If you have product-specific editcomponents privs only, and if useclassifications is turned on, editproducts.cgi lists all existing classifications, including those containing no product which you can edit. This is confusing, and also make harder to remember which classifications you can really go into. The list should be filtered to only display relevant classifications.
Created attachment 409122 [details] [diff] [review] patch, v1 get_products_by_permission() already filters products which you can see, so all the security checks are already done by this method.
Assignee: administration → LpSolit
Status: NEW → ASSIGNED
Attachment #409122 - Flags: review?(ghendricks)
tip: Checking in editproducts.cgi; /cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v <-- editproducts.cgi new revision: 1.150; previous revision: 1.149 done 3.4.2: Checking in editproducts.cgi; /cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v <-- editproducts.cgi new revision: 220.127.116.11; previous revision: 1.147 done
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.