diff options
author | lpsolit%gmail.com <> | 2008-09-15 12:46:02 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2008-09-15 12:46:02 +0200 |
commit | 3805f522ac2e1ed2a9ebb383beee3a23b7105020 (patch) | |
tree | 473a07ee0de0a740d7aabfe6aa8a4425964f4c68 | |
parent | ac1f49a8d936a91831162bafda0dd7236ee95108 (diff) | |
download | bugzilla-3805f522ac2e1ed2a9ebb383beee3a23b7105020.tar.gz bugzilla-3805f522ac2e1ed2a9ebb383beee3a23b7105020.tar.xz |
Bug 455099: Some methods in Search.pm use the wrong user object to check privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
-rw-r--r-- | Bugzilla/Search.pm | 51 |
1 files changed, 8 insertions, 43 deletions
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 77000ce31..6dc2703fc 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -369,7 +369,7 @@ sub init { my $sql_deadlinefrom; my $sql_deadlineto; - if (Bugzilla->user->in_group(Bugzilla->params->{'timetrackinggroup'})){ + if ($user->is_timetracker) { my $deadlinefrom; my $deadlineto; @@ -1292,12 +1292,7 @@ sub _commenter_exact { $$sequence++; } my $table = "longdescs_$chartseq"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $user->is_insider ? "" : "AND $table.isprivate < 1"; push(@$supptables, "LEFT JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id $extra " . "AND $table.who IN ($match)"); @@ -1316,12 +1311,7 @@ sub _commenter { $$sequence++; } my $table = "longdescs_$chartseq"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1"; $$f = "login_name"; $$ff = "profiles.login_name"; $$funcsbykey{",$$t"}($self, %func_args); @@ -1340,12 +1330,7 @@ sub _long_desc { @func_args{qw(chartid supptables f)}; my $table = "longdescs_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1"; push(@$supptables, "LEFT JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id $extra"); $$f = "$table.thetext"; @@ -1358,12 +1343,7 @@ sub _longdescs_isprivate { @func_args{qw(chartid supptables f)}; my $table = "longdescs_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1"; push(@$supptables, "LEFT JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id $extra"); $$f = "$table.isprivate"; @@ -1505,12 +1485,7 @@ sub _attach_data_thedata { my $atable = "attachments_$$chartid"; my $dtable = "attachdata_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $atable.isprivate = 0"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0"; push(@$supptables, "INNER JOIN attachments AS $atable " . "ON bugs.bug_id = $atable.bug_id $extra"); push(@$supptables, "INNER JOIN attach_data AS $dtable " . @@ -1525,12 +1500,7 @@ sub _attachments_submitter { @func_args{qw(chartid supptables f)}; my $atable = "map_attachment_submitter_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $atable.isprivate = 0"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0"; push(@$supptables, "INNER JOIN attachments AS $atable " . "ON bugs.bug_id = $atable.bug_id $extra"); push(@$supptables, "LEFT JOIN profiles AS attachers_$$chartid " . @@ -1546,12 +1516,7 @@ sub _attachments { my $dbh = Bugzilla->dbh; my $table = "attachments_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate = 0"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate = 0"; push(@$supptables, "INNER JOIN attachments AS $table " . "ON bugs.bug_id = $table.bug_id $extra"); $$f =~ m/^attachments\.(.*)$/; |