diff options
| author | Robert Webb <rowebb@gmail.com> | 2011-09-01 22:24:27 +0200 |
|---|---|---|
| committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2011-09-01 22:24:27 +0200 |
| commit | 7a9a4fdc72fa194e1921ee157ae7f79507540f1c (patch) | |
| tree | fa37bf8cc697f8c9c9e0169885a5fa8389f9e713 /Bugzilla/WebService | |
| parent | 4055a481342339a5665df5b2ddb2f6843c66c368 (diff) | |
| download | bugzilla-7a9a4fdc72fa194e1921ee157ae7f79507540f1c.tar.gz bugzilla-7a9a4fdc72fa194e1921ee157ae7f79507540f1c.tar.xz | |
Bug 683025 - Add a check_for_edit to Bugzilla::Bug to return the bug object
if the user can edit the bug
r=mkanat, a=mkanat
Diffstat (limited to 'Bugzilla/WebService')
| -rw-r--r-- | Bugzilla/WebService/Bug.pm | 23 |
1 files changed, 4 insertions, 19 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 7844b4e97..63d04bb0b 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -481,7 +481,7 @@ sub update { my $ids = delete $params->{ids}; defined $ids || ThrowCodeError('param_required', { param => 'ids' }); - my @bugs = map { Bugzilla::Bug->check($_) } @$ids; + my @bugs = map { Bugzilla::Bug->check_for_edit($_) } @$ids; my %values = %$params; $values{other_bugs} = \@bugs; @@ -497,11 +497,6 @@ sub update { delete $values{flags}; foreach my $bug (@bugs) { - if (!$user->can_edit_product($bug->product_obj->id) ) { - ThrowUserError("product_edit_denied", - { product => $bug->product }); - } - $bug->set_all(\%values); } @@ -632,11 +627,7 @@ sub add_attachment { defined $params->{data} || ThrowCodeError('param_required', { param => 'data' }); - my @bugs = map { Bugzilla::Bug->check($_) } @{ $params->{ids} }; - foreach my $bug (@bugs) { - Bugzilla->user->can_edit_product($bug->product_id) - || ThrowUserError("product_edit_denied", {product => $bug->product}); - } + my @bugs = map { Bugzilla::Bug->check_for_edit($_) } @{ $params->{ids} }; my @created; $dbh->bz_start_transaction(); @@ -681,11 +672,8 @@ sub add_comment { (defined $comment && trim($comment) ne '') || ThrowCodeError('param_required', { param => 'comment' }); - my $bug = Bugzilla::Bug->check($params->{id}); + my $bug = Bugzilla::Bug->check_for_edit($params->{id}); - $user->can_edit_product($bug->product_id) - || ThrowUserError("product_edit_denied", {product => $bug->product}); - # Backwards-compatibility for versions before 3.6 if (defined $params->{private}) { $params->{is_private} = delete $params->{private}; @@ -726,10 +714,7 @@ sub update_see_also { my @bugs; foreach my $id (@{ $params->{ids} }) { - my $bug = Bugzilla::Bug->check($id); - $user->can_edit_product($bug->product_id) - || ThrowUserError("product_edit_denied", - { product => $bug->product }); + my $bug = Bugzilla::Bug->check_for_edit($id); push(@bugs, $bug); if ($remove) { $bug->remove_see_also($_) foreach @$remove; |