diff options
| author | olav%bkor.dhs.org <> | 2006-10-23 07:41:40 +0200 |
|---|---|---|
| committer | olav%bkor.dhs.org <> | 2006-10-23 07:41:40 +0200 |
| commit | c33b4eb31dbf095c98bf5bf8950e114b80273f08 (patch) | |
| tree | 2a181b9f331c3624eb8c2410af321da745678102 /Bugzilla | |
| parent | e58ccfd7946e2f0164bdabf0b9dd68f31bdae287 (diff) | |
| download | bugzilla-c33b4eb31dbf095c98bf5bf8950e114b80273f08.tar.gz bugzilla-c33b4eb31dbf095c98bf5bf8950e114b80273f08.tar.xz | |
Bug 121576: fields should not be editable when viewing a bug if the user is not logged in
Patch by Olav Vitters <olav@bkor.dhs.org> r=LpSolit a=justdave
Diffstat (limited to 'Bugzilla')
| -rwxr-xr-x | Bugzilla/Bug.pm | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 597d52f53..afb8c567a 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -1192,14 +1192,7 @@ sub user { my $user = Bugzilla->user; my $canmove = Bugzilla->params->{'move-enabled'} && $user->is_mover; - # In the below, if the person hasn't logged in, then we treat them - # as if they can do anything. That's because we don't know why they - # haven't logged in; it may just be because they don't use cookies. - # Display everything as if they have all the permissions in the - # world; their permissions will get checked when they log in and - # actually try to make the change. - my $unknown_privileges = !$user->id - || $user->in_group("editbugs"); + my $unknown_privileges = $user->in_group("editbugs"); my $canedit = $unknown_privileges || $user->id == $self->{assigned_to_id} || (Bugzilla->params->{'useqacontact'} |