Bug 989650 - backport bug 294021 to bmo/4.2 to allow requestees to set attachment flags even if they don't have editbugs privs

r=glob

1 files changed, 7 insertions, 8 deletions

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index 2b2159346..f4f325908 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -713,28 +713,27 @@ sub get_attachments_by_bug {
 
 =pod
 
-=item C<validate_can_edit($attachment, $product_id)>
+=item C<validate_can_edit>
 
 Description: validates if the user is allowed to view and edit the attachment.
              Only the submitter or someone with editbugs privs can edit it.
              Only the submitter and users in the insider group can view
              private attachments.
 
-Params:      $attachment - the attachment object being edited.
-             $product_id - the product ID the attachment belongs to.
+Params:      none
 
 Returns:     1 on success, 0 otherwise.
 
 =cut
 
 sub validate_can_edit {
-    my ($attachment, $product_id) = @_;
+    my $self = shift;
     my $user = Bugzilla->user;
 
     # The submitter can edit their attachments.
-    return ($attachment->attacher->id == $user->id
-            || ((!$attachment->isprivate || $user->is_insider)
-                 && $user->in_group('editbugs', $product_id))) ? 1 : 0;
+    return ($self->attacher->id == $user->id
+            || ((!$self->isprivate || $user->is_insider)
+                 && $user->in_group('editbugs', $self->bug->product_id))) ? 1 : 0;
 }
 
 =item C<validate_obsolete($bug, $attach_ids)>
@@ -771,7 +770,7 @@ sub validate_obsolete {
           || ThrowUserError('invalid_attach_id', $vars);
 
         # Check that the user can view and edit this attachment.
-        $attachment->validate_can_edit($bug->product_id)
+        $attachment->validate_can_edit
           || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
 
         if ($attachment->bug_id != $bug->bug_id) {