editproducts.cgi should only list classifications in which there are products you can administer

RESOLVED FIXED in Bugzilla 3.4

Status

()

RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: LpSolit, Assigned: LpSolit)

Tracking

Bugzilla 3.4
Bug Flags:
approval +
approval3.4 +

Details

Attachments

(1 attachment)

(Assignee)

Description

9 years ago
If you have product-specific editcomponents privs only, and if useclassifications is turned on, editproducts.cgi lists all existing classifications, including those containing no product which you can edit. This is confusing, and also make harder to remember which classifications you can really go into. The list should be filtered to only display relevant classifications.
(Assignee)

Comment 1

9 years ago
Created attachment 409122 [details] [diff] [review]
patch, v1

get_products_by_permission() already filters products which you can see, so all the security checks are already done by this method.
Assignee: administration → LpSolit
Status: NEW → ASSIGNED
Attachment #409122 - Flags: review?(ghendricks)

Updated

9 years ago
Attachment #409122 - Flags: review?(ghendricks) → review+
(Assignee)

Updated

9 years ago
Flags: approval3.4+
Flags: approval+
(Assignee)

Comment 2

9 years ago
tip:

Checking in editproducts.cgi;
/cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v  <--  editproducts.cgi
new revision: 1.150; previous revision: 1.149
done

3.4.2:

Checking in editproducts.cgi;
/cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v  <--  editproducts.cgi
new revision: 1.147.2.1; previous revision: 1.147
done
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.