Guided bug entry creates public bugs. Expected it to have same group membership defaults as using non-guided method.

RESOLVED FIXED in Bugzilla 4.0

Status

()

defect
--
minor
RESOLVED FIXED
11 years ago
8 years ago

People

(Reporter: eirens, Assigned: mkanat)

Tracking

unspecified
Bugzilla 4.0
Bug Flags:
approval +
approval4.2 +
approval4.0 +

Details

Attachments

(2 attachments, 2 obsolete attachments)

Reporter

Description

11 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1
Build Identifier: 

Guided bug entry creates public bugs. Expected it to have same group membership defaults as using non-guided method.

It looks like bugs created using the guided bug entry form are always created with no group memberships, making them public. I'd like such bugs to have the same defaults as if I hadn't used the guided method to create them. For the we way we have our Bugzilla products/groups set up, this implies membership in the product's group.

Reproducible: Always

Steps to Reproduce:
0. Set Product X's Group Access Controls to "Default/NA,ENTRY".
1. Create a bug in Product X via the guided bug entry method: <bz_base_url/>enter_bug.cgi?format=guided
2. Create a bug in Product X with the non-guided method.
3. Compare the group memberships of those two bugs.
Actual Results:  
Observe that the "guided" bug has no group memberships.

Expected Results:  
My expectation and hope was that the "guided" bug would be placed in the group for that product, just like the non-guided bug was.

Comment 1

11 years ago
I can confirm in Bugzilla 3.3, but older versions are probably affected too. There is no "Security" checkbox at all (or even worded differently).
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Mac OS X → All
Hardware: PC → All
Version: unspecified → 3.3
Reporter

Comment 2

11 years ago
I can confirm this as far back as 3.0.3, the version we started using the guided method in.
Version: 3.3 → 3.0.3
Assignee

Comment 3

11 years ago
We should remove the guided template from the main Bugzilla code and keep it around somewhere as a sample customization, really.
Here is the current patch that we use (Red Hat) to add group entry checkboxes to the guided bug entry page. We had complaints of not being to create private bugs from that page so it was an easy add-on.

Dave
Assignee

Comment 5

11 years ago
Okay, could we just remove the guided page from the core Bugzilla code? We can put it into the example extension. It has all sorts of bugs and I don't want to maintain it.
Assignee

Comment 6

11 years ago
The guided bug entry form is going to be removed from the core Bugzilla code (see bug 474086), so we won't be fixing these bugs in upstream Bugzilla. It was always just an example page, to begin with. I'm moving the bugs to the bmo component, to at least preserve a record of the fact that these things may need to be fixed for bmo.
Assignee: create-and-change → nobody
Component: Creating/Changing Bugs → Bugzilla: Other b.m.o Issues
Product: Bugzilla → mozilla.org
QA Contact: default-qa → other-bmo-issues
Version: 3.0.3 → other
The aim of the page is simple bug entry - people shouldn't have to deal with groups, the correct defaults should just apply. If they aren't, it would be a useful enhancement to fix that to reduce the amount of customization that people need to do to adapt the form for themselves.

I'm not sure that adding group checkboxes is the way to go, though, because that doesn't meet the "simple" criteria.

Gerv
Severity: minor → enhancement
Component: Bugzilla: Other b.m.o Issues → General
Product: mozilla.org → bugzilla.mozilla.org
--> wontfix; as per gerv's comment the guided bug entry is simple by design.  if you require more control it's now possible to switch to the advanced form.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WONTFIX
Reporter

Comment 9

8 years ago
Byron, I don't see how gerv's comment makes this wontfix. In fact, he mentions that it'd be useful to fix it. I never suggested a more complex GUI, just better privs by default for bugs created in this form.
Assignee

Comment 10

8 years ago
glob: Gerv's point was that any groups that would be "Default" for the user should still be defaulted. (Although I'm surprised the backend doesn't already work this way; maybe we fixed that for 4.2 though.)
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to Max Kanat-Alexander from comment #6)
> The guided bug entry form is going to be removed from the core Bugzilla code
> (see bug 474086)

moving this bug back to the bugzilla product as bug 474086 has been WONTFIXED'd
Assignee: nobody → create-and-change
Component: General → Creating/Changing Bugs
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Version: other → unspecified
(In reply to Max Kanat-Alexander from comment #10)
> glob: Gerv's point was that any groups that would be "Default" for the user
> should still be defaulted. (Although I'm surprised the backend doesn't
> already work this way; maybe we fixed that for 4.2 though.)

The backend code works this way if there is no groups argument passed to Bug->create. But post_bug.cgi has:

$bug_params{'groups'}      = [$cgi->param('groups')];

and so groups is never undefined.
Assignee

Comment 13

8 years ago
Ah yes, that is a totally valid bug in post_bug.cgi that should be fixed.
Severity: enhancement → minor
Target Milestone: --- → Bugzilla 4.2
Assignee

Comment 14

8 years ago
I haven't tested this but it's pretty straightforward and it compiles. Basically, this makes post_bug behave much more similarly to how a WebService bug creation would function. I "fixed" the problem not just for groups (where it really matters) but also for CC and multi-selects (where it doesn't currently matter, but where it could matter in the future).

If we want to fix this on the branch, I will just fix it for groups.
Assignee: create-and-change → mkanat
Attachment #357003 - Attachment is obsolete: true
Status: REOPENED → ASSIGNED
Attachment #553288 - Flags: review?(LpSolit)
Comment on attachment 553288 [details] [diff] [review]
Make undefined cgi params not be sent, v1

>+foreach my $field (qw(cc groups)) {
>+    next if !$cgi->should_set($field);
>+    $bug_params{$field} = [$cgi->param($field)];
>+}

There is no defined_groups hidden field for groups when entering a new bug. With your patch applied, all groups marked as default are applied to the bug, even if I unselect them all.
Attachment #553288 - Flags: review?(LpSolit) → review-
Assignee

Comment 16

8 years ago
Posted patch v2Splinter Review
Oh, very good point. I added a groups_defined to post_bug.
Attachment #553288 - Attachment is obsolete: true
Attachment #553312 - Flags: review?(LpSolit)
Comment on attachment 553312 [details] [diff] [review]
v2

>=== modified file 'template/en/default/bug/create/create.html.tmpl'

>+      <input type="hidden" name="groups_defined" value="1">

It must be defined_groups, not groups_defined, else $cgi->should_set() won't find it. r=LpSolit with this fix on checkin.
Attachment #553312 - Flags: review?(LpSolit) → review+
It should also be checked in into the 4.0 branch IMO as it's security related. On the other hand, this could make a lot of bugs suddenly becoming restricted to groups on this branch, which could be unexpected.
Flags: approval4.2+
Flags: approval4.0?
Flags: approval+
Assignee

Comment 19

8 years ago
Posted patch v2 (4.0)Splinter Review
I agree about 4.0, but let's make it simpler for that branch. Here's a patch that fixes *only* this bug.
Attachment #553326 - Flags: review?(LpSolit)
Comment on attachment 553326 [details] [diff] [review]
v2 (4.0)

Looks good. r=LpSolit
Attachment #553326 - Flags: review?(LpSolit) → review+

Updated

8 years ago
Flags: approval4.0? → approval4.0+
Target Milestone: Bugzilla 4.2 → Bugzilla 4.0
Assignee

Comment 21

8 years ago
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/                       
modified post_bug.cgi
modified template/en/default/bug/create/create.html.tmpl                       
Committed revision 7918.

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.2/                         
modified post_bug.cgi
modified template/en/default/bug/create/create.html.tmpl                       
Committed revision 7900.

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.0/                         
modified post_bug.cgi
modified template/en/default/bug/create/create.html.tmpl
Committed revision 7641.
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.