Open Bug 327267 Opened 18 years ago Updated 15 years ago

Let the reporter comment in his own bugs, even when CANEDIT is on

Categories

(Bugzilla :: Creating/Changing Bugs, enhancement)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Version:
2.20
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

People

(Reporter: emmanuel, Unassigned)

Details

Trying to tighten up security on my Bugzilla installation, I added a group for each product in the database and activated canedit for each product on the matching group. As described in the Bugzilla documentation, anybody not belonging to that group can no longer change the bug, even to add comments, not even the reporter.

Isn't this too strong a restriction? I certainly never expected the reporter to be unable to add comments any more. Any chance we can change this?
Maybe should we relax this restriction a bit and allow people to add comments, and only add comments. joel?
I certainly would not want to permit anyone who can read the bug to comment, but the usual application of this would have had the same restrictions for ENTRY as CANEDIT so it would be OK to let the reporter do something.

I think bugzilla needs to increase the permissions not decrease them. The best solution would be the creation of finer grained ACLs.
(In reply to comment #3)
> I think bugzilla needs to increase the permissions not decrease them. The best
> solution would be the creation of finer grained ACLs.
> 

Bugzilla cleary doesn't need to increase permissions. Most people already have too much permissions, see bug 90619.
I suggest wontfix for this bugs since per-product editbugs are implemented in 3.0 - which was probably what the reporter wanted.
I don't think it's WONTFIX. As I read it, the point is to let the reporter comment in his own bugs in all cases, which is a valid RFE.
Severity: normal → enhancement
Summary: canedit restrictions are too tight → Let the reporter comment in his own bugs, even when CANEDIT is on
Ok, then probably this bug should depend on bug 372017 ?
(In reply to comment #7)
> Ok, then probably this bug should depend on bug 372017 ?

Hum, no, I don't see why. We don't *need* field-level security to relax what this RFE asks about.
I was more thinking about having "always allow reporter to change this field" as a property of field-level security.
(In reply to comment #6)
> I don't think it's WONTFIX. As I read it, the point is to let the reporter
> comment in his own bugs in all cases, which is a valid RFE.

That sounds about right (I'ld also expect the reporter to always be able to close his bug NOTABUG but that sounds non-trivial).
You need to log in before you can comment on or make changes to this bug.