diff options
| author | bugreport%peshkin.net <> | 2005-10-18 06:19:00 +0200 |
|---|---|---|
| committer | bugreport%peshkin.net <> | 2005-10-18 06:19:00 +0200 |
| commit | 1f9c83ae81c5c81d005fa0d9a428e23ea5126576 (patch) | |
| tree | 191cd91527ab952c5d2abe6d3a797bd415937494 /Bugzilla/Bug.pm | |
| parent | 1a84cc52fea5f653e51a6ec43c778d4452351964 (diff) | |
| download | bugzilla-1f9c83ae81c5c81d005fa0d9a428e23ea5126576.tar.gz bugzilla-1f9c83ae81c5c81d005fa0d9a428e23ea5126576.tar.xz | |
Bug 309681 Prevent users from adding another user who shouldn't have access to a bug as assignee or CC member
Patch by Gabriel Sales de Oliveira <gabriel@async.com.br>
r=joel, a=justdave
Diffstat (limited to 'Bugzilla/Bug.pm')
| -rwxr-xr-x | Bugzilla/Bug.pm | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 526f002b0..c08703789 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -1303,6 +1303,17 @@ sub ValidateDependencies { return %deps; } +#Verify if the new assignee belongs to the group of +#the product that the bug(s) is in. +sub can_add_user_to_bug { + my ($prod_id, $id, $uid) = @_; + my $user = new Bugzilla::User($uid); + if (!$user->can_edit_product($prod_id)) { + ThrowUserError("invalid_user_group", { 'user' => + $user->login, bug_id => $id }); + } +} + sub AUTOLOAD { use vars qw($AUTOLOAD); my $attr = $AUTOLOAD; |