diff options
author | lpsolit%gmail.com <> | 2006-01-21 22:48:56 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-01-21 22:48:56 +0100 |
commit | fb8598cd25fb5dfeecde63662079d92116a2d647 (patch) | |
tree | f3448a07f8f43c01080ea7c65eaf62b83576b290 /editgroups.cgi | |
parent | a75e969bae29b41c1b1b6d8020e8555fb4e821f9 (diff) | |
download | bugzilla-fb8598cd25fb5dfeecde63662079d92116a2d647.tar.gz bugzilla-fb8598cd25fb5dfeecde63662079d92116a2d647.tar.xz |
Bug 323955: Deleting a group incorrectly checks for user group membership (miss group inheritance) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=joel a=justdave
Diffstat (limited to 'editgroups.cgi')
-rwxr-xr-x | editgroups.cgi | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/editgroups.cgi b/editgroups.cgi index 92cd475c3..617260230 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -32,6 +32,7 @@ use lib "."; use Bugzilla; use Bugzilla::Constants; use Bugzilla::Group; +use Bugzilla::User; require "globals.pl"; my $cgi = Bugzilla->cgi; @@ -338,10 +339,12 @@ if ($action eq 'del') { ThrowUserError("system_group_not_deletable", { name => $name }); } - my $hasusers = $dbh->selectrow_array('SELECT 1 FROM user_group_map - WHERE group_id = ? AND isbless = 0 ' . - $dbh->sql_limit(1), - undef, $gid) || 0; + # Group inheritance no longer appears in user_group_map. + my $grouplist = join(',', @{Bugzilla::User->flatten_group_membership($gid)}); + my $hasusers = + $dbh->selectrow_array("SELECT 1 FROM user_group_map + WHERE group_id IN ($grouplist) AND isbless = 0 " . + $dbh->sql_limit(1)) || 0; my $bug_ids = $dbh->selectcol_arrayref('SELECT bug_id FROM bug_group_map WHERE group_id = ?', undef, $gid); @@ -391,10 +394,13 @@ if ($action eq 'delete') { my $cantdelete = 0; - my $hasusers = $dbh->selectrow_array('SELECT 1 FROM user_group_map - WHERE group_id = ? AND isbless = 0 ' . - $dbh->sql_limit(1), - undef, $gid) || 0; + # Group inheritance no longer appears in user_group_map. + my $grouplist = join(',', @{Bugzilla::User->flatten_group_membership($gid)}); + my $hasusers = + $dbh->selectrow_array("SELECT 1 FROM user_group_map + WHERE group_id IN ($grouplist) AND isbless = 0 " . + $dbh->sql_limit(1)) || 0; + if ($hasusers && !defined $cgi->param('removeusers')) { $cantdelete = 1; } |