Bug 1882298 - Admin can create requests for groups the user isn't eligible for
Summary: Admin can create requests for groups the user isn't eligible for
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: Extensions
Version: 5.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jeff Fearn 🐞
QA Contact: Jeff Fearn 🐞
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-24 09:30 UTC by Jeff Fearn 🐞
Modified: 2022-08-22 00:21 UTC (History)
0 users

Fixed In Version: 5.0.4-rh73
Clone Of:
Environment:
Last Closed: 2022-08-22 00:21:04 UTC
Embargoed:


Attachments (Terms of Use)

Description Jeff Fearn 🐞 2020-09-24 09:30:12 UTC
Description of problem:
When an admin adds a user to a group they are not eligible for on the user edit page a review is created with the flag for that group.

Version-Release number of selected component (if applicable):
5.0.4-rh47

How reproducible:
Easy

Steps to Reproduce:
1. Find a manage group with login regex set to !@, no user can will match this
2. Find a user not in the group and add them to the group on the user admin page

Actual results:
Group review request is created.

Expected results:
Group review request is blocked.

Additional info:
Need to check what happens if someone sets the flag to + on the bug.
Consider disabling the group on the user admin page so it can't be accidentally selected.

Comment 1 Jeff Fearn 🐞 2022-08-08 02:46:31 UTC
On QA server.

- Login to an admin account
- Edit another account
- Check boxes the account does not in and do not qualify for are disabled.
- Each disabled checkbox has pop-up text explaining why. e.g.

"You cannot manage this membership because: The user does not match the regular expression '!@'"

- Edit the account of a user who is in a group that their account does not qualify for.
- The checkbox is enabled, allowing the admin to remove the user from the group.

Comment 2 Jeff Fearn 🐞 2022-08-19 00:13:48 UTC
This fix has been deployed to stage Bugzilla for a short public testing phase.

https://bugzilla.stage.redhat.com

Comment 3 Jeff Fearn 🐞 2022-08-22 00:21:04 UTC
This change is now live. If there are any issues, do not reopen this bug. Instead, you should create a new bug and reference this bug.


Note You need to log in before you can comment on or make changes to this bug.