summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-10-05 18:21:39 +0200
committerByron Jones <glob@mozilla.com>2015-10-05 18:21:39 +0200
commit42270ffc2922c5883485804b7d76b8e2c8cb3ba1 (patch)
tree4cab89988032cb15d1e1978033cdbf99ffeeb6b7 /Bugzilla
parent200cbd80d9718345a95249b16f0d59b96e3f6eee (diff)
downloadbugzilla-42270ffc2922c5883485804b7d76b8e2c8cb3ba1.tar.gz
bugzilla-42270ffc2922c5883485804b7d76b8e2c8cb3ba1.tar.xz
Bug 1205748 - Can't mark inaccessible bug dependent on a regression it caused
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Bug.pm20
1 files changed, 15 insertions, 5 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 9e4135d1c..312039306 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1718,17 +1718,27 @@ sub _check_dependencies {
@bug_ids = grep {$_} @bug_ids;
# We do this up here to make sure all aliases are converted to IDs.
@bug_ids = map { $invocant->check($_, $type)->id } @bug_ids;
-
+
+ my $user = Bugzilla->user;
my @check_access = @bug_ids;
# When we're updating a bug, only added or removed bug_ids are
# checked for whether or not we can see/edit those bugs.
if (ref $invocant) {
my $old = $invocant->$type;
my ($removed, $added) = diff_arrays($old, \@bug_ids);
- @check_access = (@$added, @$removed);
-
+
+ # If a user has editbugs they are allowed to add dependencies on
+ # bugs that they cannot see -- only check access for bugs that are
+ # removed.
+ if ($user->in_group('editbugs')) {
+ @check_access = @$removed;
+ }
+ else {
+ @check_access = (@$added, @$removed);
+ }
+
# Check field permissions if we've changed anything.
- if (@check_access) {
+ if (@$added || @$removed) {
my $privs;
if (!$invocant->check_can_change_field($type, 0, 1, \$privs)) {
ThrowUserError('illegal_change', { field => $type,
@@ -1737,8 +1747,8 @@ sub _check_dependencies {
}
}
- my $user = Bugzilla->user;
foreach my $modified_id (@check_access) {
+ # Check that the user has access to the other bug.
my $delta_bug = $invocant->check($modified_id);
# Under strict isolation, you can't modify a bug if you can't
# edit it, even if you can see it.