Bug 56370 - I can make any bug visiable to only eCos ASCOM PLC
Summary: I can make any bug visiable to only eCos ASCOM PLC
Alias: None
Product: Bugzilla
Classification: Community
Component: Bugzilla General
Version: 2.8
Hardware: i386
OS: Linux
medium vote
Target Milestone: ---
Assignee: David Lawrence
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-11-16 10:10 UTC by Andrew Lunn
Modified: 2007-04-18 16:38 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2001-11-16 10:11:49 UTC

Attachments (Terms of Use)

Description Andrew Lunn 2001-11-16 10:10:37 UTC
Description of Problem:

I've been testing out bugzilla as a 'customer' rather than a net user. Alex
created the group "eCos ASCOM PLC Contract" and i have permission to make
bugs only visiable to members of that group. 

I can put any bug into the group, not just me own. eg look at Alexs' bug
report for the security violation where i got complete access. Thats now
only visiable to "eCos ASCOM PLC contract".

Version-Release number of selected component (if applicable): Current

How Reproducible: one for one

Steps to Reproduce:
1. Login as me
2. Select a bug
3. hit the cross box
4. Save the changes

Comment 1 David Lawrence 2001-12-18 23:33:10 UTC
Yes this is true. One thing that will probably help is that with the next release of 
Bugzilla, only people who are the reporter or assigned_to will be able make 
changes to a bug report unless they belong to a special group called 'editallbugs' 
so that will keep you from being able to change the permission levels of other 
people's bugs. Until then since it is not a trivial fix we will work on the honor 

Note You need to log in before you can comment on or make changes to this bug.