summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-05-06 22:42:31 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2011-05-06 22:42:31 +0200
commitf0fede65121748fb8b5404a0bdde3616d37eaf51 (patch)
treebdb944c3a31f0564459ce390fc94ff4afb5c6b41
parentc60cce7d4f4f175ddf723d9def271ad9a964034a (diff)
downloadbugzilla-f0fede65121748fb8b5404a0bdde3616d37eaf51.tar.gz
bugzilla-f0fede65121748fb8b5404a0bdde3616d37eaf51.tar.xz
Bug 653341: Bug.create() fails to error out if an invalid group is passed
r/a=mkanat
-rw-r--r--Bugzilla/Bug.pm13
-rw-r--r--Bugzilla/WebService/Bug.pm14
-rw-r--r--Bugzilla/WebService/Constants.pm1
-rw-r--r--template/en/default/global/user-error.html.tmpl7
4 files changed, 26 insertions, 9 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index beafcfa8c..f3d635344 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1641,11 +1641,14 @@ sub _check_groups {
# First check all the groups they chose to set.
foreach my $name (@$group_names) {
- # We don't want to expose the existence or non-existence of groups,
- # so instead of doing check(), we just do "next" on an invalid
- # group.
- my $group = new Bugzilla::Group({ name => $name }) or next;
- next if !$product->group_is_settable($group);
+ my $group = Bugzilla::Group->check(
+ { name => $name, product => $product,
+ _error => 'group_restriction_not_allowed' });
+
+ if (!$product->group_is_settable($group)) {
+ ThrowUserError('group_restriction_not_allowed',
+ { name => $name, product => $product });
+ }
$add_groups{$group->id} = $group;
}
}
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 582a9ce91..733104286 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -2267,9 +2267,8 @@ is private, otherwise it is assumed to be public.
=item C<groups> (array) - An array of group names to put this
bug into. You can see valid group names on the Permissions
tab of the Preferences screen, or, if you are an administrator,
-in the Groups control panel. Note that invalid group names or
-groups that the bug can't be restricted to are silently ignored. If
-you don't specify this argument, then a bug will be added into
+in the Groups control panel.
+If you don't specify this argument, then the bug will be added into
all the groups that are set as being "Default" for this product. (If
you want to avoid that, you should specify C<groups> as an empty array.)
@@ -2330,6 +2329,11 @@ You didn't specify a summary for the bug.
You specified values in the C<blocks> or C<depends_on> fields
that would cause a circular dependency between bugs.
+=item 120 (Group Restriction Denied)
+
+You tried to restrict the bug to a group which does not exist, or which
+you cannot use with this product.
+
=item 504 (Invalid User)
Either the QA Contact, Assignee, or CC lists have some invalid user
@@ -2346,7 +2350,9 @@ B<Required>, due to a bug in Bugzilla.
=item The C<groups> argument was added in Bugzilla B<4.0>. Before
Bugzilla 4.0, bugs were only added into Mandatory groups by this
-method.
+method. Since Bugzilla B<4.0.2>, passing an illegal group name will
+throw an error. In Bugzilla 4.0 and 4.0.1, illegal group names were
+silently ignored.
=item The C<comment_is_private> argument was added in Bugzilla B<4.0>.
Before Bugzilla 4.0, you had to use the undocumented C<commentprivacy>
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index a1063864f..cb518b0bd 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -111,6 +111,7 @@ use constant WS_ERROR_CODE => {
# Bug-related group errors
group_change_denied => 120,
group_invalid_restriction => 120,
+ group_restriction_not_allowed => 120,
# Status/Resolution errors
missing_resolution => 121,
resolution_not_allowed => 122,
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index cda3d2e5d..1dd747f30 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -766,6 +766,13 @@
'[% product FILTER html %]' product can not be restricted to
that group.
+ [% ELSIF error == "group_restriction_not_allowed" %]
+ [% title = "Group Restriction Not Allowed" %]
+ You tried to restrict [% terms.abug %] to the "[% name FILTER html %]"
+ group, but either this group does not exist, or you are not allowed
+ to restrict [% terms.bugs %] to this group in the "[% product.name FILTER html %]"
+ product.
+
[% ELSIF error == "group_not_specified" %]
[% title = "Group not specified" %]
No group was specified.