diff options
author | lpsolit%gmail.com <> | 2005-04-28 11:14:25 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2005-04-28 11:14:25 +0200 |
commit | 95859bf15300cddd1ece82e8224367638f956f20 (patch) | |
tree | 91b595c4452d092da38e7cc876fa6ebdc4337396 /attachment.cgi | |
parent | e1ab613cf4f4324924fe33163b501c1835c5deb4 (diff) | |
download | bugzilla-95859bf15300cddd1ece82e8224367638f956f20.tar.gz bugzilla-95859bf15300cddd1ece82e8224367638f956f20.tar.xz |
Bug 274724: The 'Edit Attachment' link is now available even if a user does not have 'editbugs' privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=myk
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-x | attachment.cgi | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/attachment.cgi b/attachment.cgi index 2b119e7ff..8b9bdaafd 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -197,13 +197,6 @@ sub validateCanEdit { my ($attach_id) = (@_); - # If the user is not logged in, claim that they can edit. This allows - # the edit screen to be displayed to people who aren't logged in. - # People not logged in can't actually commit changes, because that code - # calls Bugzilla->login with LOGIN_REQUIRED, not with LOGIN_NORMAL, - # before calling this sub - return unless Bugzilla->user; - # People in editbugs can edit all attachments return if UserInGroup("editbugs"); @@ -1057,16 +1050,14 @@ sub insert || ThrowTemplateError($template->error()); } -# Edit an attachment record. Users with "editbugs" privileges, (or the -# original attachment's submitter) can edit the attachment's description, -# content type, ispatch and isobsolete flags, and statuses, and they can -# also submit a comment that appears in the bug. -# Users cannot edit the content of the attachment itself. +# Displays a form for editing attachment properties. +# Any user is allowed to access this page, unless the attachment +# is private and the user does not belong to the insider group. +# Validations are done later when the user submits changes. sub edit { # Retrieve and validate parameters my ($attach_id) = validateID(); - validateCanEdit($attach_id); # Retrieve the attachment from the database. SendSQL("SELECT description, mimetype, filename, bug_id, ispatch, isobsolete, isprivate, LENGTH(thedata) @@ -1124,7 +1115,11 @@ sub edit || ThrowTemplateError($template->error()); } -# Updates an attachment record. +# Updates an attachment record. Users with "editbugs" privileges, (or the +# original attachment's submitter) can edit the attachment's description, +# content type, ispatch and isobsolete flags, and statuses, and they can +# also submit a comment that appears in the bug. +# Users cannot edit the content of the attachment itself. sub update { my $dbh = Bugzilla->dbh; |