diff options
| author | lpsolit%gmail.com <> | 2007-08-14 19:34:45 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2007-08-14 19:34:45 +0200 |
| commit | 1427884e689fa9c470f88bdefc7eabbb87b047c6 (patch) | |
| tree | fc72d03fda088bea4d296b3188e214a7b568427d /Bugzilla/Attachment.pm | |
| parent | 62a6b26925e2e80a31fcfe618102cfabeb76f700 (diff) | |
| download | bugzilla-1427884e689fa9c470f88bdefc7eabbb87b047c6.tar.gz bugzilla-1427884e689fa9c470f88bdefc7eabbb87b047c6.tar.xz | |
Bug 392175: Move isViewable out of attachment.cgi + some other minor cleanup - Patch by Frédéric Buclin <LpSolit@gmail.com>
Diffstat (limited to 'Bugzilla/Attachment.pm')
| -rw-r--r-- | Bugzilla/Attachment.pm | 49 |
1 files changed, 38 insertions, 11 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 893c46682..736959b2f 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -283,6 +283,40 @@ sub isprivate { =over +=item C<is_viewable> + +Returns 1 if the attachment has a content-type viewable in this browser. +Note that we don't use $cgi->Accept()'s ability to check if a content-type +matches, because this will return a value even if it's matched by the generic +*/* which most browsers add to the end of their Accept: headers. + +=back + +=cut + +sub is_viewable { + my $self = shift; + my $contenttype = $self->contenttype; + my $cgi = Bugzilla->cgi; + + # We assume we can view all text and image types. + return 1 if ($contenttype =~ /^(text|image)\//); + + # Mozilla can view XUL. Note the trailing slash on the Gecko detection to + # avoid sending XUL to Safari. + return 1 if (($contenttype =~ /^application\/vnd\.mozilla\./) + && ($cgi->user_agent() =~ /Gecko\//)); + + # If it's not one of the above types, we check the Accept: header for any + # types mentioned explicitly. + my $accept = join(",", $cgi->Accept()); + return 1 if ($accept =~ /^(.*,)?\Q$contenttype\E(,.*)?$/); + + return 0; +} + +=over + =item C<data> the content of the attachment @@ -625,19 +659,12 @@ Returns: 1 on success. Else an error is thrown. sub validate_can_edit { my ($attachment, $product_id) = @_; - my $dbh = Bugzilla->dbh; my $user = Bugzilla->user; - # Bug 97729 - the submitter can edit their attachments. - return if ($attachment->attacher->id == $user->id); - - # Only users in the insider group can view private attachments. - if ($attachment->isprivate && !$user->is_insider) { - ThrowUserError('illegal_attachment_edit', {attach_id => $attachment->id}); - } - - # Users with editbugs privs can edit all attachments. - return if $user->in_group('editbugs', $product_id); + # The submitter can edit their attachments. + return 1 if ($attachment->attacher->id == $user->id + || ((!$attachment->isprivate || $user->is_insider) + && $user->in_group('editbugs', $product_id))); # If we come here, then this attachment cannot be seen by the user. ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); |