Bug 404663 - aliases should be reserved for people w/ editbugs

r=dkl, a=simon
author: Simon Green <mail@simon.green> 2015-08-19 08:17:13 +0200
committer: Simon Green <mail@simon.green> 2015-08-19 08:17:13 +0200
commit: 727ba2a265bf860c6463eb70fb0c5c256fddd434 (patch)
tree: 63bb37f8054dac72b62beeed612f9c0d074f98ee
parent: fe168e2dc6771d97e9c672f207e49e354a0ec892 (diff)
download: bugzilla-727ba2a265bf860c6463eb70fb0c5c256fddd434.tar.gz
bugzilla-727ba2a265bf860c6463eb70fb0c5c256fddd434.tar.xz
3 files changed, 44 insertions, 5 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 0ec29623e..dda572ed7 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -177,6 +177,7 @@ sub VALIDATOR_DEPENDENCIES {
         if $cache->{bug_validator_dependencies};
 
     my %deps = (
+        alias            => ['product'],
         assigned_to      => ['component'],
         blocked          => ['product'],
         bug_status       => ['product', 'comment', 'target_milestone'],
@@ -1388,12 +1389,24 @@ sub _send_bugmail {
 #####################################################################
 
 sub _check_alias {
-    my ($invocant, $aliases) = @_;
+    my ($invocant, $aliases, undef, $params) = @_;
     $aliases = ref $aliases ? $aliases : [split(/[\s,]+/, $aliases)];
 
     # Remove empty aliases
     @$aliases = grep { $_ } @$aliases;
 
+    my $product = blessed($invocant) ? $invocant->product_obj
+                                     : $params->{product};
+
+    # You need editbugs to edit these fields
+    unless (Bugzilla->user->in_group('editbugs', $product->id)) {
+        if (scalar @$aliases) {
+            ThrowUserError('illegal_change', { field  => 'alias',
+                                               action => 'set',
+                                               privs  => PRIVILEGES_REQUIRED_EMPOWERED });
+        }
+    }
+
     foreach my $alias (@$aliases) {
         $alias = trim($alias);
 
@@ -2967,6 +2980,16 @@ sub add_alias {
 
 sub remove_alias {
     my ($self, $alias) = @_;
+
+    my $privs;
+    my $can = $self->check_can_change_field('alias', '', $alias, \$privs);
+    if (!$can) {
+        ThrowUserError('illegal_change', { field    => 'alias',
+                                           action   => 'unset',
+                                           oldvalue => $alias,
+                                           privs    => $privs });
+    }
+
     my $bug_aliases = $self->alias;
     @$bug_aliases = grep { $_ ne $alias } @$bug_aliases;
 }
@@ -4442,6 +4465,12 @@ sub check_can_change_field {
         return 1;
     }
 
+    # You need editbugs in order to change the alias
+    if ($field eq 'alias') {
+       $$PrivilegesRequired = PRIVILEGES_REQUIRED_EMPOWERED;
+       return 0;
+    }
+
     # *Only* users with (product-specific) "canconfirm" privs can confirm bugs.
     if ($self->_changes_everconfirmed($field, $oldvalue, $newvalue)) {
         $$PrivilegesRequired = PRIVILEGES_REQUIRED_EMPOWERED;
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index 23fb276c9..367292756 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -269,8 +269,9 @@ TUI_hide_default('attachment_text_field');
 
     <td>&nbsp;</td>
     [%# Calculate the number of rows we can use for flags %]
-    [% num_rows = 6 + (Param("useqacontact") ? 1 : 0) +
-                      (user.is_timetracker ? 3 : 0)
+    [% num_rows = 5 + (Param("useqacontact") ? 1 : 0) +
+                      (user.is_timetracker ? 3 : 0) +
+                      (user.in_group('editbugs', product.id) ? 1 : 0)
     %]
 
     <td rowspan="[% num_rows FILTER html %]">
@@ -380,6 +381,7 @@ TUI_hide_default('attachment_text_field');
   </tr>
 [% END %]
 
+[% IF user.in_group('editbugs', product.id) %]
   <tr>
     [% INCLUDE "bug/field-label.html.tmpl"
       field = bug_fields.alias editable = 1
@@ -388,6 +390,7 @@ TUI_hide_default('attachment_text_field');
       <input name="alias" size="20" value="[% alias FILTER html %]">
     </td>
   </tr>
+[% END %]
 
   <tr>
     [% INCLUDE "bug/field-label.html.tmpl"
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index fe548f927..57c06c204 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -923,8 +923,15 @@
 
   [% ELSIF error == "illegal_change" %]
     [% title = "Not allowed" %]
-    You tried to change the
-    <strong>[% field_descs.$field FILTER html %]</strong> field 
+    You tried to
+    [% IF action == "set" %]
+      set
+    [% ELSIF action == "unset" %]
+      unset
+    [% ELSE %]
+      change
+    [% END %]
+    the <strong>[% field_descs.$field FILTER html %]</strong> field
     [% IF oldvalue.defined AND oldvalue != "" %]
       from <em>[% oldvalue.join(', ') FILTER html %]</em>
     [% END %]
author	Simon Green <mail@simon.green>	2015-08-19 08:17:13 +0200
committer	Simon Green <mail@simon.green>	2015-08-19 08:17:13 +0200
commit	727ba2a265bf860c6463eb70fb0c5c256fddd434 (patch)
tree	63bb37f8054dac72b62beeed612f9c0d074f98ee
parent	fe168e2dc6771d97e9c672f207e49e354a0ec892 (diff)
download	bugzilla-727ba2a265bf860c6463eb70fb0c5c256fddd434.tar.gz bugzilla-727ba2a265bf860c6463eb70fb0c5c256fddd434.tar.xz