users are able to view flags in bugs that they don't have permission to view "meaning that they are not in the visibility group of the flag", and when they try to make any change to those bugs they get flag access denied error. for example: user <karsten> is able to see the flag rhel‑2.1? in bug 453578 even though he is not a memver of the rhel_visible group. when he tries to make any change to that bug 453578 like adding a comment or anything else he get this error: 'You are not authorized to access flag rhel-2.1.' similar behavior happened with other users like rlerch. A patch to fix this problem is to be attached shortly. Noura
Created attachment 313420 [details] v1 to fix flag visibility error this is a patch to solve the problem with the flag visibility error, so basically i am just checking the the flag is visible to the user and the template/user interface level to filter the invisible ones out before display. patch is applied to bz-web2 if you would like to test. Noura
template/en/default/flag/list.html.tmpl nitpik: looks like the [% END %] statements in this file don't line up.
The fix for this should be live on the production servers for a short while now. Closing this bug.