Last Comment Bug 460074 - Guided bug entry creates public bugs. Expected it to have same group membership defaults as using non-guided method.
: Guided bug entry creates public bugs. Expected it to have same group membersh...
Status: RESOLVED FIXED
:
Product: Bugzilla
Classification: Server Software
Component: Creating/Changing Bugs (show other bugs)
: unspecified
: All All
: -- minor (vote)
: Bugzilla 4.0
Assigned To: Max Kanat-Alexander
: default-qa
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-15 11:26 PDT by Eiren Smith
Modified: 2011-08-15 17:53 PDT (History)
5 users (show)
LpSolit: approval+
LpSolit: approval4.2+
LpSolit: approval4.0+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Patch to display group checkboxes in the guided bug entry form (v1) (1.34 KB, patch)
2009-01-14 12:48 PST, David Lawrence [:dkl]
no flags Details | Diff | Splinter Review
Make undefined cgi params not be sent, v1 (834 bytes, patch)
2011-08-15 15:30 PDT, Max Kanat-Alexander
LpSolit: review-
Details | Diff | Splinter Review
v2 (1.34 KB, patch)
2011-08-15 17:18 PDT, Max Kanat-Alexander
LpSolit: review+
Details | Diff | Splinter Review
v2 (4.0) (1.05 KB, patch)
2011-08-15 17:51 PDT, Max Kanat-Alexander
LpSolit: review+
Details | Diff | Splinter Review

Description Eiren Smith 2008-10-15 11:26:25 PDT
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1
Build Identifier: 

Guided bug entry creates public bugs. Expected it to have same group membership defaults as using non-guided method.

It looks like bugs created using the guided bug entry form are always created with no group memberships, making them public. I'd like such bugs to have the same defaults as if I hadn't used the guided method to create them. For the we way we have our Bugzilla products/groups set up, this implies membership in the product's group.

Reproducible: Always

Steps to Reproduce:
0. Set Product X's Group Access Controls to "Default/NA,ENTRY".
1. Create a bug in Product X via the guided bug entry method: <bz_base_url/>enter_bug.cgi?format=guided
2. Create a bug in Product X with the non-guided method.
3. Compare the group memberships of those two bugs.
Actual Results:  
Observe that the "guided" bug has no group memberships.

Expected Results:  
My expectation and hope was that the "guided" bug would be placed in the group for that product, just like the non-guided bug was.
Comment 1 Frédéric Buclin 2008-10-15 11:37:20 PDT
I can confirm in Bugzilla 3.3, but older versions are probably affected too. There is no "Security" checkbox at all (or even worded differently).
Comment 2 Eiren Smith 2008-10-15 12:34:42 PDT
I can confirm this as far back as 3.0.3, the version we started using the guided method in.
Comment 3 Max Kanat-Alexander 2008-10-16 03:47:22 PDT
We should remove the guided template from the main Bugzilla code and keep it around somewhere as a sample customization, really.
Comment 4 David Lawrence [:dkl] 2009-01-14 12:48:20 PST
Created attachment 357003 [details] [diff] [review]
Patch to display group checkboxes in the guided bug entry form (v1)

Here is the current patch that we use (Red Hat) to add group entry checkboxes to the guided bug entry page. We had complaints of not being to create private bugs from that page so it was an easy add-on.

Dave
Comment 5 Max Kanat-Alexander 2009-01-14 14:42:53 PST
Okay, could we just remove the guided page from the core Bugzilla code? We can put it into the example extension. It has all sorts of bugs and I don't want to maintain it.
Comment 6 Max Kanat-Alexander 2009-01-16 18:39:56 PST
The guided bug entry form is going to be removed from the core Bugzilla code (see bug 474086), so we won't be fixing these bugs in upstream Bugzilla. It was always just an example page, to begin with. I'm moving the bugs to the bmo component, to at least preserve a record of the fact that these things may need to be fixed for bmo.
Comment 7 Gervase Markham [:gerv] 2009-01-19 15:35:48 PST
The aim of the page is simple bug entry - people shouldn't have to deal with groups, the correct defaults should just apply. If they aren't, it would be a useful enhancement to fix that to reduce the amount of customization that people need to do to adapt the form for themselves.

I'm not sure that adding group checkboxes is the way to go, though, because that doesn't meet the "simple" criteria.

Gerv
Comment 8 Byron Jones ‹:glob› 2011-07-13 00:38:49 PDT
--> wontfix; as per gerv's comment the guided bug entry is simple by design.  if you require more control it's now possible to switch to the advanced form.
Comment 9 Eiren Smith 2011-07-15 09:51:38 PDT
Byron, I don't see how gerv's comment makes this wontfix. In fact, he mentions that it'd be useful to fix it. I never suggested a more complex GUI, just better privs by default for bugs created in this form.
Comment 10 Max Kanat-Alexander 2011-07-19 15:45:00 PDT
glob: Gerv's point was that any groups that would be "Default" for the user should still be defaulted. (Although I'm surprised the backend doesn't already work this way; maybe we fixed that for 4.2 though.)
Comment 11 Byron Jones ‹:glob› 2011-08-09 23:04:02 PDT
(In reply to Max Kanat-Alexander from comment #6)
> The guided bug entry form is going to be removed from the core Bugzilla code
> (see bug 474086)

moving this bug back to the bugzilla product as bug 474086 has been WONTFIXED'd
Comment 12 Frédéric Buclin 2011-08-10 05:59:33 PDT
(In reply to Max Kanat-Alexander from comment #10)
> glob: Gerv's point was that any groups that would be "Default" for the user
> should still be defaulted. (Although I'm surprised the backend doesn't
> already work this way; maybe we fixed that for 4.2 though.)

The backend code works this way if there is no groups argument passed to Bug->create. But post_bug.cgi has:

$bug_params{'groups'}      = [$cgi->param('groups')];

and so groups is never undefined.
Comment 13 Max Kanat-Alexander 2011-08-15 15:24:20 PDT
Ah yes, that is a totally valid bug in post_bug.cgi that should be fixed.
Comment 14 Max Kanat-Alexander 2011-08-15 15:30:44 PDT
Created attachment 553288 [details] [diff] [review]
Make undefined cgi params not be sent, v1

I haven't tested this but it's pretty straightforward and it compiles. Basically, this makes post_bug behave much more similarly to how a WebService bug creation would function. I "fixed" the problem not just for groups (where it really matters) but also for CC and multi-selects (where it doesn't currently matter, but where it could matter in the future).

If we want to fix this on the branch, I will just fix it for groups.
Comment 15 Frédéric Buclin 2011-08-15 15:39:06 PDT
Comment on attachment 553288 [details] [diff] [review]
Make undefined cgi params not be sent, v1

>+foreach my $field (qw(cc groups)) {
>+    next if !$cgi->should_set($field);
>+    $bug_params{$field} = [$cgi->param($field)];
>+}

There is no defined_groups hidden field for groups when entering a new bug. With your patch applied, all groups marked as default are applied to the bug, even if I unselect them all.
Comment 16 Max Kanat-Alexander 2011-08-15 17:18:27 PDT
Created attachment 553312 [details] [diff] [review]
v2

Oh, very good point. I added a groups_defined to post_bug.
Comment 17 Frédéric Buclin 2011-08-15 17:38:25 PDT
Comment on attachment 553312 [details] [diff] [review]
v2

>=== modified file 'template/en/default/bug/create/create.html.tmpl'

>+      <input type="hidden" name="groups_defined" value="1">

It must be defined_groups, not groups_defined, else $cgi->should_set() won't find it. r=LpSolit with this fix on checkin.
Comment 18 Frédéric Buclin 2011-08-15 17:42:37 PDT
It should also be checked in into the 4.0 branch IMO as it's security related. On the other hand, this could make a lot of bugs suddenly becoming restricted to groups on this branch, which could be unexpected.
Comment 19 Max Kanat-Alexander 2011-08-15 17:51:06 PDT
Created attachment 553326 [details] [diff] [review]
v2 (4.0)

I agree about 4.0, but let's make it simpler for that branch. Here's a patch that fixes *only* this bug.
Comment 20 Frédéric Buclin 2011-08-15 17:52:19 PDT
Comment on attachment 553326 [details] [diff] [review]
v2 (4.0)

Looks good. r=LpSolit
Comment 21 Max Kanat-Alexander 2011-08-15 17:53:58 PDT
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/                       
modified post_bug.cgi
modified template/en/default/bug/create/create.html.tmpl                       
Committed revision 7918.

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.2/                         
modified post_bug.cgi
modified template/en/default/bug/create/create.html.tmpl                       
Committed revision 7900.

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.0/                         
modified post_bug.cgi
modified template/en/default/bug/create/create.html.tmpl
Committed revision 7641.

Note You need to log in before you can comment on or make changes to this bug.