Vote #73766: SCM auto status change bypassses roles and permissions - redmineorg-copy202205 - Redmine

編集操作

リンクをコピー

Vote #73766

未完了

SCM auto status change bypassses roles and permissions

Admin Redmine さんが約2年前に追加. 約2年前に更新.

ステータス:

Confirmed

優先度:

通常

担当者:

カテゴリ:

SCM_3

対象バージョン:

Candidate for next major release_32

開始日:

2022/05/09

期日:

進捗率:

予定工数:

Redmineorg_URL:

https://www.redmine.org/issues/13762

category_id:

version_id:

issue_org_id:

13762

author_id:

76460

assigned_to_id:

comments:

status_id:

tracker_id:

plus1:

affected_version:

closed_on:

affected_version_id:

ステータス-->[Confirmed]

引用

説明

Hi,

Encountered unexpected behavior yesterday when i accidentally added a Git archive cloned from another site (buildroot in this case) which contained a lot of commit-messages like

"Closes #1123"

This ended up in a lot of actions like:

Updated by Anonymous about 9 hours ago

    Status changed from New to Resolved
    % Done changed from 0 to 100

Comment Edit

Applied in changeset alleatoautomationplatform:buildroot|commit:4f0361ab2ca4f25207c84b557e31319c9a417a76.

This was not only in the project the Repository is in but sitewide.

The user Anonymous have no permissions set.

This differs in two ways from my expected behavior:

1) The anonymous user should not be able to close issues.
2) A repo commit should only be able to modify issues in the same project as the repo.

This is an old installation that have gone through several upgrades. Unfortunately I don't have time to reproduce it in a clean environment but I thought it might be best reporting it anyway since it is security related.

Ruby version              1.9.3 (x86_64-linux)
RubyGems version          1.8.23
Rack version              1.4
Rails version             3.2.13
Active Record version     3.2.13
Action Pack version       3.2.13
Active Resource version   3.2.13
Action Mailer version     3.2.13
Active Support version    3.2.13
Middleware                Rack::Cache, ActionDispatch::Static, Rack::Lock, #, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Callbacks, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, RedmineDmsf::NoParse, ActionDispatch::ParamsParser, ActionDispatch::Head, Rack::ConditionalGet, Rack::ETag, ActionDispatch::BestStandardsSupport, OpenIdAuthentication
Application root          /var/www/redmine-2.2
Environment               production
Database adapter          mysql2
Database schema version   20121026003537

Thanks in advance and thank you for a great product. We love it!

Marcus

journals

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
I disagree with this one, Anonymous here is not the Redmine anonymous user but a developer *which has commit access* to the repository and which SCM identifier is not mapped to an actual Redmine user, this is far from being a lambda person but a member of the project.

This should not be touched IMHO.
--------------------------------------------------------------------------------
Etienne Massip wrote:
> I disagree with this one, Anonymous here is not the Redmine anonymous user but a developer *which has commit access* to the repository and which SCM identifier is not mapped to an actual Redmine user, this is far from being a lambda person but a member of the project.
>
> This should not be touched IMHO.

I understand but it might lead to security breaches. You say that the person is being member of the project, but really it is member of _any_ project. So if a committer by accident or on purpose mistypes the issue-id or enters one belonging to an external ticket system he or she might change things in a project where he or she might not have access. The person who made the mistake will not then be alerted at all and have no way to correct the problem.

My solution is to add three configuratoin options to the repos.

[] Allow altering of tickets through commit messages
[] Allow system wide altering of tickets through commit messages
[] Allow Non-mapped users in the repo to alter tickets through commit messages

We track external repos in some projects and this led to some confusion (to say the least) ...
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
The root problem should be fixed by r4823 which disables issue updates when importing old commits. The requested option "Allow system wide altering of tickets through commit messages" is also already available as "Allow issues of all the other projects to be referenced and fixed".
--------------------------------------------------------------------------------
Jean-Philippe Lang wrote:
> The root problem should be fixed by r4823 [...]

FTR: it should read _issue_ #4823 (and r12199).

--------------------------------------------------------------------------------

related_issues

relates,New,4823,Don't evaluate commit-message "refs, closes, ..." when adding a repository
duplicates,Closed,14276,Limit users than can reference and fix issues in commit messages
duplicates,Closed,14826, Project permissions not respected in Fix/Reference commit
duplicates,Closed,13792,Fixing via git push should not break workflow

操作

リンクをコピー

Admin Redmine さんが約2年前に更新

カテゴリ を SCM_3 にセット
対象バージョン を Candidate for next major release_32 にセット

編集操作

リンクをコピー

他の形式にエクスポート: Atom PDF

プロジェクト

全般

プロフィール

redmineorg-copy202205

カスタムクエリ

Vote #73766

SCM auto status change bypassses roles and permissions

Admin Redmine さんが約2年前に更新

編集

unofficial-redmine.org デモサイト¶

Redmine.org上のチケットplus1数を集計し、検索用に公開しています。( 2022/5 Redmine5.0 リリース記念版)¶