diff options
| author | bugreport%peshkin.net <> | 2005-10-22 22:07:05 +0200 |
|---|---|---|
| committer | bugreport%peshkin.net <> | 2005-10-22 22:07:05 +0200 |
| commit | d0042bb7c9340ef4dd80b3abe3b2f45ed4bf862b (patch) | |
| tree | 5e6ba1c72c6a1ca951034e09789ad600519ab5b5 | |
| parent | 6d4505ccf740f740fd4f3ffa438316f0b81a61c0 (diff) | |
| download | bugzilla-d0042bb7c9340ef4dd80b3abe3b2f45ed4bf862b.tar.gz bugzilla-d0042bb7c9340ef4dd80b3abe3b2f45ed4bf862b.tar.xz | |
Bug 312787 When strict_isolation is set, do not permit users to alter deps on bugs unless they can edit both bugs
Patch by Joel Peshkin <bugreport@peshkin.net>
r=kiko, a=justdave
| -rwxr-xr-x | process_bug.cgi | 7 | ||||
| -rw-r--r-- | template/en/default/admin/params/groupsecurity.html.tmpl | 10 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 7 |
3 files changed, 22 insertions, 2 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index adb6a3ded..dc119179c 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -165,6 +165,13 @@ foreach my $field ("dependson", "blocked") { $vars->{'field'} = $field; ThrowUserError("illegal_change", $vars); } + if (Param("strict_isolation")) { + my $deltabug = new Bugzilla::Bug($id, $user); + if (!$user->can_edit_product($deltabug->{'product_id'})) { + $vars->{'field'} = $field; + ThrowUserError("illegal_change_deps", $vars); + } + } } } else { # Bugzilla does not support mass-change of dependencies so they diff --git a/template/en/default/admin/params/groupsecurity.html.tmpl b/template/en/default/admin/params/groupsecurity.html.tmpl index d4e219a88..9016a7038 100644 --- a/template/en/default/admin/params/groupsecurity.html.tmpl +++ b/template/en/default/admin/params/groupsecurity.html.tmpl @@ -49,6 +49,12 @@ usevisibilitygroups => "Do you wish to restrict visibility of users to members of " _ "specific groups?", - strict_isolation => "Don't allow users to assign, be qa-contacts or add to CC list " _ - "any user that do not have permission to edit the bug." } + strict_isolation => "Don't allow users to be assigned to, " _ + "be qa-contacts on, " _ + "be added to CC list, " _ + "or make or remove dependencies " _ + "involving any bug that is in a product on which that " _ + "user is forbidden to edit.", + + } %] diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 334f1c54e..f0c828888 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -547,6 +547,13 @@ [% END %] a sufficiently empowered user may change that field. + [% ELSIF error == "illegal_change_deps" %] + [% title = "Not allowed" %] + You tried to change the + <strong>[% field_descs.$field FILTER html %]</strong> field + but only a user empowered to edit + both involved [% terms.bugs %] may change that field. + [% ELSIF error == "illegal_changed_in_last_x_days" %] [% title = "Your Search Makes No Sense" %] The <em>Changed in last ___ days</em> field must be a simple number. |