Search code examples
linuxbugzilla

Bugzilla restrict bug status

We need a solution for one of our deployment in bugzilla.

Example of our scenario are as below :

Group : Staff,Students

project/product bugs : projectA , projectB

We need to know is there any way to :

1) Restrict the group of user from accessing the project.

Example= Students cannot access or view bugs in projectA.

2) Restrict other group of user from confirming or change the bug status

Example= Students cannot change the bug status of projectB  from  NEW to RESOLVED

3) Some members set of group can only file a bug but not close the file

Example= StaffA can only file a bug in ProjectA but cannot closed it whereas StaffB can file the bug and also can close the bug

From what I have search/Google, there are no documentation available which can explain this function in bugzilla.But maybe I have overlooked somehow. Our current bugzilla is version 3.2rc1

Thanks in advance.

Solution

  • You didn't really say which version of Bugzilla you are using, so the URLs are for the latest release, 4.2. However, the same concepts apply to most recent versions. For instance, we use 3.6 and control whether certain users can change certain things in the same ways that I describe below.

    1) Restricting users who are not in a group from seeing bugs is what Bugzilla's group security does:

    http://www.bugzilla.org/docs/4.2/en/html/groups.html

    One wrinkle in your case is that group security controls positive access rather than negative access. That is, it allows specifying which groups can view bugs in a product rather than groups that cannot. To keep members of students from viewing bugs in projectA, you'll need to have a group that can access projectA and devise a way to keep users in students out of that group.

    Alternatively, you could put some custom code into Bugzilla::User::can_see_bug, Bugzilla::User::visible_bugs, or Bugzilla::Bug::check_is_visible to exert firmer control that users who are in group students can never see bugs in projectA

    2) You can exercise a lot of granularity in allowing changes:

    http://www.bugzilla.org/docs/4.2/en/html/cust-change-permissions.html

    We do something like this. We have a set of users to whom we want to grant read-only access unless we have explicitly allowed read-write access. To do this, we have a group called allspecialusers to which these users belong based on email address. We have another group called approved_specialusers to which some of those users are added manually.

    So, in our Bugzilla::Bug::check_can_change_field, we have code like:

    if ($user->in_group('specialusers') &&
    !$user->in_group('approved_specialusers')) {
    $$PrivilegesRequired = 3;
    return 0;
}

    You can do what you want by checking if the bug is in product projectB and the user trying to make the change is in group students