User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 Bugzilla 2.20 A user who is not a member of editusers but who does have the permission to bless other group members does not seem to be able to pass that capability on to other users. All they can do is add/remove users to/from the group. Isn't the check that the user be in editusers at line 66 of edit.html.tmpl too restrictive? Shouldn't Bugzilla->user->can_bless() be taken into consideration as well? Or have I totally misunderstood the use of editusers and blessing? What I want to do is create a Project Admin who can then create other co-admins for a project without allowing any of them access to modify every user of every project. Reproducible: Always Steps to Reproduce: 1. Create a non-admin user and give them the ability to bless other users in a group 2. Log in as the user and edit another user in the group 3. Try to grant the "Bless" capability to that user. Actual Results: There is no "Can set these bits for other users" checkbox, only a group membership checkbox so it is not possible to pass on the ability to Bless users. Expected Results: I expected there to be a checkbox to allow the user to set the blessing and group membership permissions of other group members.
This is the desired behavior, and I can't see a reason to change that. It's a separate level of permission. A better fix would be to make editusers not allow you to put people in groups they aren't themselves members (or grantors) of (unless they also have admin). I think we already have a bug on that somewhere.
Guess I don't understand, group membership isn't the issue I don't think. The problem is that a group member with "Bless" permission can't seem to bless another group member so that member also has permission to bless.
That's correct, because they weren't given permission to grant that. That's what editusers is (at least the way it was designed anyhow)
So "Blessing" is no more than the ability to add people to your group?
(In reply to comment #4) > So "Blessing" is no more than the ability to add people to your group? > Correct.
And talking about this, I see no reason to not implement this feature. I consider it as a valid one.
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Created attachment 801731 [details] [diff] [review] Patch-v1
Assignee: administration → joshi_sunil
Status: NEW → ASSIGNED
Dave: I want your opinion on this feature, as the official upstream project administrator. Putting my Red Hat hat on for a moment, there is absolutely no way I would want blessed members to bless other users. I would be happy if this was (yet another) param that can be set on a per installation basis (even if the default is on), or not accepting the patch at all. Do you agree with me?
I don't think the existing bless privilege is intended to allow granting blues privileges, and I don't think it should, either. I could see adding a new privilege to explicitly grant that, but it seems like the UI would get really complicated...
Based on Dave's and my comments, I'm marking this bug as wontfix.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
I didn't necessarily say we should WONTFIX it, but it does need some serious thought into the UI first if we do it.
You need to log in before you can comment on or make changes to this bug.