summaryrefslogtreecommitdiffstats
path: root/editgroups.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-01-21 22:48:56 +0100
committerlpsolit%gmail.com <>2006-01-21 22:48:56 +0100
commitfb8598cd25fb5dfeecde63662079d92116a2d647 (patch)
treef3448a07f8f43c01080ea7c65eaf62b83576b290 /editgroups.cgi
parenta75e969bae29b41c1b1b6d8020e8555fb4e821f9 (diff)
downloadbugzilla-fb8598cd25fb5dfeecde63662079d92116a2d647.tar.gz
bugzilla-fb8598cd25fb5dfeecde63662079d92116a2d647.tar.xz
Bug 323955: Deleting a group incorrectly checks for user group membership (miss group inheritance) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=joel a=justdave
Diffstat (limited to 'editgroups.cgi')
-rwxr-xr-xeditgroups.cgi22
1 files changed, 14 insertions, 8 deletions
diff --git a/editgroups.cgi b/editgroups.cgi
index 92cd475c3..617260230 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -32,6 +32,7 @@ use lib ".";
use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::Group;
+use Bugzilla::User;
require "globals.pl";
my $cgi = Bugzilla->cgi;
@@ -338,10 +339,12 @@ if ($action eq 'del') {
ThrowUserError("system_group_not_deletable", { name => $name });
}
- my $hasusers = $dbh->selectrow_array('SELECT 1 FROM user_group_map
- WHERE group_id = ? AND isbless = 0 ' .
- $dbh->sql_limit(1),
- undef, $gid) || 0;
+ # Group inheritance no longer appears in user_group_map.
+ my $grouplist = join(',', @{Bugzilla::User->flatten_group_membership($gid)});
+ my $hasusers =
+ $dbh->selectrow_array("SELECT 1 FROM user_group_map
+ WHERE group_id IN ($grouplist) AND isbless = 0 " .
+ $dbh->sql_limit(1)) || 0;
my $bug_ids = $dbh->selectcol_arrayref('SELECT bug_id FROM bug_group_map
WHERE group_id = ?', undef, $gid);
@@ -391,10 +394,13 @@ if ($action eq 'delete') {
my $cantdelete = 0;
- my $hasusers = $dbh->selectrow_array('SELECT 1 FROM user_group_map
- WHERE group_id = ? AND isbless = 0 ' .
- $dbh->sql_limit(1),
- undef, $gid) || 0;
+ # Group inheritance no longer appears in user_group_map.
+ my $grouplist = join(',', @{Bugzilla::User->flatten_group_membership($gid)});
+ my $hasusers =
+ $dbh->selectrow_array("SELECT 1 FROM user_group_map
+ WHERE group_id IN ($grouplist) AND isbless = 0 " .
+ $dbh->sql_limit(1)) || 0;
+
if ($hasusers && !defined $cgi->param('removeusers')) {
$cantdelete = 1;
}