diff options
author | David Lawrence <dkl@mozilla.com> | 2016-04-04 18:39:14 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2016-04-04 18:39:14 +0200 |
commit | fc2d539c324a34254a5cb5e9ebeb386c39220f93 (patch) | |
tree | efbb2930e4b5ae0a348e180c771f3f8ab392006c /Bugzilla/Flag.pm | |
parent | c83c4f78bb91c27e2ffd0e5fb8091fe6795885b8 (diff) | |
download | bugzilla-fc2d539c324a34254a5cb5e9ebeb386c39220f93.tar.gz bugzilla-fc2d539c324a34254a5cb5e9ebeb386c39220f93.tar.xz |
Bug 1257662 - Disallow clearing a flag if the flag is set to allow granting by specifc group and changer is not in group
Diffstat (limited to 'Bugzilla/Flag.pm')
-rw-r--r-- | Bugzilla/Flag.pm | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index 07041bd79..c6c979fa7 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -782,13 +782,13 @@ sub _check_setter { # Make sure the user is authorized to modify flags, see bug 180879: # - The flag exists and is unchanged. # - The flag setter can unset flag. - # - Users in the request_group can clear pending requests and set flags - # and can rerequest set flags. - # - Users in the grant_group can set/clear flags, including "+" and "-". + # - Users in the request_group can clear pending requests + # - Users in the grant_group can set/cleari/request flags, including "+" and "-". unless (($status eq $self->{_old_status}) || ($status eq 'X' && $setter->id == Bugzilla->user->id) || (($status eq 'X' || $status eq '?') && $setter->can_request_flag($self->type)) + || $setter->can_unset_flag($self->type, $self->{_old_status}) || $setter->can_set_flag($self->type)) { ThrowUserError('flag_update_denied', |