summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-05-08 07:25:40 +0200
committerByron Jones <glob@mozilla.com>2015-05-08 07:25:40 +0200
commite4362dad68b2b9180de14d7683d7645e17206f53 (patch)
tree36bc5d2b30191af8535291382746f2d4a4fa3f9e /Bugzilla
parent33a4bd46fd17ab28567cdeb2eb3733901f2a033e (diff)
downloadbugzilla-e4362dad68b2b9180de14d7683d7645e17206f53.tar.gz
bugzilla-e4362dad68b2b9180de14d7683d7645e17206f53.tar.xz
Bug 1149055: flag requestees are unable to set an attachment flag via a the update_attachment webservice if they do not have editbugs
r=dkl,a=glob
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/API/1_0/Resource/Bug.pm33
-rw-r--r--Bugzilla/WebService/Bug.pm33
2 files changed, 54 insertions, 12 deletions
diff --git a/Bugzilla/API/1_0/Resource/Bug.pm b/Bugzilla/API/1_0/Resource/Bug.pm
index 61db5950b..c0be3c730 100644
--- a/Bugzilla/API/1_0/Resource/Bug.pm
+++ b/Bugzilla/API/1_0/Resource/Bug.pm
@@ -1028,8 +1028,6 @@ sub update_attachment {
|| ThrowUserError("invalid_attach_id", { attach_id => $id });
my $bug = $attachment->bug;
$attachment->_check_bug;
- $attachment->validate_can_edit
- || ThrowUserError("illegal_attachment_edit", { attach_id => $id });
push @attachments, $attachment;
$bugs{$bug->id} = $bug;
@@ -1049,10 +1047,33 @@ sub update_attachment {
# Update the values
foreach my $attachment (@attachments) {
- $attachment->set_all($params);
- if ($flags) {
- my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment);
- $attachment->set_flags($old_flags, $new_flags);
+ my ($update_flags, $new_flags) = $flags
+ ? extract_flags($flags, $attachment->bug, $attachment)
+ : ([], []);
+ if ($attachment->validate_can_edit) {
+ $attachment->set_all($params);
+ $attachment->set_flags($update_flags, $new_flags) if $flags;
+ }
+ elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) {
+ # Requestees can set flags targetted to them, even if they cannot
+ # edit the attachment. Flag setters can edit their own flags too.
+ my %flag_list = map { $_->{id} => $_ } @$update_flags;
+ my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]);
+ my @editable_flags;
+ foreach my $flag_obj (@$flag_objs) {
+ if ($flag_obj->setter_id == $user->id
+ || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id))
+ {
+ push(@editable_flags, $flag_list{$flag_obj->id});
+ }
+ }
+ if (!scalar @editable_flags) {
+ ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id });
+ }
+ $attachment->set_flags(\@editable_flags, []);
+ }
+ else {
+ ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id });
}
}
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index f034d90d5..47c047745 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -899,8 +899,6 @@ sub update_attachment {
|| ThrowUserError("invalid_attach_id", { attach_id => $id });
my $bug = $attachment->bug;
$attachment->_check_bug;
- $attachment->validate_can_edit
- || ThrowUserError("illegal_attachment_edit", { attach_id => $id });
push @attachments, $attachment;
$bugs{$bug->id} = $bug;
@@ -920,10 +918,33 @@ sub update_attachment {
# Update the values
foreach my $attachment (@attachments) {
- $attachment->set_all($params);
- if ($flags) {
- my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment);
- $attachment->set_flags($old_flags, $new_flags);
+ my ($update_flags, $new_flags) = $flags
+ ? extract_flags($flags, $attachment->bug, $attachment)
+ : ([], []);
+ if ($attachment->validate_can_edit) {
+ $attachment->set_all($params);
+ $attachment->set_flags($update_flags, $new_flags) if $flags;
+ }
+ elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) {
+ # Requestees can set flags targetted to them, even if they cannot
+ # edit the attachment. Flag setters can edit their own flags too.
+ my %flag_list = map { $_->{id} => $_ } @$update_flags;
+ my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]);
+ my @editable_flags;
+ foreach my $flag_obj (@$flag_objs) {
+ if ($flag_obj->setter_id == $user->id
+ || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id))
+ {
+ push(@editable_flags, $flag_list{$flag_obj->id});
+ }
+ }
+ if (!scalar @editable_flags) {
+ ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id });
+ }
+ $attachment->set_flags(\@editable_flags, []);
+ }
+ else {
+ ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id });
}
}