diff options
| author | lpsolit%gmail.com <> | 2006-11-11 01:51:27 +0100 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-11-11 01:51:27 +0100 |
| commit | 0d3a72b793725118641c4d7abf511b4fc98f7aef (patch) | |
| tree | c5a7b0fbcb401fdc3a083bb94b0b6345962d0bac /editcomponents.cgi | |
| parent | bd49bafdb5915a8e738dcbb82c88e8ffdf65a769 (diff) | |
| download | bugzilla-0d3a72b793725118641c4d7abf511b4fc98f7aef.tar.gz bugzilla-0d3a72b793725118641c4d7abf511b4fc98f7aef.tar.xz | |
Bug 189627: Implement per-product privileges - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editcomponents.cgi')
| -rwxr-xr-x | editcomponents.cgi | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/editcomponents.cgi b/editcomponents.cgi index 2ff41d628..17ad290c5 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -36,7 +36,6 @@ use Bugzilla::Series; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; -use Bugzilla::Product; use Bugzilla::Component; use Bugzilla::Bug; use Bugzilla::Token; @@ -76,6 +75,7 @@ my $whoid = $user->id; print $cgi->header(); $user->in_group('editcomponents') + || scalar(@{$user->get_products_by_permission('editcomponents')}) || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "components"}); @@ -94,7 +94,13 @@ my $token = $cgi->param('token'); # unless ($product_name) { - $vars->{'products'} = $user->get_selectable_products; + my $selectable_products = $user->get_selectable_products; + # If the user has editcomponents privs for some products only, + # we have to restrict the list of products to display. + unless ($user->in_group('editcomponents')) { + $selectable_products = $user->get_products_by_permission('editcomponents'); + } + $vars->{'products'} = $selectable_products; $vars->{'showbugcounts'} = $showbugcounts; $template->process("admin/components/select-product.html.tmpl", $vars) @@ -102,13 +108,7 @@ unless ($product_name) { exit; } -# First make sure the product name is valid. -my $product = Bugzilla::Product::check_product($product_name); - -# Then make sure the user is allowed to edit properties of this product. -$user->can_see_product($product->name) - || ThrowUserError('product_access_denied', {product => $product->name}); - +my $product = $user->check_can_admin_product($product_name); # # action='' -> Show nice list of components |