Closed Bug 194684 Opened 22 years ago Closed 22 years ago

restrict editcomponent use per product or per component

Categories

(Bugzilla :: Bugzilla-General, enhancement)

enhancement
Not set
normal

Tracking

()

CLOSED DUPLICATE of bug 189627

People

(Reporter: hauser, Assigned: justdave)

References

()

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030212 Build Identifier: It would be great to have the following sub-variants of editcomponents: 1) truly only allow to edit components, not also products 2) restrict the editcomponents to a single product 3) restrict the editcomponents to only the products that the user is allowed to see as per the her/his group memberships (this is kind of a minor security hole - at least in 2.16.2 !!!) Reproducible: Always Steps to Reproduce: 1. 2. 3.
*** This bug has been marked as a duplicate of 189627 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Summary: refine "editcomponents" → restrict editcomponent use per product or per component
Sorry for the duplicate (soundex to catch the missing "s" would be nice... http://bugzilla.mozilla.org/show_bug.cgi?id=190814). As more clearly mentioned in http://bugzilla.mozilla.org/show_bug.cgi?id=194686, I contend that there is a minor security issue here! Perhaps, implicitly this is addressed in the http://bugzilla.mozilla.org/show_bug.cgi?id=189627.
Status: RESOLVED → VERIFIED
yeah, soundex would be nice. :) MySQL doesn't support it :( Sybase does though. On the other hand, Sybase doesn't support regexp.
How is postgres doing on soundex and regexp? Regarding my rights-expansion issue, I guess the documentation should say that giving somebody editusers privileges is equivalent to make that person member of all groups by default ... --> http://bugzilla.mozilla.org/show_bug.cgi?id=194750
Status: VERIFIED → CLOSED
*** Bug 230894 has been marked as a duplicate of this bug. ***
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.