summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2008-09-15 12:46:02 +0200
committerlpsolit%gmail.com <>2008-09-15 12:46:02 +0200
commit3805f522ac2e1ed2a9ebb383beee3a23b7105020 (patch)
tree473a07ee0de0a740d7aabfe6aa8a4425964f4c68 /Bugzilla
parentac1f49a8d936a91831162bafda0dd7236ee95108 (diff)
downloadbugzilla-3805f522ac2e1ed2a9ebb383beee3a23b7105020.tar.gz
bugzilla-3805f522ac2e1ed2a9ebb383beee3a23b7105020.tar.xz
Bug 455099: Some methods in Search.pm use the wrong user object to check privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Search.pm51
1 files changed, 8 insertions, 43 deletions
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 77000ce31..6dc2703fc 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -369,7 +369,7 @@ sub init {
my $sql_deadlinefrom;
my $sql_deadlineto;
- if (Bugzilla->user->in_group(Bugzilla->params->{'timetrackinggroup'})){
+ if ($user->is_timetracker) {
my $deadlinefrom;
my $deadlineto;
@@ -1292,12 +1292,7 @@ sub _commenter_exact {
$$sequence++;
}
my $table = "longdescs_$chartseq";
- my $extra = "";
- if (Bugzilla->params->{"insidergroup"}
- && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
- {
- $extra = "AND $table.isprivate < 1";
- }
+ my $extra = $user->is_insider ? "" : "AND $table.isprivate < 1";
push(@$supptables, "LEFT JOIN longdescs AS $table " .
"ON $table.bug_id = bugs.bug_id $extra " .
"AND $table.who IN ($match)");
@@ -1316,12 +1311,7 @@ sub _commenter {
$$sequence++;
}
my $table = "longdescs_$chartseq";
- my $extra = "";
- if (Bugzilla->params->{"insidergroup"}
- && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
- {
- $extra = "AND $table.isprivate < 1";
- }
+ my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1";
$$f = "login_name";
$$ff = "profiles.login_name";
$$funcsbykey{",$$t"}($self, %func_args);
@@ -1340,12 +1330,7 @@ sub _long_desc {
@func_args{qw(chartid supptables f)};
my $table = "longdescs_$$chartid";
- my $extra = "";
- if (Bugzilla->params->{"insidergroup"}
- && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
- {
- $extra = "AND $table.isprivate < 1";
- }
+ my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1";
push(@$supptables, "LEFT JOIN longdescs AS $table " .
"ON $table.bug_id = bugs.bug_id $extra");
$$f = "$table.thetext";
@@ -1358,12 +1343,7 @@ sub _longdescs_isprivate {
@func_args{qw(chartid supptables f)};
my $table = "longdescs_$$chartid";
- my $extra = "";
- if (Bugzilla->params->{"insidergroup"}
- && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
- {
- $extra = "AND $table.isprivate < 1";
- }
+ my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1";
push(@$supptables, "LEFT JOIN longdescs AS $table " .
"ON $table.bug_id = bugs.bug_id $extra");
$$f = "$table.isprivate";
@@ -1505,12 +1485,7 @@ sub _attach_data_thedata {
my $atable = "attachments_$$chartid";
my $dtable = "attachdata_$$chartid";
- my $extra = "";
- if (Bugzilla->params->{"insidergroup"}
- && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
- {
- $extra = "AND $atable.isprivate = 0";
- }
+ my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0";
push(@$supptables, "INNER JOIN attachments AS $atable " .
"ON bugs.bug_id = $atable.bug_id $extra");
push(@$supptables, "INNER JOIN attach_data AS $dtable " .
@@ -1525,12 +1500,7 @@ sub _attachments_submitter {
@func_args{qw(chartid supptables f)};
my $atable = "map_attachment_submitter_$$chartid";
- my $extra = "";
- if (Bugzilla->params->{"insidergroup"}
- && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
- {
- $extra = "AND $atable.isprivate = 0";
- }
+ my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0";
push(@$supptables, "INNER JOIN attachments AS $atable " .
"ON bugs.bug_id = $atable.bug_id $extra");
push(@$supptables, "LEFT JOIN profiles AS attachers_$$chartid " .
@@ -1546,12 +1516,7 @@ sub _attachments {
my $dbh = Bugzilla->dbh;
my $table = "attachments_$$chartid";
- my $extra = "";
- if (Bugzilla->params->{"insidergroup"}
- && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
- {
- $extra = "AND $table.isprivate = 0";
- }
+ my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate = 0";
push(@$supptables, "INNER JOIN attachments AS $table " .
"ON bugs.bug_id = $table.bug_id $extra");
$$f =~ m/^attachments\.(.*)$/;