diff options
| author | David Lawrence <dkl@mozilla.com> | 2017-01-03 15:45:51 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2017-01-03 15:45:51 +0100 |
| commit | 550a798284238af70960c8b4ab4fe276f40a9cbb (patch) | |
| tree | d0f55f0e59bfef95d56407b50921fb06c1f464a9 /extensions/BugModal | |
| parent | cad5c15d6610dde0e389736eb82be73921a2f705 (diff) | |
| download | bugzilla-550a798284238af70960c8b4ab4fe276f40a9cbb.tar.gz bugzilla-550a798284238af70960c8b4ab4fe276f40a9cbb.tar.xz | |
Bug 1262465 - ensure unprivileged users can mark a bug as security sensitive
Diffstat (limited to 'extensions/BugModal')
3 files changed, 22 insertions, 2 deletions
diff --git a/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl index 5740dabd8..a1e039405 100644 --- a/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl +++ b/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl @@ -144,6 +144,7 @@ <input type="hidden" name="format" value="modal"> <input type="hidden" name="editing" id="editing" value=""> <input type="hidden" name="token" value="[% issue_hash_token([bug.id, bug.delta_ts]) FILTER html %]"> + <input type="hidden" name="addselfcc" id="addselfcc" value=""> [% PROCESS bug_modal/navigate.html.tmpl %] [% END %] @@ -1046,7 +1047,7 @@ collapsed = 1 subtitle = bug.groups_in.size ? bug.groups_in.pluck("description").join(", ") : "public" hide_on_view = bug.groups_in.size == 0 - hide_on_edit = bug.groups.size == 0 + hide_on_edit = bug.groups.size == 0 && !bug.product_obj.default_security_group %] [% INCLUDE bug_modal/groups.html.tmpl %] [% END %] diff --git a/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl index 8315f2355..d60d1ef67 100644 --- a/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl +++ b/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl @@ -43,11 +43,25 @@ </ul> [% END %] [% ELSE %] - This [% terms.bug %] is publicaly visible. + This [% terms.bug %] is publicly visible. [% END %] </div> <div class="groups edit-show" style="display:none"> + [% UNLESS bug.in_group(bug.product_obj.default_security_group_obj) + || user.in_group(bug.product_obj.default_security_group) + || (user.id != bug.reporter.id && !user.in_group('editbugs')) %] + <div> + <input type="checkbox" name="groups"I class="restrict_sensitive" + value="[% bug.product_obj.default_security_group FILTER none %]" + id="group_[% bug.product_obj.default_security_group_obj.id FILTER html %]"> + <label for="group_[% bug.product_obj.default_security_group_obj.id FILTER html %]" + title="This [% terms.bug %] is security sensitive and should be hidden from the public until it is resolved"> + Restrict access to this [% terms.bug %] + </label> + </div> + [% END %] + [% emitted_description = 0 %] [% FOREACH group IN bug.groups %] [% IF NOT emitted_description %] diff --git a/extensions/BugModal/web/bug_modal.js b/extensions/BugModal/web/bug_modal.js index a2e7be0c7..9bbe8b20c 100644 --- a/extensions/BugModal/web/bug_modal.js +++ b/extensions/BugModal/web/bug_modal.js @@ -1119,6 +1119,11 @@ $(function() { $('#add-cc').focus(); }); + // Add user to cc list if they mark the bug as security sensitive + $('.restrict_sensitive') + .change(function(event) { + $('#addselfcc').val($('#addselfcc').val() == 0 ? 1 : 0); + }); // product change --> load components, versions, milestones, groups $('#product').data('default', $('#product').val()); |