When submitting a bug it should be possible to have the default be: Only people in the "XXX" group can see this bug instead of: People not in the "XXX" group can see this bug I would add an additional checkbox for editusers for each group which would say something like: This bit is on by default.

The above bug fixes the described problem. It is based on our local copy of bugzilla which is based on 2.10. It requires a new field called 'defaultgroupset' be added to the profiles table. The patch has the following features: 1. You can enable/disable the bit for each user in editusers.cgi; 2. enter_bug.cgi will set the a group to on if defaultgroupset has that bit set in defaultgroupset; and 3. If there is a regular expression for a group, any new user who matches that regular expression will have that bit enabled in their defaultgroupset. Enjoy!

Reopening. FIXED means that the fix has been checked into CVS, and I assume that's not the case here. If I'm wrong, please re-close.

That's true. I was suprised that I could actually set to FIXED since I didn't believe that external users would actually have the permission to FIX bugs.

You can actually do anything with a bug you filed yourself.

Default security permissions is one of the things I mentioned in my security redesign proposal on bug 39816. Most likely this patch won't be valid after we redo the security, but the issue still will...

removing patch keyword... this patch will not apply cleanly against the current CVS code. Keywords can be added back when we have a clean patch.

I have created a diff between 2.12 and our version of bugzilla. I have editted out our other enhancments and hopefully nothing else.

This patch appears to depend on the existence of a column in the profiles table that doesn't exist, but there's no patch for checksetup.pl to create that column in here.... cc Chris for schema change

what does this do that product groups doesn't? product groups are turned on in new bugs by default. Although that goes by product, and I guess this would set it by user. Wouldn't you want settings by user to be editable by the user?

They are editable by the user. It's just whether they are on or off by default. We had a problem with people forgetting to select the groups when they submitting a bug and this made a bunch of bugs public that should have been private.

I mean the user can't change what their defaults are... sure, they can change it when they're opening a bug.

Yeah, that's true. I didn't anticipate that when I wrote this. I don't need that for my installation right now but I think it would be a good feature.

I'm going to hold this off for 2.16... mainly because we're going to be completely redoing the way groups work shortly to try to get around the 63-group limitation, and this'll need to be redone after that anyway.

Anyone interested in a patch against 2.14? Most of its the same but my changes to editusers.cgi got blown away when I upgraded from 2.12 to 2.14. I will probably handle this in-house by simply hacking the MySQL database directly. However, if anyone's interested, I can come up with something that gives at least the same functionality as the patch against 2.12.

-> Bugzilla product

We are currently trying to wrap up Bugzilla 2.16. We are now close enough to release time that anything that wasn't already ranked at P1 isn't going to make the cut. Thus this is being retargetted at 2.18. If you strongly disagree with this retargetting, please comment, however, be aware that we only have about 2 weeks left to review and test anything at this point, and we intend to devote this time to the remaining bugs that were designated as release blockers.

Comment on attachment 19828 [details] [diff] [review] Patch that fixes this bug. This is being done on a per-product basis in bug 157756

bug 157756 fixed this.