Closed
Bug 993222
Opened 10 years ago
Closed 10 years ago
Disallow reviews for confidential bugs
Categories
(MozReview Graveyard :: General, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mcote, Unassigned)
References
Details
(Keywords: bmo-big)
While Review Board is in its initial stages of adoption, to lessen the security attack surface, we should disallow reviews for confidential bugs. They'll have to use the old Splinter tool. There are two parts to this: * When a review is published, verify that it isn't for a confidential bug. If it is, don't publish it, and throw up an error. We need to verify if draft reviews are publicly visible in Review Board; I don't think they are, but I'm not sure. * When a bug is made confidential, delete the associated review. The second part will require a Bugzilla extension, to be filed separately.
|
Reporter | |
Comment 1•10 years ago
|
||
We'll probably need a custom web API here, and it should return a diff generated from the review so that no work is lost, before it deletes the review.
|
|
Reporter | |
Updated•10 years ago
|
Priority: -- → P1
|
|
Reporter | |
Comment 2•10 years ago
|
||
For now, we'll just use the standard HTTP DELETE method and not worry about preserving the patch. I've disallowed posting to non-public bugs: https://github.com/mozilla/rbbz/commit/5573294073af632c281f9dffea429e6599e8bea6 Just need the Bugzilla extension for when bugs with existing reviews are made confidential.
|
|
Reporter | |
Comment 3•10 years ago
|
||
Bugzilla extension is done and will be deployed next push.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•10 years ago
|
Product: bugzilla.mozilla.org → Developer Services
|
|
Assignee | |
Updated•8 years ago
|
Product: Developer Services → MozReview
You need to log in
before you can comment on or make changes to this bug.
Description
•