Closed
Bug 679943
Opened 14 years ago
Closed 14 years ago
Restrict access to Mozilla Reps forms
Categories
(bugzilla.mozilla.org :: Administration, task)
Tracking
()
RESOLVED
FIXED
People
(Reporter: pierros, Assigned: dkl)
Details
Hello,
We would like to restrict access of form.reps.swag and form.reps.budget forms to members of "mozilla-reps" group of bugzilla.
The rationale is that according to Mozilla Reps program, only approved Reps should use those forms. In the past we had many incidents of random people filling bugs.
Membership to mozilla-reps group is granted by mozilla-reps-admins (Mentors) upon acceptance as a Mozilla Rep and the procedure is detailed here:
https://wiki.mozilla.org/ReMo/SOPs/Mentoring (Step 6: Hand-Holding Period)
Thanks!
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → dkl
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•14 years ago
|
||
Two ways to handle this:
1. Turn on mozilla-reps group on the full "Mozilla Reps" product which will prohibit anyone not in that group from filing bugs into it. The swag/budget forms use that as their product so that would give you what you want. Only possible downside is there is also a Mentorship component in the "Mozilla Reps" product which you may not want locked down in the same way. Marking the product as only enterable by the mozilla-reps group affects all components in the product.
2. Add code to the swag/budget templates themselves to not show the form to those not in the mozilla-reps group. And instead show an error screen instead. Additional hacking would need to be done to make post_bug.cgi also block the form submission as well if someone bypasses the swag/request form altogether.
Number 1 is easy can can be done quickly using the admin UI. Number 2 will require a code update next week or so. Number 2 is a little less clean as well.
Thoughts?
|
Reporter | |
Comment 2•14 years ago
|
||
Hey David!
Option 1 is not an option :) We cannot have Mentorship form restricted as it is supposed to be used by newly registered bugzilla accounts with no interaction with out mentors.
Option 2 seems the only way to go, sorry. I guess for now it would also be OK to skip the changes in post_bug.cgi, considering that we are trying to avoid the accidental usage of the form, but it is up to you :)
Thanks!
|
|
Assignee | |
Comment 3•14 years ago
|
||
(In reply to Pierros Papadeas from comment #2
> Option 2 seems the only way to go, sorry. I guess for now it would also be
> OK to skip the changes in post_bug.cgi, considering that we are trying to
> avoid the accidental usage of the form, but it is up to you :)
Thanks. I have committed the template changes to block people from seeing the form if they are not in the mozilla-reps group. Should be in the next code update tonight.
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.0
modified extensions/BMO/template/en/default/bug/create/create-remo-budget.html.tmpl
modified extensions/BMO/template/en/default/bug/create/create-remo-swag.html.tmpl
Committed revision 7855.
dkl
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•