Bug 448774
| Summary: | Display release notes field when bug is inaccessible | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Community] Bugzilla | Reporter: | David Lawrence <dkl> | ||||||||
| Component: | User Interface | Assignee: | PnT DevOps Devs <hss-ied-bugs> | ||||||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | |||||||||
| Severity: | low | Docs Contact: | |||||||||
| Priority: | low | ||||||||||
| Version: | 3.2 | CC: | ddomingo, mhideo | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2008-07-02 02:26:30 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | |||||||||||
| Bug Blocks: | 406071 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
David Lawrence
2008-05-28 18:29:33 UTC
Created attachment 306982 [details]
Patch to display release notes publicly for private bugs (v1)
Attaching patch to display the cf_release_notes publicly for private bugs.
This is specific to the cf_release_notes field which will get us something
working quickly.
But ideally something we should look into doing possibly is either do this as
an proper Red Hat extension or add a new boolean column to the fielddefs table
maybe called 'public'. And then just display all fields marked as public when a
bug is inaccessible. The public flag could be set through the editfields.cgi
interface.
Thoughts? Review?
Dave
Comment on attachment 306982 [details]
Patch to display release notes publicly for private bugs (v1)
Hi Dave,
The patch looks good and work as expected. I think making the fields optional
to be public for private bugs is a good idea.
Thanks,
Noura
Created attachment 307137 [details] Patch to display public fields for private bugs (v1) Here is a patch that actually adds a new public flag to any custom field. This will allow a field to be displayed when a bug is private and the user cannot see it. This is a better solution as it allows more than single field to be displayed and also is managed through the web UI. I have this installed on bz-web2-test.devel.redhat.com if you want to try it. For example just log out and go to bug 9661 and you will see a couple of public fields displayed. When logged in, I also put a (Public) designation next to public fields so people will know not to put confidential information in them. Please review Thanks Dave Comment on attachment 307137 [details] Patch to display public fields for private bugs (v1) Hi Dave, The patch looks very pretty :). I talked to Mike about making the release notes field public and he likes the idea, one thing we discussed was that if the bug is a security sensitive bug then no info at all should be displayed, I think it is a pretty good idea if we can make it a general rule that public fields should not even be displayed at all if a bug is a security sensitive bug so maybe in you patch we can do this little change as the following: >Index: Bugzilla/Bug.pm >=================================================================== > >+ >+ # REDHAT EXTENSION START 448774 >+ my $bug = Bugzilla::Bug->new($id); >+ my @public_data; >+ my $public_fields = Bugzilla::Field->match({custom => 1, obsolete => 0, public => 1}); >+ foreach my $field (@$public_fields) { >+ if ($bug->{$field->name}) { >+ $field->{'value'} = $bug->{$field->name}; >+ push(@public_data, $field); >+ } >+ } >+ > if ($user->id) { >- ThrowUserError("bug_access_denied", {'bug_id' => $id}); >+ ThrowUserError("bug_access_denied", >+ {'bug_id' => $id, >+ 'public_data' => \@public_data}); > } else { >- ThrowUserError("bug_access_query", {'bug_id' => $id}); >+ ThrowUserError("bug_access_query", >+ {'bug_id' => $id, >+ 'public_data' => \@public_data}); > } >+ # REDHAT EXTENSION END 448774 > } # REDHAT EXTENSION START 448774 my $bug = Bugzilla::Bug->new($id); my @public_data; my $public_fields = Bugzilla::Field->match({custom => 1, obsolete => 0, public => 1}); foreach my $field (@$public_fields) { if ($bug->{$field->name}) { $field->{'value'} = $bug->{$field->name}; push(@public_data, $field); } } foreach my $bug_group (@{$bug->groups_in}) { if ($bug_group->name eq 'security') { if ($user->id) { ThrowUserError("bug_access_denied", {'bug_id' => $id}); } else { ThrowUserError("bug_access_query", {'bug_id' => $id}); } } } if ($user->id) { ThrowUserError("bug_access_denied", {'bug_id' => $id, 'public_data' => \@public_data}); } else { ThrowUserError("bug_access_query", {'bug_id' => $id, 'public_data' => \@public_data}); } # REDHAT EXTENSION END 448774 what do you think? or we can just make it specific to the release notes field. Thanks, Noura Created attachment 307159 [details]
Patch to display public fields for private bugs (v2)
Thanks Noura. I made it that all public fields are not visible if the security
group is on. We can further discuss whether some fields are safe even when the
bug is security sensitive but we will be cautious and do them all for now. I
created a new v2 patch that uses your suggestion.
Please review
Thanks
Dave
Comment on attachment 307159 [details]
Patch to display public fields for private bugs (v2)
Looks good to me Dave, tested it and it works nicely.
Thanks,
Noura
Checked into CVS. Dave This change is now on partner-bugzilla.redhat.com and will be in the final release. |