diff options
author | Byron Jones <glob@mozilla.com> | 2015-05-08 07:25:40 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-05-08 07:25:40 +0200 |
commit | e4362dad68b2b9180de14d7683d7645e17206f53 (patch) | |
tree | 36bc5d2b30191af8535291382746f2d4a4fa3f9e /Bugzilla | |
parent | 33a4bd46fd17ab28567cdeb2eb3733901f2a033e (diff) | |
download | bugzilla-e4362dad68b2b9180de14d7683d7645e17206f53.tar.gz bugzilla-e4362dad68b2b9180de14d7683d7645e17206f53.tar.xz |
Bug 1149055: flag requestees are unable to set an attachment flag via a the update_attachment webservice if they do not have editbugs
r=dkl,a=glob
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/API/1_0/Resource/Bug.pm | 33 | ||||
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 33 |
2 files changed, 54 insertions, 12 deletions
diff --git a/Bugzilla/API/1_0/Resource/Bug.pm b/Bugzilla/API/1_0/Resource/Bug.pm index 61db5950b..c0be3c730 100644 --- a/Bugzilla/API/1_0/Resource/Bug.pm +++ b/Bugzilla/API/1_0/Resource/Bug.pm @@ -1028,8 +1028,6 @@ sub update_attachment { || ThrowUserError("invalid_attach_id", { attach_id => $id }); my $bug = $attachment->bug; $attachment->_check_bug; - $attachment->validate_can_edit - || ThrowUserError("illegal_attachment_edit", { attach_id => $id }); push @attachments, $attachment; $bugs{$bug->id} = $bug; @@ -1049,10 +1047,33 @@ sub update_attachment { # Update the values foreach my $attachment (@attachments) { - $attachment->set_all($params); - if ($flags) { - my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment); - $attachment->set_flags($old_flags, $new_flags); + my ($update_flags, $new_flags) = $flags + ? extract_flags($flags, $attachment->bug, $attachment) + : ([], []); + if ($attachment->validate_can_edit) { + $attachment->set_all($params); + $attachment->set_flags($update_flags, $new_flags) if $flags; + } + elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) { + # Requestees can set flags targetted to them, even if they cannot + # edit the attachment. Flag setters can edit their own flags too. + my %flag_list = map { $_->{id} => $_ } @$update_flags; + my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]); + my @editable_flags; + foreach my $flag_obj (@$flag_objs) { + if ($flag_obj->setter_id == $user->id + || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id)) + { + push(@editable_flags, $flag_list{$flag_obj->id}); + } + } + if (!scalar @editable_flags) { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); + } + $attachment->set_flags(\@editable_flags, []); + } + else { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); } } diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index f034d90d5..47c047745 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -899,8 +899,6 @@ sub update_attachment { || ThrowUserError("invalid_attach_id", { attach_id => $id }); my $bug = $attachment->bug; $attachment->_check_bug; - $attachment->validate_can_edit - || ThrowUserError("illegal_attachment_edit", { attach_id => $id }); push @attachments, $attachment; $bugs{$bug->id} = $bug; @@ -920,10 +918,33 @@ sub update_attachment { # Update the values foreach my $attachment (@attachments) { - $attachment->set_all($params); - if ($flags) { - my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment); - $attachment->set_flags($old_flags, $new_flags); + my ($update_flags, $new_flags) = $flags + ? extract_flags($flags, $attachment->bug, $attachment) + : ([], []); + if ($attachment->validate_can_edit) { + $attachment->set_all($params); + $attachment->set_flags($update_flags, $new_flags) if $flags; + } + elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) { + # Requestees can set flags targetted to them, even if they cannot + # edit the attachment. Flag setters can edit their own flags too. + my %flag_list = map { $_->{id} => $_ } @$update_flags; + my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]); + my @editable_flags; + foreach my $flag_obj (@$flag_objs) { + if ($flag_obj->setter_id == $user->id + || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id)) + { + push(@editable_flags, $flag_list{$flag_obj->id}); + } + } + if (!scalar @editable_flags) { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); + } + $attachment->set_flags(\@editable_flags, []); + } + else { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); } } |