Closed Bug 365267 Opened 19 years ago Closed 16 years ago

attachment.cgi should not be editable when the user is not logged in

Categories

(Bugzilla :: Attachments & Requests, enhancement, P2)

Product:
Bugzilla
Component:
Attachments & Requests
Version:
2.23.3
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.6

People

(Reporter: timeless, Assigned: LpSolit)

References

(
URL
)

Details

Attachments

(3 files, 3 obsolete files)

screenshot for logged out or unprivileged users
17.48 KB, image/png
Details
small font on the noneditable page
56.40 KB, image/png
Details
patch, v3
14.48 KB, patch
guy.pyrzak
: review+
Details | Diff | Splinter Review
precondition: log out! <https://bugzilla.mozilla.org/relogin.cgi> if show_bug.cgi is readonly when i'm not logged in why is attachment.cgi editable when i'm not logged in? lpsolit says: because attachment.cgi doesn't use Bug::check_can_change_field
Severity: normal → enhancement
OS: Windows XP → All
Hardware: PC → All
Summary: why is attachment.cgi editable when i'm not logged in? → attachment.cgi should not be editable when the user is not logged in
Keywords: ue
not sure why this is a UE thing, seems like a normal bug.
Keywords: ue
Priority: -- → P2
Target Milestone: --- → Bugzilla 4.0
Keep bug 219021 in mind when fixing this bug.
Blocks: 476603
Depends on: 477662
No longer blocks: 476603
Attached patch patch, v0.9 (obsolete) — Splinter Review
In this patch, you will notice that I added the creator of the attachment, i.e. it contains what I want to implement in bug 442258. So if you review this patch first, there is no need to review bug 442258 as it will be fixed by this bug.
Assignee: attach-and-request → LpSolit
Status: NEW → ASSIGNED
Attachment #403300 - Flags: review?(guy.pyrzak)
Target Milestone: Bugzilla 4.0 → Bugzilla 3.6
Here, you have a screenshot of how the Details page appears to logged out users and to users with not enough privs to edit attachment attributes. The UI is unchanged if you have enough privs to edit attachment attributes. The comment box is always editable as everybody can comment.
everyone can comment on an attachment when not logged in but the same isn't expected of bugs? I didn't think we allowed anonymous comments.
Attachment #403300 - Flags: review?(guy.pyrzak) → review-
Comment on attachment 403300 [details] [diff] [review] patch, v0.9 1. Don't use <br/> for formatting use divs, they can be styled. 2. Add classes to the divs so that someone could style them or at least add it to the container. 3. it looks like you are only changing the type in most of these if else statements. You should put probably just use one else if set an "input_type" variable and use that over and over. It'll make cleaner code IMO. 4. Shouldn't Creator be a term, just a question not a requirement. 5.
(In reply to comment #5) > everyone can comment on an attachment when not logged in but the same isn't > expected of bugs? I didn't think we allowed anonymous comments. Anonymous comments are not allowed. When you submit it, you will have to log in. (In reply to comment #6) > 3. it looks like you are only changing the type in most of these if else > statements. You should put probably just use one else if set an "input_type" > variable and use that over and over. It'll make cleaner code IMO. This won't work. Not only the type changes, but you also have to put the data plain text when not allowed to edit the attachment. So it makes the code harder to read IMO. > 4. Shouldn't Creator be a term, just a question not a requirement. No, I don't think that's useful.
Attached patch patch, v2 (obsolete) — Splinter Review
No longer use <br> nor <b> nor <small>. Everything has been moved into CSS. Tested successfully on IE 6, IE 8, Firefox, Safari, Opera, Google Chrome and Konqueror.
Attachment #403300 - Attachment is obsolete: true
Attachment #403302 - Attachment is obsolete: true
Attachment #403559 - Flags: review?(guy.pyrzak)
Blocks: 442258
Attached patch patch, v2.1 (obsolete) — Splinter Review
Removed bitrot due to bug 509053.
Attachment #403559 - Attachment is obsolete: true
Attachment #404531 - Flags: review?(guy.pyrzak)
Attachment #403559 - Flags: review?(guy.pyrzak)
Attachment #403302 - Attachment is obsolete: false
Comment on attachment 404531 [details] [diff] [review] patch, v2.1 patch itself is ok. I've got some issues with the way you repeat code in the blocks. Font size is 10px on the page which is super small. see attachment
Attachment #404531 - Flags: review?(guy.pyrzak) → review-
Attachment #408023 - Attachment mime type: application/octet-stream → application/image
Attachment #408023 - Attachment mime type: application/image → image/png
remove font-size:smaller that's what is making the font so small
Attached patch patch, v3Splinter Review
I fixed all you said.
Attachment #404531 - Attachment is obsolete: true
Attachment #408046 - Flags: review?(guy.pyrzak)
Attachment #408046 - Flags: review?(guy.pyrzak) → review+
Flags: approval?
Flags: approval? → approval+
Checking in skins/standard/create_attachment.css; /cvsroot/mozilla/webtools/bugzilla/skins/standard/create_attachment.css,v <-- create_attachment.css new revision: 1.3; previous revision: 1.2 done Checking in skins/standard/global.css; /cvsroot/mozilla/webtools/bugzilla/skins/standard/global.css,v <-- global.css new revision: 1.68; previous revision: 1.67 done Checking in template/en/default/filterexceptions.pl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/filterexceptions.pl,v <-- filterexceptions.pl new revision: 1.130; previous revision: 1.129 done Checking in template/en/default/attachment/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/attachment/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.63; previous revision: 1.62 done Checking in template/en/default/attachment/show-multiple.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/attachment/show-multiple.html.tmpl,v <-- show-multiple.html.tmpl new revision: 1.27; previous revision: 1.26 done Checking in template/en/default/flag/list.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/flag/list.html.tmpl,v <-- list.html.tmpl new revision: 1.38; previous revision: 1.37 done Checking in template/en/default/global/textarea.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/global/textarea.html.tmpl,v <-- textarea.html.tmpl new revision: 1.4; previous revision: 1.3 done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Keywords: relnote
Added to the release notes in bug 547466.
Keywords: relnote
Blocks: 577881
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: