Closed
Bug 603598
Opened 14 years ago
Closed 14 years ago
Any users can change any preferences of any bugs
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: admin, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; ru; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 GTB7.1 Build Identifier: 3.6.2 All users can change any preferences of any bugs (Assigne, Product, Component, CC List, etc) even if he is not reporter or QA contact. Reproducible: Always
Comment 1•14 years ago
|
||
This means your users have editbugs privs, which is exactly what these privileges are for. If you don't want to let them edit all bugs, remove these privilieges.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
Version: unspecified → 3.6.2
Reporter | ||
Comment 2•14 years ago
|
||
Yes, I know this. I've already deleted editbugs privilege from TESTUSER. There are no access points checked in the "Administration -> Users" tab on editusers.cgi page, but in the "Preferences -> Permissions" tab on page /userprefs.cgi?tab=permissions I see the following text: "You have the following permission bits set on your account: editbugs Can edit all aspects of any bug" The only solution I found is a manually deletion permission string in mySQL database. For example, in the 'user_group_map' table I delete this string: user_id group_id isbless grant_type 77 6 0 2 Now user 77 (TESTUSER) can`t edit any strangers bugs and in a "Preferences -> Permissions" of this user "editbugs" rules is not displayed. I do not understand what the problem.
Comment 3•14 years ago
|
||
Probably all users have editbugs privs because the editbugs group has .* as regular expression. Go check that at editgroups.cgi.
You need to log in
before you can comment on or make changes to this bug.
Description
•