Bug 189627: Implement per-product privileges - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk

1 files changed, 9 insertions, 9 deletions

diff --git a/editversions.cgi b/editversions.cgi
index 486756307..7bda6215d 100755
--- a/editversions.cgi
+++ b/editversions.cgi
@@ -35,7 +35,6 @@ use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::Util;
 use Bugzilla::Error;
-use Bugzilla::Product;
 use Bugzilla::Version;
 use Bugzilla::Token;
 
@@ -53,6 +52,7 @@ my $user = Bugzilla->login(LOGIN_REQUIRED);
 print $cgi->header();
 
 $user->in_group('editcomponents')
+  || scalar(@{$user->get_products_by_permission('editcomponents')})
   || ThrowUserError("auth_failure", {group  => "editcomponents",
                                      action => "edit",
                                      object => "versions"});
@@ -71,7 +71,13 @@ my $token        = $cgi->param('token');
 #
 
 unless ($product_name) {
-    $vars->{'products'} = $user->get_selectable_products;
+    my $selectable_products = $user->get_selectable_products;
+    # If the user has editcomponents privs for some products only,
+    # we have to restrict the list of products to display.
+    unless ($user->in_group('editcomponents')) {
+        $selectable_products = $user->get_products_by_permission('editcomponents');
+    }
+    $vars->{'products'} = $selectable_products;
     $vars->{'showbugcounts'} = $showbugcounts;
 
     $template->process("admin/versions/select-product.html.tmpl", $vars)
@@ -79,13 +85,7 @@ unless ($product_name) {
     exit;
 }
 
-# First make sure the product name is valid.
-my $product = Bugzilla::Product::check_product($product_name);
-
-# Then make sure the user is allowed to edit properties of this product.
-$user->can_see_product($product->name)
-  || ThrowUserError('product_access_denied', {product => $product->name});
-
+my $product = $user->check_can_admin_product($product_name);
 
 #
 # action='' -> Show nice list of versions