diff options
| author | bbaetz%student.usyd.edu.au <> | 2002-05-22 08:36:25 +0200 |
|---|---|---|
| committer | bbaetz%student.usyd.edu.au <> | 2002-05-22 08:36:25 +0200 |
| commit | 7c4b8b322af3d6f23c0107732de46faf84bb39c3 (patch) | |
| tree | dbdb8431bca3cc891d33e3c4468e842d7dc865ae /describecomponents.cgi | |
| parent | f3b6e880a28c2f7fbe62702f5557f8b32fc10ca0 (diff) | |
| download | bugzilla-7c4b8b322af3d6f23c0107732de46faf84bb39c3.tar.gz bugzilla-7c4b8b322af3d6f23c0107732de46faf84bb39c3.tar.xz | |
Bug 144565 - describecomponents.cgi shows wrong components when user has
access to only one product
Bug 145113 - describecomponents doesn't call quietly_check_login()
r=justdave, gerv
Diffstat (limited to 'describecomponents.cgi')
| -rwxr-xr-x | describecomponents.cgi | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/describecomponents.cgi b/describecomponents.cgi index 8d2c219f4..8ae98260b 100755 --- a/describecomponents.cgi +++ b/describecomponents.cgi @@ -36,13 +36,15 @@ require "CGI.pl"; ConnectToDatabase(); GetVersionTable(); +quietly_check_login(); + if (!defined $::FORM{'product'}) { # Reference to a subset of %::proddesc, which the user is allowed to see my %products; if (Param("usebuggroups")) { # OK, now only add products the user can see - confirm_login(); + confirm_login() unless $::userid; foreach my $p (@::legal_product) { if (!GroupExists($p) || UserInGroup($p)) { $products{$p} = $::proddesc{$p}; @@ -72,7 +74,7 @@ if (!defined $::FORM{'product'}) { exit; } - $::FORM{'product'} = (keys %::proddesc)[0]; + $::FORM{'product'} = (keys %products)[0]; } my $product = $::FORM{'product'}; @@ -88,8 +90,8 @@ grep($product eq $_ , @::legal_product) && exit; # Make sure the user is authorized to access this product. -if (Param("usebuggroups") && GroupExists($product) && !$::userid) { - confirm_login(); +if (Param("usebuggroups") && GroupExists($product)) { + confirm_login() unless $::userid; UserInGroup($product) || DisplayError("You are not authorized to access that product.") && exit; |