is identical, the data is old and I could not test bug 1875540 specifically. Seems even more unlikely there could be something specific to that bug. Maybe it was a temporary glitch caused by the persistent DOSsing bugzilla has been undergoing. Do you still have this problem?

I tried commenting as you mentioned, or replying to the last reply in the thread.
yes the problem persists.

Yes, I am still facing the issue using both the latest versions of Edge and Firefox on the latest version of Windows 11. I have attempted this using both the "reply" option and pasting the comment directly into the textbox.

Flags: needinfo?(aaron.developer.allstate)

I am also experiencing this issue.

I apologize for commenting twice, I did not think I would be allowed to post a comment on this thread due to the error I am receiving. I do not know how to edit comments because I am new to bugzilla.

Here is the ticket I was attempting to reply to: https://bugzilla.mozilla.org/show_bug.cgi?id=1971969

The behavior is exactly the same as OP described. When I attempt to post a comment on this particular ticket (which was linked to a ticket I submitted, but my ticket was closed as a duplicate), I get the error:

Not allowed
You tried to change the User Story field from platform:linux impact:workflow-broken configuration:rare affects:all branch:release diagnosis-team:security user-impact-score:36 to platform:linux impact:workflow-broken configuration:rare affects:all branch:release diagnosis-team:security user-impact-score:36 , but only a user with the required permissions may change that field.

Additonal information:
Specific permissions are required to make this change

If you are attempting to confirm an unconfirmed bug or edit the fields of a bug, find out how to get the necessary permissions.

I did not edit the User Story field. I just typed my comment into the comment field, just as I am doing on this ticket, and clicked "save changes".

I was surprised I was able to leave a comment on this ticket.

I am now able to leave a comment on https://bugzilla.mozilla.org/show_bug.cgi?id=1971969.

Not sure what changed in the last hour.

This is still impacting me. I cannot add my own comments to the original bug, asking for the intervention to be removed and the bug closed as this is expected behavior and the intervention is actively breaking functionality on Allstate's MyAccount portal.

(In reply to Aaron from comment #12)

This is still impacting me. I cannot add my own comments to the original bug, asking for the intervention to be removed and the bug closed as this is expected behavior and the intervention is actively breaking functionality on Allstate's MyAccount portal.

Sorry. Have not forgotten about this. I will need see if I can try this on a Windows 11 machine (I use linux) with the latest Firefox browser. It seems that that at least on Windows. Bugzilla thinks the hidden value for user story in a text area is being change in some way that triggers the error message. If I use the Firefox debugging console on my system and make a one letter change to the user story value in the html, I can then trigger the error. But only if I do that which most people would not. So something different about Firefox on Windows.

(In reply to David Lawrence [:dkl] from comment #13)

Sorry. Have not forgotten about this. I will need see if I can try this on a Windows 11 machine (I use linux) with the latest Firefox browser. It seems that that at least on Windows. Bugzilla thinks the hidden value for user story in a text area is being change in some way that triggers the error message. If I use the Firefox debugging console on my system and make a one letter change to the user story value in the html, I can then trigger the error. But only if I do that which most people would not. So something different about Firefox on Windows.

Ok. I have been able now to reproduce this. From what I can tell it is related to Windows and line endings being different than other OSes such as Linux. Firefox and Edge both are trying to convert the "\n" to "\r\n" in the hidden text area for the user story field. Of course, Bugzilla doing a simple string comparison, thinks this is an illegal change of the field and throws the error.

To sum up:

  1. Occurs mainly on Windows
  2. Windows browser client is trying to convert \n to \r\n in the background
  3. Bugzilla thinks this a user trying to change the string value of a field that they do not have edit rights
  4. A permission error is thrown

Solutions:

  1. We can omit the text area entirely from the HTML containing the user story data if the user cannot edit it. I feel like the text area is there to make it possible to quote the user story text in a reply.
  2. Update the back end code to replace all occurrences of "\r\n" with "\n" in new values before doing a comparison of the old to the new. This would have made it look like a non-change happened. This of course could break old user story values that may already have "\r\n" so we would have more errors like this.

I will look at implementing 1. and see what would be necessary to make that work.

Aaron, please leave a comment on this bug with the text you would like to add to bug 1875540 and I will add it for you stating that it is from you.

Thanks for the report!

Flags: needinfo?(aaron.developer.allstate)

Thanks for continuing to look into this, David. Glad you found a root cause.

I have a MacBook as a backup for work. When I log on in the morning, I'll try and make my update through that. if not, I'll come back here and leave a comment that you can copy across.

I appreciate your persistence.

Flags: needinfo?(aaron.developer.allstate)

Bad news, David. I tried to make the update on Chrome, Edge and Safari on MacOS and I am seeing the same issue.

Can you add this text to the bug, please:

Allstate website "My Account" does not behave correctly in Firefox. See further details in this bug

When browsing to Allstate My Account (https://myaccountrwd.allstate.com) using Firefox, a warning panel should appear advising customers to use a compatible browser. Also, when I click on the chat tab, a virtual chat assistant window should open. It does not.

I believe that both issues are related to the fix/intervention for this bug (1875540), which was raised in January 2024. However, the warning panel display is intended behavior by Allstate/MyAccount. This is NOT a Firefox bug.

If I disable the intervention through about:compat, then both the warning panel and the chatbot operate as expected.

This impacts roughly 150k users per month through MyAccount that we have to manage. There may be other impacts elsewhere within Allstate as all Allstate traffic is impacted with this intervention. Firefox does work on MyAccount, for the most part, but it is not a supported browser, hence the warning message.

As a result, I believe this intervention should be reverted.

(In reply to Aaron from comment #17)

Bad news, David. I tried to make the update on Chrome, Edge and Safari on MacOS and I am seeing the same issue.

Can you add this text to the bug, please:

Done

Authored by https://github.com/dklawren
https://github.com/mozilla-bteam/bmo/commit/ee393c0531654ef8d1a53509af45eb59cb9d02b3
[master] Bug 1988539 - Adding a comment to bug with a user story value with editbugs permission causes a permission error and the comment cannot be added

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: