Closed Bug 240086 Opened 21 years ago Closed 11 years ago

Use names for group permissions instead of checkboxes

Categories

(Bugzilla :: Administration, task, P3)

Product:
Bugzilla
Component:
Administration
Version:
2.17.7
Type:
task

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: bugreport, Unassigned)

References

Details

Attachments

(22 obsolete files)

If I have a site where a bug can be public, restricted to users of the product (acme1000access), restricted to my own company (acme), or restricted to the security team, (acmesecurity), I would currently have 3 checkboxes (8 possible combinations) for group restrictions and confuse my users. What I would like to do, if I define the names, is to have the UI use either a single-select, radio buttons, etc... to select Public Acme 1000 users Acme staff Acme security and let the UI map between the human-understandable names and the individual group permissions. If I have 3 groups associated with a product, I will have at most 8 rows to fill in. In this example, I would have {acme1000users, acme, acmesecurity}, name 0 0 0, public 1 0 0, acme 1000 users x 1 0, acme personnel (who are all known to be members of acme1000users as well) x x 1, acme security (who are all know the be members of the other 2 groups) Having done this, we can add additional information as well as the name field. For example, we could identify the style to be used on buglist so that bz_secure could be defined to correspond to public versus non_public one one site while it corresponds to security team restrictions on another site. This would require the addition of 2 new tables 1) permission_names id, name, style, .... 2) group_permission_map group_id, permission_id, value (1, 0, X) [it may be possible to skip storing any of the 0 records] The SQL implications require a bit more thought.
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → Bugzilla 2.20
Bugzilla 2.20 feature set is now frozen as of 15 Sept 2004. Anything flagged enhancement that hasn't already landed is being pushed out. If this bug is otherwise ready to land, we'll handle it on a case-by-case basis, please set the blocking2.20 flag to '?' if you think it qualifies.
Target Milestone: Bugzilla 2.20 → Bugzilla 2.22
Summary: Use names for group permissions insetad of checkboxes → Use names for group permissions instead of checkboxes
A question..... If each group had a "level" associated with it, and we only paid attention to the highest level, could we make this even simpler. So, in the example... If there are no two groups of the same level, we can really choose between the 4 groups. 010 Public (this group would be added just to keep this simple) 020 Acme 1000 users 030 Acme staff 040 Acme security Comments?
joel, where do you think is a good place to put a interface that will give the possibility of map the group permissions in a simple name? Maybe on entry a new bug? What about to define a parameters like usenamedgroups leaving this feature optional?
I think that the entry and edit forms for a bug would just replace the section that starts with "Only users in all of the selected groups.." with a new pick-one list. The more complicated questions in my mind are... 1)do we define the combinations on a per-product basis or a systemwide basis? 2)if we do this systemwide, how many distinct combinations that matter are there? My point with number 2 is... if I have a group of ProductXXX-developers and a group for ProductXXX-security people and I know that all my security people are also developers, I may have a chart like this... dev secure meaning 0 0 open to all 1 0 restricted to developers 0 1 restricted to security 1 1 restricted to security However, the 0/1 case is redundant. I really would rather replace 0/1 with X/1. Also, if the developers group is MANDATORY for the product, I really want to only define 1/0 restricted to developers 1/1 restricted to security
Joel, I think: 1. Just replace the checkbox for a select box will solve this problem. However, the groups names could still confusing the users (maybe a group alias will solve); 2. Avoid the complex combinations of groups on bug entry/edit, leaving this hierarchy for the editgroups; 3. Even with a mandatory group for a product, ignores it and show it in the select box; (IMO, mandatory group is much obscure for users); I think that there is no need for tables to solve this bug. Poke me if I'm wrong, please.
kiko, give us your comment, please.
(poke) I am trying to solve 2 problems 1) Users are normally not aware of the group names and which ones matter and which ones don't, so if there are 2 checkboxes, there are normally 3 options that make sense, not 4 because one of the groups is usually a superset of the other. 2) A selection between "restrict to my_developers AND customer_log_access" and "restrict to customer_log_access" is confusing. I'd like that to say "Keep private to my developers" versus "Share with customer"
/me is with purple left eye :) Joel, but: What about create super groups with names: "Keep private to my developers" and "Share with customer". And then, edit these super groups adding child groups to them. And them on edit group controls choose these super groups as product group?. In this case, the select will work. Group allowed to view this bug: [Public |v] |Share with customer | |Keep private developers| I have another eye. :).
Indeed, there are three approaches here, both of which involve changing the group selection to a select box: a) Structure your groups in a way that their names and structure provide the correct restriction policy for your installation. b) Offer options that do all the possible permutations of sets of groups, defining names for them. c) Define named "bug groups" that are a fixed, named set of groups. Approaches a) and c) are similar and perhaps in keeping with what Joel is suggesting in comment #2. In fact, was that were bug groups were originally intended for?
Joel, when you say style do you mean that will be possible to add somthing like a skin to the bug?? So private bugs have a site that looks totally different of public bugs site??
Gabriel -- Joel means just for the buglist styling. We currently have a padlock in private bugs; this could be changed (still using CSS) for bugs with certain group restrictions.
WRT comment 9: We don't want to have a distinct setting for each possible permutation since a more restrictive group makes a less restrictive group into a don't-care. We need to have a way to define the "relevent" combinations and name those. Then, in addition to the names, we can take a cue from the same table that assigns the name to a combination and use that cue to style both the padlock and the bug's "skin"
Joel and kiko, look at our idea: 1. Select all groups that belongs to the product. 2. For each one catch the related groups. (The number of related groups defines the hierarchy between the product groups) 3.tables: permissions_names id, name, style permissions_group_product_map perm_id, group_id, product_id 4. If group is in the lowest level prompt 'share with group' Intermediary ones prompt 'Restrict to + groups realted' Highest level 'Restrict to group' For example A, B, C are our groups and the predefined messages: Share with "groupA" - lower hierarchy Restrict to "groupB"/"groupC" - intermediary Restrict to "groupC" - higher
(In reply to comment #13) > 2. For each one catch the related groups. > (The number of related groups defines the hierarchy between the product groups) I don't understand what this means. Can you elaborate?
Essentially, Gabriel was describing a way of detecting in runtime (i.e., at show_bug.cgi time) what groups were included in others (and therefore, what options to omit). Spoke to Joel on the phone about this today. We hashed out some ideas and the one that stuck best was the following. - Per-product, we'd have a group-combination-edit form. - This form would allow us to identify group combinations that applied to that product, and name that group combination. - Bug restrictions would then rely on the named group combinations indicated, instead of the actual bug groups. They would be listed in a single select box. Group combinations without names would not be included in the list. This would require a schema change (to save these group combinations). It avoids needing to do in runtime recursive queries in the group hierarchy to identify redundant combinations (we /could/ however do these queries in the edit group-combination-edit form, and indicate in the UI that certain options were redundant). This is a proposal; let's say the "named-group-combinations" proposal.
There is another solution, which may be too much work for large installations <wink>. The solution involves: - Allowing only a single group (non-mandatory) to be specified for a bug. Mandatory groups would be indicated by a label. - Restructure the group system somewhat to have the following properties: - Products have a set of groups - The Bugzilla installation would organize product groups in a way that suggested the groups created applied only to that product -- perhaps we would make the UI allow for very convenient product group creation (and group aggregation inside them). - The Bugzilla administrator would create product groups and assemble them from existing groups as necessary. The product groups are already named, and their labels would be used in the group select box in show_bug.cgi. This is a bit muddled with mandatory, but the advantage of this proposal is that no additional schema needs to be added -- we are taking advantage of what we currently have. Let's call this the "structured-group" proposal.
The two proposals above are similar in effect and diverge in how they are presented to the administrator, and how they are implemented in the DB schema. I am happy to clarify or discuss either if necessary. Which should we push towards?
Kiko, Joel About "named-group-combinations" proposal, could we make this feature optional adding a paramenter like usenamedgroups? It will have a little or no impact for existent bugzilla instalattions.
I like the "named-group" proposal. It coule either be controlled by a parameter or.... if the administrator has not named a product's group combinations, --> use checkboxes if the administrator has names and group combinations for a product, --> select from among those names The group naming control panel can prune out combinations that are totally redundant. This also makes it possible to omit definitions that are not sensible for a particular site and make it possible to define names for group combinations for some products while not doing so for others. It does leave an interesting question with mass-change, though. My inclination would be to assume that anyone doing mass-change can handle the checkboxes.
Attached patch A first propose (obsolete) — Splinter Review
Just a First proposal, "Edit named Groups" is On editproducts.cgi and the edition template keeps the bugzilla table pattern. It's a good place??
Attached patch Propose (obsolete) — Splinter Review
I create editnamedgroup.cgi to list and create the named groups, next step is the action edit.
Attachment #185823 - Attachment is obsolete: true
Attachment #186348 - Flags: review?(kiko)
Comment on attachment 186348 [details] [diff] [review] Propose Seems a bit buggy :-( Needed an edit before it even compiled. Then, it is missing a ffooter template required to make it work.
Comment on attachment 186348 [details] [diff] [review] Propose see comment 22
Attachment #186348 - Flags: review?(kiko) → review-
Attached patch Propose fixed (obsolete) — Splinter Review
A Fixed patch, with the same code plus a footer template. I create editnamedgroup.cgi to list and create the named groups, next step is the action edit.
Attachment #186348 - Attachment is obsolete: true
Attachment #186366 - Flags: review?(kiko)
Attachment #186366 - Flags: review?(bugreport)
Comment on attachment 186366 [details] [diff] [review] Propose fixed I think this is on the right track, but nothing happens when I add a new name.
Attachment #186366 - Flags: review?(bugreport)
I'm not sure I like having a named_id in the bugs table. The names are for presentation in the UI, but the actual information is in the bug_group_map. Adding the name to the bugs table sounds a lot like cached information. Is that its intent?
(In reply to comment #26) > I'm not sure I like having a named_id in the bugs table. The names are for > presentation in the UI, but the actual information is in the bug_group_map. > Adding the name to the bugs table sounds a lot like cached information. Is that > its intent? > Yes, it is cached information. We will use it to avoid a lot of queries and if the named groups wont be optional like using a parameter, the bug_group_map table will not exist anymore.
Attached patch Enter new named group (obsolete) — Splinter Review
Now the backend to add a named group is running.
Attachment #186366 - Attachment is obsolete: true
Attachment #186632 - Flags: review?(bugreport)
The group-name edit function does not seem to work yet. Also, it seems to treat mandatory groups the same as shown groups. The edit_bug changes do not seem to be here yet, so it is hard to tell if this is going to be able to handle cases like "the bug is a security bug, but the current user is not in the security group and can see it because it is CC'd only" I'm not sure if these issues are managable with the current approach yet. Too skeletal to tell, I think.
Assignee: bugreport → gabriel
Status: ASSIGNED → NEW
(In reply to comment #29) > The group-name edit function does not seem to work yet. We'll have an updated patch up tomorrow. > The edit_bug changes do not seem to be here yet, Do you mean show_bug? > so it is hard to tell if this is going to be able to handle cases like "the > bug is a security bug, but the current user is not in the security group and > can see it because it is CC'd only Could you rephrase this? I wonder if you're concerned about the UI we're going to display in show_bug or something else.
Status: NEW → ASSIGNED
> > Do you mean show_bug? > yes > > Could you rephrase this? I wonder if you're concerned about the UI we're going > to display in show_bug or something else. yes. I am wondering how to best handle the show_bug UI.
Attached patch Named Groups (obsolete) — Splinter Review
The basic system works, you can enter, edit or delete named groups, and if the product has a named group set the bugs that belongs to the product have a selectbox with the named groups. Next Step: -Implement the verification user->bug->groups according to the named groups set; -Implement the verification when select the groups of a named group(if the select is redundant); -Implement the bug count for the named groups.
Attachment #186632 - Attachment is obsolete: true
Attachment #187153 - Flags: review?(bugreport)
Attachment #186366 - Flags: review?(kiko)
Attachment #186632 - Flags: review?(bugreport)
Comment on attachment 187153 [details] [diff] [review] Named Groups I only played with this for the moment.... Well. It fails with a "Cannot edit : no valid action was specified" error if I try to edit named groups on a product that does not yet have any named groups. The eror happens after the footer, so it might just be a code fall-through. Also, if I add a named group and try to edit it, I get a DBD::mysql::db selectcol_arrayref failed: Unknown column 'named_id' in 'where clause' [for Statement " SELECT count(bug_id) FROM bugs WHERE named_id = ?"] at /xxx/bugzilla/editnamedgroups.cgi line 94 it looks like you are missing some checksetup code for upgraders.
Attachment #187153 - Flags: review?(bugreport) → review-
Attached patch Basic system (obsolete) — Splinter Review
The basic systems works, plus with a help. Next step: - Validation bug system, and Group redundancy. - Show Bug count.
Attachment #187153 - Attachment is obsolete: true
Attachment #187289 - Flags: review?(bugreport)
Comment on attachment 187289 [details] [diff] [review] Basic system This fails if a site from tip is update to use this patch. You need to add code to create named_id in the bugs table in checksetup.
Attachment #187289 - Flags: review?(bugreport) → review-
Depends on: 298931
Attached patch Named group system (obsolete) — Splinter Review
The system works, with the redundant group selection verification for the named groups and the desired restrictions per user. The only thing that does not work is the showbugcounts in the list of named groups. I need a review asap cause this patch is getting bitrotted all the time..
Attachment #187289 - Attachment is obsolete: true
Attachment #190178 - Flags: review?(bugreport)
Comment on attachment 190178 [details] [diff] [review] Named group system I'll do a bit more inspection on this when I get a chance, but it offers group combinations ("Public View") that are not legal for a product with mandatory groups even if there is no named group permitting that combination. Process_bug does not comply with the illegal combination, but it should not be offered. Also, there does not seem to be a way to edit the "style" column.
Attachment #190178 - Flags: review?(bugreport) → review-
When a product has mandatory groups only the created named groups will appear as options at bug's named group selectbox. I believe that style field could be handle in other bug, if the bug 240086 be approved.
Attachment #190178 - Attachment is obsolete: true
Attachment #191251 - Flags: review?(bugreport)
Comment on attachment 191251 [details] [diff] [review] Don't display Public view when product had mandatory groups functions well, but it is customary to pass runtests :-( Also, I dont see any place where editnamedgroups checks to ensure that it is being called by an authorized user. Also, there are some w3c validation regressions on editproducts (missing TR) I'll continue to inspect this as well.
Attachment #191251 - Flags: review?(bugreport) → review-
Attached patch code updated version (obsolete) — Splinter Review
I updated the code a lot and the functionality remain the same.
Attachment #191251 - Attachment is obsolete: true
Attachment #192115 - Flags: review?(bugreport)
Comment on attachment 192115 [details] [diff] [review] code updated version OK, this time I'll focus mostly on some light testing. We don't need a special system group for this. Use editcomponents to restrict access to editnamedgroups. Function prototypes are being removed from all the code in another bug which should land bfore this does so please remove the function prototypes. Bitrotted already.... CGI.pl is gone I created a bug before "upgrading" to this patched version. Even though that bug was in a group, the acitivity log shows that, on my first edit, I changed it from PUBLIC (which is illegal for the product) to one of my named groups. editnamedgroups still has a validation problem. (a </p> where there is no <P> open ( <HR> closes an open <P> ) If I create a product with no group controls set, I still may want to name the "public" setting so that I can pick up styling from it later. The named group "public view" seems to be hard-coded somewhere. This should be just a named group that has no groups. If I have a product that allows ANYONE to submit a bug and has SHOWN/SHOWN for a group (so users can restrict bugs to that group even if they are not members of that group), a group member sees the named-group select list when creating a new bug. A non-member sees a checkbox instead of the select box. When you test the next patch, don't forget to try the DEFAULT/SHOWN and SHOWN/SHOWN combinations and similar scenarios.
Attachment #192115 - Flags: review?(bugreport) → review-
Attached patch v10-Bugs fixes (obsolete) — Splinter Review
Public Named Group isn't anymore hardcoded so, when users create bugs the named group selectbox start empty, the same happens with bugs with no named group setted(bugs that had been created before the named groups). As you select a named group the blank option dissapears. When the product has SHOWN/SHOWN or SHOWN/DEFAULT groups don't seem a good thing offer to a user the option to restrict the bug to a group that he don't belong too what may cause a self contamination(if the user check the checkbox he is not able to see or edit the bug), i made a "hack" to fix this when named groups are setted so only users that belongs to the group can see the selectbox with the named groups options.
Attachment #192115 - Attachment is obsolete: true
Attachment #192956 - Flags: review?(bugreport)
Attachment #192956 - Attachment is obsolete: true
Attachment #192956 - Flags: review?(bugreport)
Attached patch v10-fixed (obsolete) — Splinter Review
I Fix my mistake now when a group have SHOWN/SHOWN or SHOWN/DEFAULT controls, all users are able to restrict the bug to that group.
Attachment #192979 - Flags: review?(bugreport)
Comment on attachment 192979 [details] [diff] [review] v10-fixed I'm still focussing mostly on testing and this is not working smoothly. I did not even get as far as determining what happens when I have existing bugs and change the named group rules or group controls. I did this.... Created product with no groups Named “Very Public” for no groups Enter a new bug Group select shows choice of blank (selected) or “Very Public” not selected. Should have been “Very Public” is only option (probably just show it rather than putting it in a select box. Submitted with the “blank” selected and when bug was processed, named group stayed blank. It should have selected the named group that matched the actual settings. (Very Public) Subsequently changed bug to select Very Public. That changed the named group in the activity log and, correctly, did not change any corresponding groups. Added a product “likebmo” with a group called “secure” which is SHOWN/SHOWN but of which nobody is a member. Created a bug and set it to be secure. That works. Created a named group “secure” and another “open” for the new product. Redisplayed the already-entered bug. It had the blank field selected (should have been “secure”) Entered a new bug and selected secure. It was properly created, but it then offers me the option to select secure .vs. open when I edit the bug. When we use checkboxes, the options that I am not permitted to use are correctly not shown or, if already set, are greyed out. The named groups offer me the option of doing all sorts of things I am not permitted to do. ----------- I also took a quick look at the code... In User.pm, accessible_named_groups does not seem to have any docs nor does the named_groups() function in Product.pm Why use a constant DB_COLUMNS instead of just using a qw[] with a list for the columns?? It only seems to add another level of obfuscation. Also, what keeps the table name from becoming part of the key to the hash? I am a bit confused by the namedgroups BLOCK in the edit template. Does it take an argument?? How did the name attribute become simply “name” instead of having a ‘.’ Within the hash key?
Attachment #192979 - Flags: review?(bugreport) → review-
Attached patch v11-Works like group controls (obsolete) — Splinter Review
Now when the product has groups Shown/Shown Shown/Default Default/Default it works like the checkboxes work. The difference is when a user that doesn't belong to group open a bug and choose public the selectbox is disabled instead of disapear (in the checkbox way).
Attachment #192979 - Attachment is obsolete: true
Attachment #193848 - Flags: review?(bugreport)
Comment on attachment 193848 [details] [diff] [review] v11-Works like group controls This seems to work a lot better. I need to do a lot more testing and a more thorough reviews, but here's the beginning... Runtests fails because Bugzilla.pm wont compile. I'm not sure why this is. Bugzilla.pm: Constant subroutine Bugzilla::SHUTDOWNHTML_EXEMPT redefined at /home/perl/local/lib/5.8.0/constant.pm line 108. > # Steve Stock (sstock@iconnect-inc.com) >- > $dbh->bz_add_column('bugs', 'target_milestone', > {TYPE => 'varchar(20)', NOTNULL => 1, DEFAULT => "'---'"}); > $dbh->bz_add_column('bugs', 'qa_contact', {TYPE => 'INT3'}); >+$dbh->bz_add_column('bugs', 'named_id', >+ {TYPE => 'INT3'}); > $dbh->bz_add_column('bugs', 'status_whiteboard', > {TYPE => 'MEDIUMTEXT', NOTNULL => 1, DEFAULT => "''"}); This needs to be in at the end of the --TABLE-- seciton. When I change named group definitions, if I followed the sequence propely, the existing bugs may not always get the appropriate name setting. I need to try this some more. In any case, we probably need some type of sanitycheck. The queries for that will have to be written carefully so they don't take forever.
Comment on attachment 193848 [details] [diff] [review] v11-Works like group controls see previous comment. I'll keep testing in parallel tomorrow.
Attachment #193848 - Flags: review?(bugreport) → review-
Attached patch v11-fix No runtest errors (obsolete) — Splinter Review
I change the checksetup.pl and delete a line at NamedGroup.pm that call Bugzilla.pm that was causing runtests error. Sorry about that...
Attachment #193848 - Attachment is obsolete: true
Attachment #193939 - Flags: review?(bugreport)
Comment on attachment 193939 [details] [diff] [review] v11-fix No runtest errors >Index: editnamedgroups.cgi >=================================================================== >RCS file: editnamedgroups.cgi >diff -N editnamedgroups.cgi >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ editnamedgroups.cgi 26 Aug 2005 16:59:35 -0000 When named group definitions change, how do the individual bugs get update? >Index: enter_bug.cgi >=================================================================== >RCS file: /cvsroot/mozilla/webtools/bugzilla/enter_bug.cgi,v >retrieving revision 1.117 >diff -u -p -r1.117 enter_bug.cgi >--- enter_bug.cgi 25 Aug 2005 14:02:40 -0000 1.117 >+++ enter_bug.cgi 26 Aug 2005 16:59:39 -0000 >@@ -59,6 +59,9 @@ use vars qw( > $classdesc > ); > >+use Bugzilla::Product; >+use Bugzilla::Group; >+ > # If we're using bug groups to restrict bug entry, we need to know who the > # user is right from the start. > Bugzilla->login(LOGIN_REQUIRED) if AnyEntryGroups(); >@@ -576,6 +579,15 @@ while (MoreSQLData()) { > > push @groups, $group; > } >+my $action = 'create'; >+my $user = new Bugzilla::User($userid); Bugzilla->login should return this user object >+my $product_obj = new Bugzilla::Product($product_id); >+ >+my @accessible_named_groups = >+ $user->accessible_named_groups($product_obj, $action); >+ >+$vars->{'named_groups'} = \@accessible_named_groups >+ if scalar(@accessible_named_groups); > > $vars->{'group'} = \@groups; > >Index: post_bug.cgi >=================================================================== >RCS file: /cvsroot/mozilla/webtools/bugzilla/post_bug.cgi,v >retrieving revision 1.125 >+ >+foreach my $group (values %$group_controls) { >+ if ($group->{'membercontrol'} eq CONTROLMAPMANDATORY && >+ $group->{'othercontrol'} eq CONTROLMAPMANDATORY) { >+ $vars->{'mandatory_group'} = CONTROLMAPMANDATORY; >+ } >+} >+ What is this section doing? Is this for the showing of the bug just created? You only need to check memberscontrol for that. The mandatory_group variable never seems to get used anywhere. Add a few more comments please. >+ # Removes all groups from the bug and add the new ones. >+ my $named_group_groups = >+ Bugzilla::Group::get_groups_by_named_group($named_group); >+ @groupAdd = keys %$named_group_groups; >+ >+ if ($bug->{'named_id'}) { >+ my $named_group_groups_old = >+ Bugzilla::Group::get_groups_by_named_group($bug->{'named_id'}); >+ @groupDel = keys %$named_group_groups_old; >+ } Won't this cause all the groups that are common to both the old and new namedgroup to be both removed and added? >Index: Bugzilla/Bug.pm >=================================================================== >RCS file: /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Bug.pm,v >retrieving revision 1.92 >diff -u -p -r1.92 Bug.pm >--- Bugzilla/Bug.pm 23 Aug 2005 12:17:17 -0000 1.92 >+++ Bugzilla/Bug.pm 26 Aug 2005 16:59:44 -0000 >@@ -24,6 +24,7 @@ > # Dave Miller <justdave@bugzilla.org> > # Max Kanat-Alexander <mkanat@bugzilla.org> > # Frédéric Buclin <LpSolit@gmail.com> >+# Gabriel S. Oliveira <gabriel@async.com.br> > > package Bugzilla::Bug; > >@@ -45,6 +46,7 @@ use Bugzilla::FlagType; > use Bugzilla::User; > use Bugzilla::Util; > use Bugzilla::Error; >+use Bugzilla::Product; > > use base qw(Exporter); > @Bugzilla::Bug::EXPORT = qw( >@@ -77,7 +79,7 @@ sub fields { > bug_file_loc status_whiteboard keywords > priority bug_severity target_milestone > dependson blocked votes >- reporter assigned_to cc >+ reporter assigned_to cc named_id > ); > > if (Param('useqacontact')) { >@@ -172,7 +174,7 @@ sub initBug { > $dbh->sql_date_format('creation_ts', '%Y.%m.%d %H:%i') . ", > delta_ts, COALESCE(SUM(votes.vote_count), 0), > reporter_accessible, cclist_accessible, >- estimated_time, remaining_time, " . >+ estimated_time, remaining_time, named_id, " . > $dbh->sql_date_format('deadline', '%Y-%m-%d') . " > FROM bugs > LEFT JOIN votes >@@ -210,7 +212,8 @@ sub initBug { > "target_milestone", "qa_contact_id", "status_whiteboard", > "creation_ts", "delta_ts", "votes", > "reporter_accessible", "cclist_accessible", >- "estimated_time", "remaining_time", "deadline") >+ "estimated_time", "remaining_time", "named_id", >+ "deadline") > { > $fields{$field} = shift @row; > if (defined $fields{$field}) { >@@ -288,6 +291,21 @@ sub remove_from_db { > return $self; > } > >+# Update the groups that bug's belong by a named group change. >+ >+sub update_bug_named_group { >+ my $self = shift; >+ my ($named_group_id) = @_; >+ my $dbh = Bugzilla->dbh; >+ >+ my $bug_id = $self->{'bug_id'}; >+ >+ $dbh->do(q{UPDATE bugs SET named_id = ? WHERE bug_id = ?}, >+ undef, ($named_group_id, $bug_id)); >+ >+ return $self; >+} >+ > ##################################################################### > # Accessors > ##################################################################### >@@ -591,6 +609,42 @@ sub groups { > return $self->{'groups'}; > } > >+sub named_groups { >+ my $self = shift; >+ my $dbh = Bugzilla->dbh; >+ >+ return $self->{'named_groups'} if exists $self->{'named_groups'}; >+ return undef if $self->{'error'}; >+ >+ my $product = new Bugzilla::Product($self->{'product_id'}); >+ my @accessible_named_groups = >+ Bugzilla->user->accessible_named_groups($product); >+ my $bug_groups = $self->groups; >+ my @bug_groups_ids; >+ foreach my $group (@$bug_groups) { >+ push @bug_groups_ids, $group->{'bit'}; >+ } >+ >+ foreach my $named_group (@accessible_named_groups) { >+ my $named_group_groups = $named_group->groups; >+ >+ my @named_groups_ids = [keys %$named_group_groups]; >+ >+ if ($self->{'named_id'} == $named_group->named_id) { >+ $named_group->{'checked'} = 1; >+ } >+ elsif (!$self->{'named_id'} >+ && @bug_groups_ids eq @named_groups_ids) { >+ $named_group->{'checked'} = 1; >+ } >+ } >+ >+ $self->{'named_groups'} = \@accessible_named_groups >+ if scalar(@accessible_named_groups); >+ >+ return $self->{'named_groups'}; >+} >+ What does this routine do and how does it differ from accessible_named_groups ?? > >+sub get_bugs_by_named_group ($) { >+ my $named_id = shift; >+ my $dbh = Bugzilla->dbh; >+ my $vars = {}; >+ >+ unless (detaint_natural($named_id)) { >+ $vars->{'named_id'} = $named_id; >+ ThrowUserError("namedgroup_id_invalid", $vars); >+ } >+ my $bug_ids = $dbh->selectcol_arrayref(q{ >+ SELECT bug_id FROM bugs WHERE named_id = ?}, undef, $named_id); >+ >+ return $bug_ids; >+} >+ I dont think we want to get hundreds of thousands of bugs in one list. If this is just for a confirm-delete, use a count instead.
Attachment #193939 - Flags: review?(bugreport) → review-
One other thing. We need to have a way to sanitycheck and mass-update group names in the bugs table. If we take the example of a product with group controls A, B, and C possible (other than NA) and (1)open : none (2)foo : (100)A (3)bar : either (101)B or (A and B) (4)baz : (102)C We **should** be able to generate SQL to UDPATE bugs LEFT JOIN bug_group_map AS A ON bugs.id = A.bug_id AND A.group_id = 100 LEFT JOIN bug_group_map AS B ON bugs.id = B.bug_id AND B.group_id = 100 LEFT JOIN bug_group_map AS C ON bugs.id = C.bug_id AND C.group_id = 100 SET named_id = 1 WHERE A.bug_id IS NULL AND B.bug_id IS NULL AND C.bug_id IS NULL and the same for other combinations. Note that we do have to deal with the issue that "bar" is probably defined as B only but a bug that has both the A and B groups would also be "bar" (or we could identify that as an illegal condition and sanitycheck for it) We should might want to use the same logic within Bug.pm to load the named_id from the bug_group_map instead of trusting whatever is cached in the table.
(In reply to comment #49) > (From update of attachment 193939 [details] [diff] [review] [edit]) > > >Index: editnamedgroups.cgi > >=================================================================== > >RCS file: editnamedgroups.cgi > >diff -N editnamedgroups.cgi > >--- /dev/null 1 Jan 1970 00:00:00 -0000 > >+++ editnamedgroups.cgi 26 Aug 2005 16:59:35 -0000 > > > When named group definitions change, how do the individual bugs get update? The bugs are not updated in the actual code, i'm changing that. :( > > > > >Index: enter_bug.cgi > >=================================================================== > >RCS file: /cvsroot/mozilla/webtools/bugzilla/enter_bug.cgi,v > >retrieving revision 1.117 > >diff -u -p -r1.117 enter_bug.cgi > >--- enter_bug.cgi 25 Aug 2005 14:02:40 -0000 1.117 > >+++ enter_bug.cgi 26 Aug 2005 16:59:39 -0000 > >@@ -59,6 +59,9 @@ use vars qw( > > $classdesc > > ); > > > >+use Bugzilla::Product; > >+use Bugzilla::Group; > >+ > > # If we're using bug groups to restrict bug entry, we need to know who the > > # user is right from the start. > > Bugzilla->login(LOGIN_REQUIRED) if AnyEntryGroups(); > >@@ -576,6 +579,15 @@ while (MoreSQLData()) { > > > > push @groups, $group; > > } > >+my $action = 'create'; > >+my $user = new Bugzilla::User($userid); > > Bugzilla->login should return this user object I'll change that > > >+my $product_obj = new Bugzilla::Product($product_id); > >+ > >+my @accessible_named_groups = > >+ $user->accessible_named_groups($product_obj, $action); > >+ > >+$vars->{'named_groups'} = \@accessible_named_groups > >+ if scalar(@accessible_named_groups); > > > > $vars->{'group'} = \@groups; > > > >Index: post_bug.cgi > >=================================================================== > >RCS file: /cvsroot/mozilla/webtools/bugzilla/post_bug.cgi,v > >retrieving revision 1.125 > > >+ > >+foreach my $group (values %$group_controls) { > >+ if ($group->{'membercontrol'} eq CONTROLMAPMANDATORY && > >+ $group->{'othercontrol'} eq CONTROLMAPMANDATORY) { > >+ $vars->{'mandatory_group'} = CONTROLMAPMANDATORY; > >+ } > >+} > >+ > > What is this section doing? Is this for the showing of the bug just created? > You only need to check memberscontrol for that. The mandatory_group variable > never seems to get used anywhere. Add a few more comments please. Sorry this is trash from a older patch, it was to template automatic select named groups with mandatory groups unused now. > > > > >+ # Removes all groups from the bug and add the new ones. > >+ my $named_group_groups = > >+ Bugzilla::Group::get_groups_by_named_group($named_group); > >+ @groupAdd = keys %$named_group_groups; > >+ > >+ if ($bug->{'named_id'}) { > >+ my $named_group_groups_old = > >+ Bugzilla::Group::get_groups_by_named_group($bug->{'named_id'}); > >+ @groupDel = keys %$named_group_groups_old; > >+ } > > Won't this cause all the groups that are common to both the old and new > namedgroup to be both removed and added? Yeap, cause i think this is more quick then compare old and new named group groups > > >Index: Bugzilla/Bug.pm > >=================================================================== > >RCS file: /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Bug.pm,v > >retrieving revision 1.92 > >diff -u -p -r1.92 Bug.pm > >--- Bugzilla/Bug.pm 23 Aug 2005 12:17:17 -0000 1.92 > >+++ Bugzilla/Bug.pm 26 Aug 2005 16:59:44 -0000 > >@@ -24,6 +24,7 @@ > > # Dave Miller <justdave@bugzilla.org> > > # Max Kanat-Alexander <mkanat@bugzilla.org> > > # Frédéric Buclin <LpSolit@gmail.com> > >+# Gabriel S. Oliveira <gabriel@async.com.br> > > > > package Bugzilla::Bug; > > > >@@ -45,6 +46,7 @@ use Bugzilla::FlagType; > > use Bugzilla::User; > > use Bugzilla::Util; > > use Bugzilla::Error; > >+use Bugzilla::Product; > > > > use base qw(Exporter); > > @Bugzilla::Bug::EXPORT = qw( > >@@ -77,7 +79,7 @@ sub fields { > > bug_file_loc status_whiteboard keywords > > priority bug_severity target_milestone > > dependson blocked votes > >- reporter assigned_to cc > >+ reporter assigned_to cc named_id > > ); > > > > if (Param('useqacontact')) { > >@@ -172,7 +174,7 @@ sub initBug { > > $dbh->sql_date_format('creation_ts', '%Y.%m.%d %H:%i') . ", > > delta_ts, COALESCE(SUM(votes.vote_count), 0), > > reporter_accessible, cclist_accessible, > >- estimated_time, remaining_time, " . > >+ estimated_time, remaining_time, named_id, " . > > $dbh->sql_date_format('deadline', '%Y-%m-%d') . " > > FROM bugs > > LEFT JOIN votes > >@@ -210,7 +212,8 @@ sub initBug { > > "target_milestone", "qa_contact_id", "status_whiteboard", > > "creation_ts", "delta_ts", "votes", > > "reporter_accessible", "cclist_accessible", > >- "estimated_time", "remaining_time", "deadline") > >+ "estimated_time", "remaining_time", "named_id", > >+ "deadline") > > { > > $fields{$field} = shift @row; > > if (defined $fields{$field}) { > >@@ -288,6 +291,21 @@ sub remove_from_db { > > return $self; > > } > > > >+# Update the groups that bug's belong by a named group change. > >+ > >+sub update_bug_named_group { > >+ my $self = shift; > >+ my ($named_group_id) = @_; > >+ my $dbh = Bugzilla->dbh; > >+ > >+ my $bug_id = $self->{'bug_id'}; > >+ > >+ $dbh->do(q{UPDATE bugs SET named_id = ? WHERE bug_id = ?}, > >+ undef, ($named_group_id, $bug_id)); > >+ > >+ return $self; > >+} > >+ > > ##################################################################### > > # Accessors > > ##################################################################### > >@@ -591,6 +609,42 @@ sub groups { > > return $self->{'groups'}; > > } > > > >+sub named_groups { > >+ my $self = shift; > >+ my $dbh = Bugzilla->dbh; > >+ > >+ return $self->{'named_groups'} if exists $self->{'named_groups'}; > >+ return undef if $self->{'error'}; > >+ > >+ my $product = new Bugzilla::Product($self->{'product_id'}); > >+ my @accessible_named_groups = > >+ Bugzilla->user->accessible_named_groups($product); > >+ my $bug_groups = $self->groups; > >+ my @bug_groups_ids; > >+ foreach my $group (@$bug_groups) { > >+ push @bug_groups_ids, $group->{'bit'}; > >+ } > >+ > >+ foreach my $named_group (@accessible_named_groups) { > >+ my $named_group_groups = $named_group->groups; > >+ > >+ my @named_groups_ids = [keys %$named_group_groups]; > >+ > >+ if ($self->{'named_id'} == $named_group->named_id) { > >+ $named_group->{'checked'} = 1; > >+ } > >+ elsif (!$self->{'named_id'} > >+ && @bug_groups_ids eq @named_groups_ids) { > >+ $named_group->{'checked'} = 1; > >+ } > >+ } > >+ > >+ $self->{'named_groups'} = \@accessible_named_groups > >+ if scalar(@accessible_named_groups); > >+ > >+ return $self->{'named_groups'}; > >+} > >+ > > > What does this routine do and how does it differ from accessible_named_groups > ?? This Bugzilla::Bug Method is used to display the named group fiels at show_bug.cgi, he add a flag('checked') to the named group received from accessible_named_groups according the bug named_id or bug groups. > > > >+sub get_bugs_by_named_group ($) { > >+ my $named_id = shift; > >+ my $dbh = Bugzilla->dbh; > >+ my $vars = {}; > >+ > >+ unless (detaint_natural($named_id)) { > >+ $vars->{'named_id'} = $named_id; > >+ ThrowUserError("namedgroup_id_invalid", $vars); > >+ } > >+ my $bug_ids = $dbh->selectcol_arrayref(q{ > >+ SELECT bug_id FROM bugs WHERE named_id = ?}, undef, $named_id); > >+ > >+ return $bug_ids; > >+} > >+ > > I dont think we want to get hundreds of thousands of bugs in one list. If this > is just for a confirm-delete, use a count instead. Ok. > > > >
> > > > Won't this cause all the groups that are common to both the old and new > > namedgroup to be both removed and added? > > Yeap, cause i think this is more quick then compare old and new named group groups > I think you still need to do the compare or the activity log will be a real mess.
Attached patch v12-update bug groups (obsolete) — Splinter Review
I changed the structure that named group groups are changed, and added the sub update_bug_groups to change bug groups when changing named group groups. Now I'm working in a way to show all the group possibilities to admin when create named groups, i'm able to check just a pair of groups with sub is_redundant and mount a hash table with them, handle with this hash maybe be a mess... If you have some idea on how to do this check please tell me :)
Attachment #193939 - Attachment is obsolete: true
Attachment #195468 - Flags: review?(bugreport)
Comment on attachment 195468 [details] [diff] [review] v12-update bug groups I only looked for the mechanisms to update named groups. This still tries to pull a list of ALL bugs using a particular named group and then check them. That won't work when the list gets to be hundreds of thousands of bugs. You need to generate queries (generate SQL) that look for bugs that need to be changes and then either iterate through the results (fetching one number at a time) updating the bugs or else use a subselect. The SQL for the selection part of this needs to be something like.... SELECT bug_id FROM bugs LEFT JOIN bug_group_map AS bgm_group12 ON bugs.bug_id = bgm_group12.bug_id LEFT JOIN bug_group_map AS bgm_group15 ON bugs.bug_id = bgm_group15.bug_id WHERE bugs.named_id <> 3 AND (bgm_group12.bug_id IS NOT NULL AND bgm_group15.bug_id IS NULL) Assuming that bugs that are in group12 and not in group15 are required to be in named_id 3, this returns a list of bugs that need to be put in named_id 3. If we can rely on mysql versions that support subselects, you can actually do this using an UPDATE ... SELECT that sets the named_id to 3 for a list that need to be set to 3. This logic would need to go in the editnamedgroups cgi is well as in sanitycheck. A simpler version should figure out which named_id a bug should get as is is being processed. (processing should rely only on the group bits and then, after those are validated, assign the named_id based on them) I am still a bit concerned about the is_redundant approach because it does not know if group inheritence is changed AFTER the names are assigned. I would still prefer that the person running editnamedgroups identify the ditinction between groups that matter to an assignment and groups that are don't-cares for the assignemnt.
Attachment #195468 - Flags: review?(bugreport) → review-
The system checks if all possible product groups combinations are created in the Named Groups and filter by group hiearchy. I'm in doubt about the UI, have any suggestions ? Bugs to fix: 1- filter combinations when a mandatory group is setted 2- warning when deleting a product group that is in a product named group 3- update named group groups when change a group control to Mandatory/Mandatory 4- change the get_x_by_y .pm functions.
Attachment #195468 - Attachment is obsolete: true
Attachment #197748 - Flags: review?(bugreport)
Comment on attachment 197748 [details] [diff] [review] v13-possible group combinations admin warning getting closer... Runtest failed... not ok 133 - (en/default) template/en/default/admin/namedgroups/edit.html.tmpl has unfiltered directives: # 48: group.description FILTER # html # --ERROR Also, I had a bug that was not in any groups, but, after loading the bug, it had an incorrect group name. Like I commented earlier, we should have support for checking these in sanitycheck and figure them out from the bits as a bug is loaded. (only buglist should rely on the cached namedgroup and that cached namedgroup should be updated whenever we update group controls or named froup definitions for a product and it should be checked by sanitycheck)
Attachment #197748 - Flags: review?(bugreport) → review-
Bugs fixed. Is the sanitycheck good?
Attachment #197748 - Attachment is obsolete: true
Attachment #197882 - Flags: review?(bugreport)
See comment 54. Sanitycheck should check for bugs where the group in the bugs table does not match the bug_group_map. That can be done in one SQL statement per named_id to identify bugs that have that named_id but do not meet the criteria plus one per named_id to identify bugs that do meet the criteria but do nto have the named_id. Whenever group controls or name definitions are changed, you want to use the same SQL, but you act on the result rather than just reporting it.
Attached patch v14: all sanity checks (obsolete) — Splinter Review
Attachment #197918 - Flags: review?(bugreport)
Attachment #197882 - Attachment is obsolete: true
Attachment #197882 - Flags: review?(bugreport)
Comment on attachment 197918 [details] [diff] [review] v14: all sanity checks This still updates bug groups for entire named groups based on the named group. That is the opposite of what we should be doing. The group name is NEVER the authoritative thing for security purposes. The only reason it exists in the bugs table at all is so that buglists can style based on it. Any other time, (security checks, policy checks, loading a bug, etc...) we look at a single bug's bug_group_map settings and infer the group name. When a named group is redefined, we don't change anything in bug_group_map. Rather, we must re-evaluate the bugs that think they have that named_id to determine if they need to be reclassified into a differrent named_id and we query for bugs that meet the criteria for that named_id but do not currently have that named_id. Those two queries should be 100% shared with what Sanitycheck needs to do to detect any cases where there is a mismatch.
Attachment #197918 - Flags: review?(bugreport) → review-
Attached patch v14-improvements (obsolete) — Splinter Review
We now have: -Auto-update when creating a named group to fit bugs with matching group combination. -Sanitycheck for bugs without named groups and an option to fix it. -Sanitycheck for bugs with wrong named group set I have to work in a fine way to fix the bugs with wrong named groups and perform a verification when groups inheritance was changed. The possible group combinations stuff on editnamedgroups.cgi is good on that way? O_o
Attachment #199352 - Flags: review?(bugreport)
Attached patch v14-unbitroted (obsolete) — Splinter Review
last version got bitroted by a lot of bug checkins
Attachment #199352 - Attachment is obsolete: true
Attachment #200082 - Flags: review?(bugreport)
Attachment #199352 - Flags: review?(bugreport)
Attachment #200082 - Attachment is obsolete: true
Attachment #200082 - Flags: review?(bugreport)
Attached patch v14-fix (obsolete) — Splinter Review
v14-fix
Attachment #200770 - Flags: review?(bugreport)
Attached patch v15 - sanity checks fix (obsolete) — Splinter Review
Fixes for the sanity checks errors.
Attachment #197918 - Attachment is obsolete: true
Attachment #200770 - Attachment is obsolete: true
Attachment #201771 - Flags: review?(bugreport)
Attachment #200770 - Flags: review?(bugreport)
Whiteboard: [patch awaiting review]
Target Milestone: Bugzilla 2.22 → Bugzilla 2.24
Comment on attachment 201771 [details] [diff] [review] v15 - sanity checks fix Hrm, how do we manage to let these kind of goodies expire? This no longer applies to the trunk cleanly. It can probably be updated with minimal effort to apply to the trunk cleanly again. If someone cleans it up, I'll make the time to do a review on it.
Attachment #201771 - Flags: review?(bugreport) → review-
Whiteboard: [patch awaiting review]
QA Contact: mattyt-bugzilla → default-qa
Attached patch v16-unbitrot (obsolete) — Splinter Review
It is a big patch :/ thanks for the interest vladd ;)
Attachment #201771 - Attachment is obsolete: true
Attachment #230571 - Flags: review?(vladd)
Comment on attachment 230571 [details] [diff] [review] v16-unbitrot Review is theoretically scheduled at the end of this week but things could pop up. Frederic - could you help here with some review by any chance?
Attachment #230571 - Flags: review?(LpSolit)
This is a huge patch. I will need some time to understand what joel wants and how gbel implements it, and read all comments to see if I miss something. Security bugs and QA tests have higher priority, so do not expect any review from me before the next set of releases (which should happen in September).
Okay, I've read most of this bug and I have some comments: 1) I don't understand what this bug is trying to do that can't currently be done with our normal groups system, other than just having the UI be different. 2) It seems like this whole bug is trying to solve the fact that we have AND groups when we should have OR groups. At some point I was planning to restructure the entire permissions system to work this way: 1) All bugs are *denied* by default. 2) You may only access a bug if you are in a group that has access to it. 3) There is a group called called "Everybody" that always includes everybody. 4) You may access a bug if you are in *any* of its groups. (OR groups) Does that solve the problem posed in this bug? I can't really understand, because the summary just wants a new UI. I think a new UI is sensible; I don't understand why we're going into all this complexity inside this bug.
Perhaps we need to take the necessary design discussion to the mailing list or newsgroup - this bug is pretty long already. But I think the current permissions system has two features which make it really hard for people to understand, and which lead to a lot of support questions. They are the AND rather than OR nature of it, and the Mandatory/Allowed/etc. system. I'd support any change which looked to improve the situation in these two respects. Gerv
If we move from the AND to OR logic, we will have to be *very* careful about current installations. This could make the upgrade really difficult.
(In reply to comment #71) > If we move from the AND to OR logic, we will have to be *very* careful about > current installations. This could make the upgrade really difficult. Yeah. That discussion and patch would happen in a different bug. After all, the summary of this bug is just a UI change...
Comment on attachment 230571 [details] [diff] [review] v16-unbitrot pushing this one out of my radar for now.
Attachment #230571 - Flags: review?(LpSolit)
This bug is retargetted to Bugzilla 3.2 for one of the following reasons: - it has no assignee (except the default one) - we don't expect someone to fix it in the next two weeks (i.e. before we freeze the trunk to prepare Bugzilla 3.0 RC1) - it's not a blocker If you are working on this bug and you think you will be able to submit a patch in the next two weeks, retarget this bug to 3.0. If this bug is something you would like to see implemented in 3.0 but you are not a developer or you don't think you will be able to fix this bug yourself in the next two weeks, please *do not* retarget this bug. If you think this bug should absolutely be fixed before we release 3.0, either ask on IRC or use the "blocking3.0 flag".
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
Comment on attachment 230571 [details] [diff] [review] v16-unbitrot Highly bitrotten.
Attachment #230571 - Attachment is obsolete: true
Attachment #230571 - Flags: review?(vladd)
Bugzilla 3.2 is now frozen. Only enhancements blocking 3.2 or specifically approved for 3.2 may be checked in to the 3.2 branch. If you would like to nominate your enhancement for Bugzilla 3.2, set "blocking3.2" tp "?", and either the target milestone will be changed back, or the blocking3.2 flag will be granted, if we will accept this enhancement for Bugzilla 3.2.
Target Milestone: Bugzilla 3.2 → Bugzilla 4.0
Assignee: gabriel.sales → administration
Status: ASSIGNED → NEW
We are going to branch for Bugzilla 4.4 next week and this bug is either too invasive to be accepted for 4.4 at this point or shows no recent activity. The target milestone is reset and will be set again *only* when a patch is attached and approved. I ask the assignee to reassign the bug to the default assignee if you don't plan to work on this bug in the near future, to make it clearer which bugs should be fixed by someone else.
Target Milestone: Bugzilla 4.4 → ---
We've now implemented OR groups, which as comment 69 suggests, may well make this scenario much easier. If there's still more to do here, extract it and file a new bug. Gerv
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: