buglist.cgi

[Jacqui Guerrero]

Okay.  I actually created the product prior to turning the usebuggroups and
usebuggroupentry bits on.  What I did now is I deleted this product and
created a new one, with a regexp for the bug group.  However, it seems that
all users in this bug group are still able to view bugs in other bug groups.
Help!

Thanks,
Jacqui

-----Original Message-----
From: developers-owner at bugzilla.org
[mailto:developers-owner at bugzilla.org]On Behalf Of Joel Peshkin
Sent: Friday, May 09, 2003 11:23 AM
To: developers at bugzilla.org
Subject: Re: buglist.cgi


Jacqui Guerrero wrote:

> I am trying to modify buglist.cgi such that certain users can only
> view and submit bugs for a specific product.  If I have usebuggroups
> and usebuggroupsentry on, is the product considered a group?  If so,
> how do I  use UserInGroup to check for the product that the user has
> access to?

What you are trying to do happens automatically if you use usebuggroups
and usebuggroupsentry on and you make sure that you either create the
products after those 2 features are enabled or else make sure there is a
group named EXACTLY the same as each product.

If you need more protection than that (more control),  you need to use
2.17.4

You really should not have to do customizations yourself using
UserInGroup().  If you need to do that, you need to have a very deep
understanding of how these seurity mechanisms work.  Even when the most
involved developers make changes in those areas, we inspect each others'
work very carefully.

-Joel


----
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=jacqui@groxis.com>