| Summary: | The serial number of comment are mismatched between Reviewer side and vendor side | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Hardware Certification Program | Reporter: | Yunlong Xue <yxue> | ||||||
| Component: | Hardware Catalog | Assignee: | Tony Fu <tfu> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 6.1 | CC: | hwcert-catalog, pxue, rlandry, sgreen, wshen | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-04-20 00:36:29 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 807440 | ||||||||
| Attachments: |
|
||||||||
|
Description
Yunlong Xue
2011-10-11 02:57:28 UTC
The current code use bz xmlrpc function to get comments. If the log in user is not in "private_comment" group, the returned result of bz xmlrpc call won't include private comments. Therefore, the comment serial number will not match with the result of bz xmlrpc function calling from a user who is in "private_comment" group. In bugzilla code, it simply gets all comments from db, then hide private comments if the user is not in "private_comment" group. We can use the similar approach by using a dummy user who are in "private_comment" and use this user to call xmlrpc function to get all comments, then we hide the private comments if the real user is not in "private_comment" group. I have worked out a patch to do so. It will need 1. add a dummy user who is in "private_comment" and "redhat" group. (I created one "hwcert-private-xmlrpc" on web2 and used it in my patch) 2. add the dummy user's user name and password in localhost file as following $hwcert_private_user = 'hwcert-private-xmlrpc'; $hwcert_private_password = ''; Created attachment 549126 [details]
fix the mismatched comment number
Since the new patch need a private group account and it can bring some security issues without a comprehensive test, we move it to hybrid4. Also, I have discussed it with reviewers and they are ok with the move. make some changed on old patch and applied the new patch on web2. The patch requires a dummy account which is in private_comment group, so if the user is not in "private_comment" group, the correct total comments number can still be returned by using the dummy account and the "private" comments will be properly hidden. (it is pretty much the same approach as bz handles the comments serial number). Created attachment 560459 [details]
bug fix patch
Comment on attachment 560459 [details]
bug fix patch
looks good
Comment on attachment 560459 [details]
bug fix patch
good to me
Is this patch applied anywhere? Have we compared it to the BZ behavior? verified on partner |