diff options
author | lpsolit%gmail.com <> | 2006-11-11 01:51:27 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-11-11 01:51:27 +0100 |
commit | 0d3a72b793725118641c4d7abf511b4fc98f7aef (patch) | |
tree | c5a7b0fbcb401fdc3a083bb94b0b6345962d0bac /editversions.cgi | |
parent | bd49bafdb5915a8e738dcbb82c88e8ffdf65a769 (diff) | |
download | bugzilla-0d3a72b793725118641c4d7abf511b4fc98f7aef.tar.gz bugzilla-0d3a72b793725118641c4d7abf511b4fc98f7aef.tar.xz |
Bug 189627: Implement per-product privileges - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editversions.cgi')
-rwxr-xr-x | editversions.cgi | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/editversions.cgi b/editversions.cgi index 486756307..7bda6215d 100755 --- a/editversions.cgi +++ b/editversions.cgi @@ -35,7 +35,6 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; -use Bugzilla::Product; use Bugzilla::Version; use Bugzilla::Token; @@ -53,6 +52,7 @@ my $user = Bugzilla->login(LOGIN_REQUIRED); print $cgi->header(); $user->in_group('editcomponents') + || scalar(@{$user->get_products_by_permission('editcomponents')}) || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "versions"}); @@ -71,7 +71,13 @@ my $token = $cgi->param('token'); # unless ($product_name) { - $vars->{'products'} = $user->get_selectable_products; + my $selectable_products = $user->get_selectable_products; + # If the user has editcomponents privs for some products only, + # we have to restrict the list of products to display. + unless ($user->in_group('editcomponents')) { + $selectable_products = $user->get_products_by_permission('editcomponents'); + } + $vars->{'products'} = $selectable_products; $vars->{'showbugcounts'} = $showbugcounts; $template->process("admin/versions/select-product.html.tmpl", $vars) @@ -79,13 +85,7 @@ unless ($product_name) { exit; } -# First make sure the product name is valid. -my $product = Bugzilla::Product::check_product($product_name); - -# Then make sure the user is allowed to edit properties of this product. -$user->can_see_product($product->name) - || ThrowUserError('product_access_denied', {product => $product->name}); - +my $product = $user->check_can_admin_product($product_name); # # action='' -> Show nice list of versions |