Right now, when autolinkying bug ids (in case of the existence of those ids) in comments, all bugs are linkified regardless of user's permissions. So, if I click on a linkfied bug id that I do not have the required permission to see that, I will see the respective error. In this case, it would be a good idea to not linkify the bug id. Instead, we could use the tag <abbr> or <acronym> with a text like "You are not allowed to see this bug."
Note that the link contains the status and resolution of the bug. We shouldn't loose this information. But your proposal makes sense, assuming it's clear to users why they cannot click some "bug XXX" links while some others work.
Created attachment 645105 [details] [diff] [review] patch - v1
Comment on attachment 645105 [details] [diff] [review] patch - v1 >=== modified file 'template/en/default/bug/link.html.tmpl' >+[% IF NOT user.can_see_bug(bug) %] >+ <abbr title="[% link_title FILTER collapse FILTER html %]"> >+ [%~ link_text FILTER html %]</abbr> >+ [% RETURN %] >+[% END %] If we follow this path, then you should put this code into a [% ELSE %] block following the existing [% IF user.can_see_bug(bug) %] block with all the relevant code in it. This is logically much nicer than the RETURN directive inserted here. Now thinking about it a bit more, I often click on bugs I cannot see (because I'm logged out) because I know Bugzilla will ask me to log in to see it and so I will be able to enter my credentials and view the secure bug automatically. If we replace the link by <abbr>, then I won't be able to click on it at all and I will first have to log in, and then click on the link, which is not a big deal. :) I wonder if using a CSS class similar to the existing 'forbidden' class in admin.css wouldn't be better. This way, the text would look like not clickable, but could still be clicked by advanced users. Seems like a good compromise to me.
Created attachment 651510 [details] [diff] [review] patch - v1.1
Comment on attachment 651510 [details] [diff] [review] patch - v1.1 As I said in comment 3, leave "bug XXX" as clickable, but use CSS to alter the way it's displayed to users who cannot access the bug.
Dylan, can you confirm that this bug is still valid in the current code base? If so, could you relink to where the source is, what file to edit and add a mentor to the bug?
This is still a valid bug.
I'm a newbie, but maybe I can work on this bug ? thanks
No assignee is set so anyone can work on this - no 'permissions' in general. :)