summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-04-28 11:14:25 +0200
committerlpsolit%gmail.com <>2005-04-28 11:14:25 +0200
commit95859bf15300cddd1ece82e8224367638f956f20 (patch)
tree91b595c4452d092da38e7cc876fa6ebdc4337396 /attachment.cgi
parente1ab613cf4f4324924fe33163b501c1835c5deb4 (diff)
downloadbugzilla-95859bf15300cddd1ece82e8224367638f956f20.tar.gz
bugzilla-95859bf15300cddd1ece82e8224367638f956f20.tar.xz
Bug 274724: The 'Edit Attachment' link is now available even if a user does not have 'editbugs' privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=myk
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi23
1 files changed, 9 insertions, 14 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 2b119e7ff..8b9bdaafd 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -197,13 +197,6 @@ sub validateCanEdit
{
my ($attach_id) = (@_);
- # If the user is not logged in, claim that they can edit. This allows
- # the edit screen to be displayed to people who aren't logged in.
- # People not logged in can't actually commit changes, because that code
- # calls Bugzilla->login with LOGIN_REQUIRED, not with LOGIN_NORMAL,
- # before calling this sub
- return unless Bugzilla->user;
-
# People in editbugs can edit all attachments
return if UserInGroup("editbugs");
@@ -1057,16 +1050,14 @@ sub insert
|| ThrowTemplateError($template->error());
}
-# Edit an attachment record. Users with "editbugs" privileges, (or the
-# original attachment's submitter) can edit the attachment's description,
-# content type, ispatch and isobsolete flags, and statuses, and they can
-# also submit a comment that appears in the bug.
-# Users cannot edit the content of the attachment itself.
+# Displays a form for editing attachment properties.
+# Any user is allowed to access this page, unless the attachment
+# is private and the user does not belong to the insider group.
+# Validations are done later when the user submits changes.
sub edit
{
# Retrieve and validate parameters
my ($attach_id) = validateID();
- validateCanEdit($attach_id);
# Retrieve the attachment from the database.
SendSQL("SELECT description, mimetype, filename, bug_id, ispatch, isobsolete, isprivate, LENGTH(thedata)
@@ -1124,7 +1115,11 @@ sub edit
|| ThrowTemplateError($template->error());
}
-# Updates an attachment record.
+# Updates an attachment record. Users with "editbugs" privileges, (or the
+# original attachment's submitter) can edit the attachment's description,
+# content type, ispatch and isobsolete flags, and statuses, and they can
+# also submit a comment that appears in the bug.
+# Users cannot edit the content of the attachment itself.
sub update
{
my $dbh = Bugzilla->dbh;