summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2010-02-17 23:00:52 +0100
committerReed Loden <reed@reedloden.com>2010-02-17 23:00:52 +0100
commitd758e50afca7d94da0510c76eccbb81567315a82 (patch)
tree462b4dfee1733384b48d38785363f1c269aa3ae3 /Bugzilla
parented751860d5613bc1c8617377fd28be4ede04dd78 (diff)
downloadbugzilla-d758e50afca7d94da0510c76eccbb81567315a82.tar.gz
bugzilla-d758e50afca7d94da0510c76eccbb81567315a82.tar.xz
Bug 537887 - "The flag setter should be able to unset a flag even if not in the request group"
[r=LpSolit a=LpSolit]
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Flag.pm2
1 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index 4f042cb74..90944a2a8 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -731,10 +731,12 @@ sub _check_setter {
# Make sure the user is authorized to modify flags, see bug 180879:
# - The flag exists and is unchanged.
+ # - The flag setter can unset flag.
# - Users in the request_group can clear pending requests and set flags
# and can rerequest set flags.
# - Users in the grant_group can set/clear flags, including "+" and "-".
unless (($status eq $self->{_old_status})
+ || ($status eq 'X' && $setter->id == Bugzilla->user->id)
|| (($status eq 'X' || $status eq '?')
&& $setter->can_request_flag($self->type))
|| $setter->can_set_flag($self->type))