"editcomponents" group is not appropriate for editvalues.cgi (Field Values)

RESOLVED FIXED in Bugzilla 3.0

Status

()

Bugzilla
Administration
--
enhancement
RESOLVED FIXED
11 years ago
8 years ago

People

(Reporter: bigstijn, Assigned: Frédéric Buclin)

Tracking

(Blocks: 1 bug)

2.22
Bugzilla 3.0
Dependency tree / graph
Bug Flags:
approval +

Details

Attachments

(1 attachment)

692 bytes, patch
Max Kanat-Alexander
: review+
Details | Diff | Splinter Review
(Reporter)

Description

11 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Build Identifier: Bugzilla 2.22

If someone has (need for) editcomponents (eg. because he maintains a product), he has also the right to  edit Field Values (editvalues.cgi).

Changing field values has effect on the whole installation.  Sometimes, you want to give people access to the components of their product, but not to the field values.

Reproducible: Always
(Reporter)

Comment 1

11 years ago
So, I would suggest to have a seperate group for "editvalues".

(and to rename the group editcomponents to editproducts )
(Assignee)

Comment 2

11 years ago
I don't think we want a new group. We could use an existing one, e.g. tweakparams or admin. But I agree that editcomponents privs are not appropriate here.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: unspecified → 2.22

Comment 3

11 years ago
Yeah, perhaps we should make it admin. That would make more sense.
Summary: new group for Field values - editcomponents group should only affect product related components → "editcomponents" group is not appropriate for editvalues.cgi (Field Values)
Target Milestone: --- → Bugzilla 3.0
(Assignee)

Comment 4

11 years ago
(In reply to comment #3)
> Yeah, perhaps we should make it admin. That would make more sense.
> 

I agree. Especially now that editfields.cgi requires admin privs too. We would at least be consistent. Go for it!
(Assignee)

Comment 5

11 years ago
Created attachment 239821 [details] [diff] [review]
patch, v1
Assignee: administration → LpSolit
Status: NEW → ASSIGNED
Attachment #239821 - Flags: review?(mkanat)

Comment 6

11 years ago
Comment on attachment 239821 [details] [diff] [review]
patch, v1

Looks good to me!
Attachment #239821 - Flags: review?(mkanat) → review+

Updated

11 years ago
Flags: approval?
Keywords: relnote
Flags: approval? → approval+
(Assignee)

Comment 7

11 years ago
Checking in editvalues.cgi;
/cvsroot/mozilla/webtools/bugzilla/editvalues.cgi,v  <--  editvalues.cgi
new revision: 1.18; previous revision: 1.17
done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
(Reporter)

Updated

11 years ago
Blocks: 357690
(Assignee)

Updated

11 years ago
Blocks: 365767

Comment 8

11 years ago
Added to the release notes on bug 255155.
Keywords: relnote

Comment 9

11 years ago
The correct bug number for those release notes is actually bug 349423.
Hmm :-( On b.m.o., it would be nice to give e.g. a Thunderbird person "editvalues" so they can add new release values to the custom tracking fields, without giving them full admin access to the entire installation. So I was sad to find this bug :-(

Could we reconsider the idea of a separate group? Or how else would you solve the problem above?

Gerv
(Assignee)

Comment 11

8 years ago
See bug 365767.
You need to log in before you can comment on or make changes to this bug.