diff options
| author | Simon Green <mail@simon.green> | 2015-08-19 08:17:13 +0200 |
|---|---|---|
| committer | Simon Green <mail@simon.green> | 2015-08-19 08:17:13 +0200 |
| commit | 727ba2a265bf860c6463eb70fb0c5c256fddd434 (patch) | |
| tree | 63bb37f8054dac72b62beeed612f9c0d074f98ee /Bugzilla/Bug.pm | |
| parent | fe168e2dc6771d97e9c672f207e49e354a0ec892 (diff) | |
| download | bugzilla-727ba2a265bf860c6463eb70fb0c5c256fddd434.tar.gz bugzilla-727ba2a265bf860c6463eb70fb0c5c256fddd434.tar.xz | |
Bug 404663 - aliases should be reserved for people w/ editbugs
r=dkl, a=simon
Diffstat (limited to 'Bugzilla/Bug.pm')
| -rw-r--r-- | Bugzilla/Bug.pm | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 0ec29623e..dda572ed7 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -177,6 +177,7 @@ sub VALIDATOR_DEPENDENCIES { if $cache->{bug_validator_dependencies}; my %deps = ( + alias => ['product'], assigned_to => ['component'], blocked => ['product'], bug_status => ['product', 'comment', 'target_milestone'], @@ -1388,12 +1389,24 @@ sub _send_bugmail { ##################################################################### sub _check_alias { - my ($invocant, $aliases) = @_; + my ($invocant, $aliases, undef, $params) = @_; $aliases = ref $aliases ? $aliases : [split(/[\s,]+/, $aliases)]; # Remove empty aliases @$aliases = grep { $_ } @$aliases; + my $product = blessed($invocant) ? $invocant->product_obj + : $params->{product}; + + # You need editbugs to edit these fields + unless (Bugzilla->user->in_group('editbugs', $product->id)) { + if (scalar @$aliases) { + ThrowUserError('illegal_change', { field => 'alias', + action => 'set', + privs => PRIVILEGES_REQUIRED_EMPOWERED }); + } + } + foreach my $alias (@$aliases) { $alias = trim($alias); @@ -2967,6 +2980,16 @@ sub add_alias { sub remove_alias { my ($self, $alias) = @_; + + my $privs; + my $can = $self->check_can_change_field('alias', '', $alias, \$privs); + if (!$can) { + ThrowUserError('illegal_change', { field => 'alias', + action => 'unset', + oldvalue => $alias, + privs => $privs }); + } + my $bug_aliases = $self->alias; @$bug_aliases = grep { $_ ne $alias } @$bug_aliases; } @@ -4442,6 +4465,12 @@ sub check_can_change_field { return 1; } + # You need editbugs in order to change the alias + if ($field eq 'alias') { + $$PrivilegesRequired = PRIVILEGES_REQUIRED_EMPOWERED; + return 0; + } + # *Only* users with (product-specific) "canconfirm" privs can confirm bugs. if ($self->_changes_everconfirmed($field, $oldvalue, $newvalue)) { $$PrivilegesRequired = PRIVILEGES_REQUIRED_EMPOWERED; |