Bug 824974 - Partner field value is being removed when bug changed by user who is not able to set that Partner field value
Summary: Partner field value is being removed when bug changed by user who is not able...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: Creating/Changing Bugs
Version: 4.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: 4.2-1
Assignee: Simon Green
QA Contact:
URL:
Whiteboard:
: 825010 (view as bug list)
Depends On:
Blocks: BZ42
TreeView+ depends on / blocked
 
Reported: 2012-05-24 17:59 UTC by John Villalovos
Modified: 2018-12-09 06:29 UTC (History)
11 users (show)

Fixed In Version: 4.2.1-1.6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-28 02:14:27 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 471033 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Bugzilla 565827 0 low CLOSED RFE: FailedQE value in Verified field + update logic 2021-02-22 00:41:40 UTC

Internal Links: 471033 565827

Description John Villalovos 2012-05-24 17:59:41 UTC 
This has happened twice now.  Sami added a comment to the below bug and the Partner field was removed.

Email I received:

https://bugzilla.redhat.com/show_bug.cgi?id=791368

Sami Kibria <skibria> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Partner|Intel                       |

--- Comment #10 from Sami Kibria <skibria> ---
<censored>
Comment 1 John Villalovos 2012-05-24 20:05:14 UTC 
My guess is that this is happening when people who are unable to set the Partner field to an existing value make a change to the bug, the Partner field value then gets removed for that value.

I am starting to notice this happening when people who are not part of the Intel group modify bugs we have shared with them.
Comment 2 Simon Green 2012-05-25 00:35:08 UTC 

*** This bug has been marked as a duplicate of bug 825010 ***
Comment 3 John Villalovos 2012-05-25 00:36:56 UTC 
Simon,

Any chance I could have access to see Bug 825010?  Seems to be marked private.
Comment 4 Simon Green 2012-05-25 00:44:11 UTC 
(In reply to comment #3)
> Simon,
> 
> Any chance I could have access to see Bug 825010?  Seems to be marked
> private.

No, I'm changing the duplication to this bug to work around it.

  -- simon
Comment 5 Simon Green 2012-05-25 00:44:24 UTC 
*** Bug 825010 has been marked as a duplicate of this bug. ***
Comment 6 Simon Green 2012-05-25 07:19:45 UTC 
Hi guys,

I've mostly written the code change for this, but I want to do a serious amount of testing before it goes live due to the amount of code that has changed. One core change is that there is now a check in place that always runs to ensure that a value cannot be added or remove by someone not authorised too. This means even if there is leakage in some other part of the code, the user would be presented with an error instead of being able to add / remove something they cannot.

If they are trying to remove a field (as is the case with this bug), they will not be told what value they were trying to remove, as this is partner confidential.

Assuming all goes well, this change will be released on Monday.

  -- simon
Comment 10 Simon Green 2012-05-28 02:14:27 UTC 
This will be part of the next Red Hat Bugzilla release. Please report any problem you notice with the new code ASAP.

  -- simon
Comment 11 Simon Green 2012-05-29 06:31:01 UTC 
Red Hat Bugzilla 4.2.1-1.6 was released a few minutes ago.

  -- simon
Note You need to log in before you can comment on or make changes to this bug.