294655 - It is not possible to enter a bug on many installations of Bugzilla 2.16.9

Status: RESOLVED FIXED

(Bugzilla :: Creating/Changing Bugs, defect, P1)

Description

[Alexis Sukrieh]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)

When applying the 287109's patch on a fresh 2.16.9 installation, whcih uses a
database created for a 2.16.7 bugzilla, with no groups, it's impossible to enter
a new bug.

enter_bug.cgi says: Sorry, either this product does not exist, or you don't have
the required permissions to enter a bug against that product.

The user I use here is the admin and is the owner of one Product and one component.

Reproducible: Always

Steps to Reproduce:
1. use a old bugzilla 2.16.7 databse with nothing inside but one component and
one product, no groups.
2. log in as admin
3. click on the enter_bug.cgi link named "New"

Actual Results:  
Permission Denied
	  	
Sorry, either this product does not exist, or you don't have the required
permissions to enter a bug against that product.

Expected Results:  
The user should be able to fill a bug against the product he owns.

Comment 1

[Frédéric Buclin]

I try to reproduce on landfill, see http://landfill.mozilla.org/bz287109/

Comment 2

[Frédéric Buclin]

Bug confirmed! My fault!

There is no blocking2.16.10 flag so using the old one.

Comment 3

[Dave Miller [:justdave]]

Bah.  On the up-side, the fact that it took a week for anyone to report
something of this magnitude is probably a testament to how few people are still
using 2.16.x :)

Comment 4

[Max Kanat-Alexander]

(In reply to comment #3)
> Bah.  On the up-side, the fact that it took a week for anyone to report
> something of this magnitude is probably a testament to how few people are still
> using 2.16.x :)

  Yeah. We had one other actual user report it a few days before on the webtools
list, but he had some other problem with his report, so we weren't certain it
was actually a bug. :-)

  And the funny thing is that it's not even an actual 2.16 user who reports this
one, but the Debian packager. :-D So hopefully not too many people have run into
this.

Comment 5

[Frédéric Buclin]

Attachment: patch, v1

I have installed a 2.16.9 copy. All tests are successful.

Comment 6

[Max Kanat-Alexander]

Comment on attachment 183968 [details] [diff] [review]
patch, v1

Yes, this looks correct to me, LpSolit says he's tested it extensively, and my
testing on landfill proves that I *can* reproduce the bug without the patch,
and *cannot* reproduce the bug with the patch.

Comment 7

[Frédéric Buclin]

2.16.9:

Checking in globals.pl;
/cvsroot/mozilla/webtools/bugzilla/globals.pl,v  <--  globals.pl
new revision: 1.169.2.28; previous revision: 1.169.2.27
done

Comment 8

[Stephen Lee]

(In reply to comment #3)
> ... probably a testament to how few people are still using 2.16.x :)

OTOH, the people who ARE still using 2.16.x are gonna be the very same people 
who don't immediately jump to upgrade the moment a new release is available (or 
are otherwise prevented from doing so). Especially given the relatively low 
importance of the security fixes in the last update.