Bug 1262465 - ensure unprivileged users can mark a bug as security sensitive

3 files changed, 22 insertions, 2 deletions

diff --git a/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl
index 5740dabd8..a1e039405 100644
--- a/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl
+++ b/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl
@@ -144,6 +144,7 @@
   <input type="hidden" name="format" value="modal">
   <input type="hidden" name="editing" id="editing" value="">
   <input type="hidden" name="token" value="[% issue_hash_token([bug.id, bug.delta_ts]) FILTER html %]">
+  <input type="hidden" name="addselfcc" id="addselfcc" value="">
 
   [% PROCESS bug_modal/navigate.html.tmpl %]
 [% END %]
@@ -1046,7 +1047,7 @@
   collapsed = 1
   subtitle = bug.groups_in.size ? bug.groups_in.pluck("description").join(", ") : "public"
   hide_on_view = bug.groups_in.size == 0
-  hide_on_edit = bug.groups.size == 0
+  hide_on_edit = bug.groups.size == 0 && !bug.product_obj.default_security_group
 %]
   [% INCLUDE bug_modal/groups.html.tmpl %]
 [% END %]
diff --git a/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl
index 8315f2355..d60d1ef67 100644
--- a/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl
+++ b/extensions/BugModal/template/en/default/bug_modal/groups.html.tmpl
@@ -43,11 +43,25 @@
       </ul>
     [% END %]
   [% ELSE %]
-    This [% terms.bug %] is publicaly visible.
+    This [% terms.bug %] is publicly visible.
   [% END %]
 </div>
 
 <div class="groups edit-show" style="display:none">
+  [% UNLESS bug.in_group(bug.product_obj.default_security_group_obj)
+     || user.in_group(bug.product_obj.default_security_group)
+     || (user.id != bug.reporter.id && !user.in_group('editbugs')) %]
+    <div>
+      <input type="checkbox" name="groups"I class="restrict_sensitive"
+             value="[% bug.product_obj.default_security_group FILTER none %]"
+             id="group_[% bug.product_obj.default_security_group_obj.id FILTER html %]">
+      <label for="group_[% bug.product_obj.default_security_group_obj.id FILTER html %]"
+             title="This [% terms.bug %] is security sensitive and should be hidden from the public until it is resolved">
+        Restrict access to this [% terms.bug %]
+      </label>
+    </div>
+  [% END %]
+
   [% emitted_description = 0 %]
   [% FOREACH group IN bug.groups %]
     [% IF NOT emitted_description %]
diff --git a/extensions/BugModal/web/bug_modal.js b/extensions/BugModal/web/bug_modal.js
index a2e7be0c7..9bbe8b20c 100644
--- a/extensions/BugModal/web/bug_modal.js
+++ b/extensions/BugModal/web/bug_modal.js
@@ -1119,6 +1119,11 @@ $(function() {
             $('#add-cc').focus();
         });
 
+    // Add user to cc list if they mark the bug as security sensitive
+    $('.restrict_sensitive')
+        .change(function(event) {
+            $('#addselfcc').val($('#addselfcc').val() == 0 ? 1 : 0);
+        });
 
     // product change --> load components, versions, milestones, groups
     $('#product').data('default', $('#product').val());