Bug 824974 - Partner field value is being removed when bug changed by user who is not able to set that Partner field value
Partner field value is being removed when bug changed by user who is not able...
Product: Bugzilla
Classification: Community
Component: Creating/Changing Bugs (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: ---
: ---
Assigned To: Simon Green
: Reopened
: 825010 (view as bug list)
Depends On:
Blocks: BZ42
  Show dependency treegraph
Reported: 2012-05-24 13:59 EDT by John Villalovos
Modified: 2015-05-08 09:56 EDT (History)
11 users (show)

See Also:
Fixed In Version: 4.2.1-1.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-27 22:14:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Villalovos 2012-05-24 13:59:41 EDT
This has happened twice now.  Sami added a comment to the below bug and the Partner field was removed.

Email I received:


Sami Kibria <skibria@redhat.com> changed:

           What    |Removed                     |Added
            Partner|Intel                       |

--- Comment #10 from Sami Kibria <skibria@redhat.com> ---
Comment 1 John Villalovos 2012-05-24 16:05:14 EDT
My guess is that this is happening when people who are unable to set the Partner field to an existing value make a change to the bug, the Partner field value then gets removed for that value.

I am starting to notice this happening when people who are not part of the Intel group modify bugs we have shared with them.
Comment 2 Simon Green 2012-05-24 20:35:08 EDT

*** This bug has been marked as a duplicate of bug 825010 ***
Comment 3 John Villalovos 2012-05-24 20:36:56 EDT

Any chance I could have access to see Bug 825010?  Seems to be marked private.
Comment 4 Simon Green 2012-05-24 20:44:11 EDT
(In reply to comment #3)
> Simon,
> Any chance I could have access to see Bug 825010?  Seems to be marked
> private.

No, I'm changing the duplication to this bug to work around it.

  -- simon
Comment 5 Simon Green 2012-05-24 20:44:24 EDT
*** Bug 825010 has been marked as a duplicate of this bug. ***
Comment 6 Simon Green 2012-05-25 03:19:45 EDT
Hi guys,

I've mostly written the code change for this, but I want to do a serious amount of testing before it goes live due to the amount of code that has changed. One core change is that there is now a check in place that always runs to ensure that a value cannot be added or remove by someone not authorised too. This means even if there is leakage in some other part of the code, the user would be presented with an error instead of being able to add / remove something they cannot.

If they are trying to remove a field (as is the case with this bug), they will not be told what value they were trying to remove, as this is partner confidential.

Assuming all goes well, this change will be released on Monday.

  -- simon
Comment 10 Simon Green 2012-05-27 22:14:27 EDT
This will be part of the next Red Hat Bugzilla release. Please report any problem you notice with the new code ASAP.

  -- simon
Comment 11 Simon Green 2012-05-29 02:31:01 EDT
Red Hat Bugzilla 4.2.1-1.6 was released a few minutes ago.

  -- simon

Note You need to log in before you can comment on or make changes to this bug.