208238 - Normal user got admin permissions

Status: RESOLVED DUPLICATE of bug 167485

(Bugzilla :: User Interface, defect)

Description

[Naveen Joshi]

User-Agent:       Opera/6.11 (Linux 2.4.18-3 i686; U)  [en]
Build Identifier: 

First we faced this problem in BZ. ver. 2.12 and when we upgraded it to 2.16.3 it remains same. We are maintaining some product in same databsse and users can access bug based on group. Whenever we are creating new porduct/componenet we observes the following things.
1. Normal users has got some administrative rights (like products, attachement status, keywords, groups etc.).
2. Some of the bugs being hidden while its present on the DB.
3. Administrator has lost the power. If administrator going to correct users right then it does not affect.
4. Generally its happening on product creationing users


Reproducible: Always

Steps to Reproduce:

1.
2.
3.

Actual Results:  
It changss the Normal user rights.

Expected Results:  
On creating new product/componenet the user sould have normal rights and maintainer should have admin rights.

We have buggroup option ON in the configuration.

Comment 1

[Dave Miller [:justdave]]

This is fixed in 2.16.1 and up.  If the products in question already had their
rights "broken" prior to upgrading, upgrading won't fix it.  The upgrade only
fixes the additional creation of new product groups.  Each affected product will
need to have its group manually deleted via SQL and then recreated from
editgroups.cgi to repair it.  User rights related to said product(s) will then
need to be audited from editusers.cgi.  Anyone who was granted access to the
broken products probably has their permissions all messed up.

*** This bug has been marked as a duplicate of 167485 ***