Closed
Bug 194684
Opened 22 years ago
Closed 22 years ago
restrict editcomponent use per product or per component
Categories
(Bugzilla :: Bugzilla-General, enhancement)
Bugzilla
Bugzilla-General
Tracking
()
CLOSED
DUPLICATE
of bug 189627
People
(Reporter: hauser, Assigned: justdave)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030212
Build Identifier:
It would be great to have the following sub-variants of editcomponents:
1) truly only allow to edit components, not also products
2) restrict the editcomponents to a single product
3) restrict the editcomponents to only the products that the user is allowed to
see as per the her/his group memberships (this is kind of a minor security hole
- at least in 2.16.2 !!!)
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Assignee | ||
Comment 1•22 years ago
|
||
*** This bug has been marked as a duplicate of 189627 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Summary: refine "editcomponents" → restrict editcomponent use per product or per component
Reporter | ||
Comment 2•22 years ago
|
||
Sorry for the duplicate (soundex to catch the missing "s" would be nice...
http://bugzilla.mozilla.org/show_bug.cgi?id=190814).
As more clearly mentioned in http://bugzilla.mozilla.org/show_bug.cgi?id=194686,
I contend that there is a minor security issue here! Perhaps, implicitly this is
addressed in the http://bugzilla.mozilla.org/show_bug.cgi?id=189627.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 3•22 years ago
|
||
yeah, soundex would be nice. :) MySQL doesn't support it :(
Sybase does though. On the other hand, Sybase doesn't support regexp.
Reporter | ||
Comment 4•22 years ago
|
||
How is postgres doing on soundex and regexp?
Regarding my rights-expansion issue, I guess the documentation should say that
giving somebody editusers privileges is equivalent to make that person member of
all groups by default ...
--> http://bugzilla.mozilla.org/show_bug.cgi?id=194750
Status: VERIFIED → CLOSED
Assignee | ||
Comment 5•20 years ago
|
||
*** Bug 230894 has been marked as a duplicate of this bug. ***
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•