summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-09-17 13:45:01 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2011-09-17 13:45:01 +0200
commit7dcb30cb4e5b26a052aaca21f3bcf4657f8c3126 (patch)
treefefadcef19a1c79b019c8e994b36df9351253f98
parentbf43fce9af6415fd747854204ba394558843272d (diff)
downloadbugzilla-7dcb30cb4e5b26a052aaca21f3bcf4657f8c3126.tar.gz
bugzilla-7dcb30cb4e5b26a052aaca21f3bcf4657f8c3126.tar.xz
Bug 686227: Users with editcomponents privs must be able to add products they cannot see to the inclusion and exclusion lists when creating or editing a flagtype
r=dkl a=LpSolit
-rw-r--r--Bugzilla/FlagType.pm20
1 files changed, 18 insertions, 2 deletions
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index bd3f7b054..7f37dd884 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -357,7 +357,15 @@ sub set_request_group { $_[0]->set('request_group_id', $_[1]); }
sub set_clusions {
my ($self, $list) = @_;
+ my $user = Bugzilla->user;
my %products;
+ my $params = {};
+
+ # If the user has editcomponents privs, then we only need to make sure
+ # that the product exists.
+ if ($user->in_group('editcomponents')) {
+ $params->{allow_inaccessible} = 1;
+ }
foreach my $category (keys %$list) {
my %clusions;
@@ -369,8 +377,16 @@ sub set_clusions {
my $comp_name = '__Any__';
# Does the product exist?
if ($prod_id) {
- $products{$prod_id} ||= Bugzilla::Product->check({ id => $prod_id });
- detaint_natural($prod_id);
+ detaint_natural($prod_id)
+ || ThrowCodeError('param_must_be_numeric',
+ { function => 'Bugzilla::FlagType::set_clusions' });
+
+ if (!$products{$prod_id}) {
+ $params->{id} = $prod_id;
+ $products{$prod_id} = Bugzilla::Product->check($params);
+ $user->in_group('editcomponents', $prod_id)
+ || ThrowUserError('product_access_denied', $params);
+ }
$prod_name = $products{$prod_id}->name;
# Does the component belong to this product?