Closed Bug 353768 Opened 19 years ago Closed 19 years ago

"editcomponents" group is not appropriate for editvalues.cgi (Field Values)

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Version:
2.22
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.0

People

(Reporter: bigstijn, Assigned: LpSolit)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

patch, v1
692 bytes, patch
mkanat
: review+
Details | Diff | Splinter Review
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Build Identifier: Bugzilla 2.22 If someone has (need for) editcomponents (eg. because he maintains a product), he has also the right to edit Field Values (editvalues.cgi). Changing field values has effect on the whole installation. Sometimes, you want to give people access to the components of their product, but not to the field values. Reproducible: Always
So, I would suggest to have a seperate group for "editvalues". (and to rename the group editcomponents to editproducts )
I don't think we want a new group. We could use an existing one, e.g. tweakparams or admin. But I agree that editcomponents privs are not appropriate here.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: unspecified → 2.22
Yeah, perhaps we should make it admin. That would make more sense.
Summary: new group for Field values - editcomponents group should only affect product related components → "editcomponents" group is not appropriate for editvalues.cgi (Field Values)
Target Milestone: --- → Bugzilla 3.0
(In reply to comment #3) > Yeah, perhaps we should make it admin. That would make more sense. > I agree. Especially now that editfields.cgi requires admin privs too. We would at least be consistent. Go for it!
Attached patch patch, v1Splinter Review
Assignee: administration → LpSolit
Status: NEW → ASSIGNED
Attachment #239821 - Flags: review?(mkanat)
Comment on attachment 239821 [details] [diff] [review] patch, v1 Looks good to me!
Attachment #239821 - Flags: review?(mkanat) → review+
Flags: approval?
Keywords: relnote
Flags: approval? → approval+
Checking in editvalues.cgi; /cvsroot/mozilla/webtools/bugzilla/editvalues.cgi,v <-- editvalues.cgi new revision: 1.18; previous revision: 1.17 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Blocks: 357690
Blocks: 365767
Added to the release notes on bug 255155.
Keywords: relnote
The correct bug number for those release notes is actually bug 349423.
Hmm :-( On b.m.o., it would be nice to give e.g. a Thunderbird person "editvalues" so they can add new release values to the custom tracking fields, without giving them full admin access to the entire installation. So I was sad to find this bug :-( Could we reconsider the idea of a separate group? Or how else would you solve the problem above? Gerv
See bug 365767.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: