Closed
Bug 256668
Opened 20 years ago
Closed 20 years ago
the users who are not administrators can see the users
Categories
(Bugzilla :: Administration, task)
Tracking
()
VERIFIED
INVALID
People
(Reporter: jchao, Assigned: justdave)
Details
Attachments
(2 files)
screen shot
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; YComp 5.0.2.6; Hotbar 4.5.1.0)
Build Identifier:
bugzilla 2.17.3
the accounts created by bugzilla server administrator can see the link 'users'
after login,
normal users should not see the 'users' link,only server administrator can see
this link
Reproducible: Always
Steps to Reproduce:
1.with 2.17.3 ,create and user account
2.log in with the newly created user account
3.
Actual Results:
the newly created login can see 'users' link
Expected Results:
the newly created login should not see the 'users' link
|
||
Comment 1•20 years ago
|
||
This bug's patch seems to have broken my Thunderbird (Win32/MingW/cygwin) and
(Fedora Core2 w/kernel 2.6.8.1).
The other option is Bug #256688
|
|
||
Comment 2•20 years ago
|
||
Please ignore comment #1 as build problems are fixed in Bug #256688
|
Assignee | |
Comment 3•20 years ago
|
||
I can't reproduce this in any version of Bugzilla. You must have something set
in your group regexps that cause users to be added to the editusers group or to
bless privileges for some group.
If you're still experiencing this, please post to mozilla-webtools for
assistance tracking it down. See http://www.bugzilla.org/support/
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
|
Reporter | |
Comment 4•20 years ago
|
||
I've setup 2 servers,one is on redhat linux 7.3,one is on redhat linux 9.0
I followed the same process,I am going to upload 2 screen shots for this bug
this user is configured to access 2 of the projects(no privilege to edit
users,but he can see the user hyper link)on linux 9.0,no such problem
also,on linux 7.3,the user can be deleted , on linux 9.0 there is no 'delete'
hyper link in the edit user screens
I'd like to offer more info to reproduce this problem,let me know what kind of
info is helpful
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
|
|
Reporter | |
Comment 5•20 years ago
|
||
this user is configured to see only 2 projects,but somehow he can see the user
link
|
|
Assignee | |
Comment 6•20 years ago
|
||
Please go to that user's preferences and click on the permissions tab, then past
the results here.
As for the delete link, that's a parameter you can set on editparams.cgi. You
have it turned on on one system and don't on the other.
|
|
Reporter | |
Comment 7•20 years ago
|
||
this is a screen shot describes that the user should only can access 2 projects
and can not edit users
also,on linux 9.0,once a guy applied an account,he/she can access all projects
handled by the server
|
|
Assignee | |
Comment 8•20 years ago
|
||
(In reply to comment #7)
> also,on linux 9.0,once a guy applied an account,he/she can access all projects
> handled by the server
This is going to be the user regexp on a group somewhere. A group (or more than
one) that has access to other stuff has a regexp that puts everyone (or at least
that user) into the group.
|
|
Reporter | |
Comment 9•20 years ago
|
||
You have the following permission bits set on your account:
editbugs Can edit all aspects of any bug.
Foxtel Cricket Access to bugs in the Foxtel Cricket product
Foxtel weather Access to bugs in the Foxtel weather product
And you can turn on or off the following bits for other users:
Foxtel Cricket Access to bugs in the Foxtel Cricket product
Foxtel weather Access to bugs in the Foxtel weather product
dave this is the output,seems not a bug,but a config issue,however I used the
same tar ball,I did not remember I turned this option on or off,I just need to
edit the editparams.cgi ? or do I need to re-install the server?
|
|
Assignee | |
Comment 10•20 years ago
|
||
(In reply to comment #9)
> You have the following permission bits set on your account:
> And you can turn on or off the following bits for other users:
>
> Foxtel Cricket Access to bugs in the Foxtel Cricket product
> Foxtel weather Access to bugs in the Foxtel weather product
^^^^ this right here is why they can see the users link. You have to edit users
to be able to turn bits on or off for them. This is the first column when you
edit that user (can grant access to this group). If you don't want them to be
able to see the users link, remove the grant checkboxes from all of the groups
when viewing them in edituser.cgi.
> dave this is the output,seems not a bug,but a config issue,however I used the
> same tar ball,I did not remember I turned this option on or off,I just need to
> edit the editparams.cgi ? or do I need to re-install the server?
You can just visit editparams.cgi from the web, using the admin account, and
turn that param back off. ('allowuserdelete')
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 11•20 years ago
|
||
verified with dave's comments/feedback and bugzilla 2.17.3
Status: RESOLVED → VERIFIED
|
|
Reporter | |
Comment 12•20 years ago
|
||
regarding comments 8
I did not find anywhere to control the users to access which products while
I've set makeproductgroups and useentrygroupdefault to on from off
|
|
Reporter | |
Comment 13•20 years ago
|
||
I've found the answer,it is in groups setting,thanks
|
||
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•