summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2014-03-21 11:58:45 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2014-03-21 11:58:45 +0100
commit1327ff9a6a65b31d9cad315a968b6d3bdab54b89 (patch)
treefb0529638e074a0049f7de9b05a0239160bdb38c /Bugzilla
parente477b10a327c55ab88f8edb5991a1214670716b1 (diff)
downloadbugzilla-1327ff9a6a65b31d9cad315a968b6d3bdab54b89.tar.gz
bugzilla-1327ff9a6a65b31d9cad315a968b6d3bdab54b89.tar.xz
Bug 294021: Allow requestees to set attachment flags even if they don't have editbugs privs
r=gerv a=justdave
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Attachment.pm11
-rw-r--r--Bugzilla/Flag.pm2
-rw-r--r--Bugzilla/WebService/Bug.pm2
3 files changed, 7 insertions, 8 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index c90d8ea8e..8aa2c3c63 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -700,28 +700,27 @@ sub get_attachments_by_bug {
=pod
-=item C<validate_can_edit($attachment, $product_id)>
+=item C<validate_can_edit>
Description: validates if the user is allowed to view and edit the attachment.
Only the submitter or someone with editbugs privs can edit it.
Only the submitter and users in the insider group can view
private attachments.
-Params: $attachment - the attachment object being edited.
- $product_id - the product ID the attachment belongs to.
+Params: none
Returns: 1 on success, 0 otherwise.
=cut
sub validate_can_edit {
- my ($attachment, $product_id) = @_;
+ my $attachment = shift;
my $user = Bugzilla->user;
# The submitter can edit their attachments.
return ($attachment->attacher->id == $user->id
|| ((!$attachment->isprivate || $user->is_insider)
- && $user->in_group('editbugs', $product_id))) ? 1 : 0;
+ && $user->in_group('editbugs', $attachment->bug->product_id))) ? 1 : 0;
}
=item C<validate_obsolete($bug, $attach_ids)>
@@ -758,7 +757,7 @@ sub validate_obsolete {
|| ThrowUserError('invalid_attach_id', $vars);
# Check that the user can view and edit this attachment.
- $attachment->validate_can_edit($bug->product_id)
+ $attachment->validate_can_edit
|| ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
if ($attachment->bug_id != $bug->bug_id) {
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index 177857ada..ff9d236db 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -825,7 +825,7 @@ sub extract_flags_from_cgi {
# Extract a list of existing flag IDs.
my @flag_ids = map(/^flag-(\d+)$/ ? $1 : (), $cgi->param());
- return () if (!scalar(@flagtype_ids) && !scalar(@flag_ids));
+ return ([], []) unless (scalar(@flagtype_ids) || scalar(@flag_ids));
my (@new_flags, @flags);
foreach my $flag_id (@flag_ids) {
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 09f6e1adc..3af8169b4 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -852,7 +852,7 @@ sub update_attachment {
|| ThrowUserError("invalid_attach_id", { attach_id => $id });
my $bug = $attachment->bug;
$attachment->_check_bug;
- $attachment->validate_can_edit($bug->product_id)
+ $attachment->validate_can_edit
|| ThrowUserError("illegal_attachment_edit", { attach_id => $id });
push @attachments, $attachment;