summaryrefslogtreecommitdiffstats
path: root/extensions/Example
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-08-15 23:46:13 +0200
committerDave Lawrence <dlawrence@mozilla.com>2012-08-15 23:46:13 +0200
commitba0b995c4453d3642e19343fa98f1b4034114f39 (patch)
tree4591772b7175810ed33fb1267ff393b771b59dd7 /extensions/Example
parent5bcba2b42c531a50c0017a262e879b0b42940b53 (diff)
downloadbugzilla-ba0b995c4453d3642e19343fa98f1b4034114f39.tar.gz
bugzilla-ba0b995c4453d3642e19343fa98f1b4034114f39.tar.xz
Bug 779088 - Allow extensions to whitelist PATH_INFO
Diffstat (limited to 'extensions/Example')
-rw-r--r--extensions/Example/Extension.pm110
1 files changed, 58 insertions, 52 deletions
diff --git a/extensions/Example/Extension.pm b/extensions/Example/Extension.pm
index 885a8e8ff..8eef19a6e 100644
--- a/extensions/Example/Extension.pm
+++ b/extensions/Example/Extension.pm
@@ -44,6 +44,20 @@ use constant REL_EXAMPLE => -127;
our $VERSION = '1.0';
+sub admin_editusers_action {
+ my ($self, $args) = @_;
+ my ($vars, $action, $user) = @$args{qw(vars action user)};
+ my $template = Bugzilla->template;
+
+ if ($action eq 'my_action') {
+ # Allow to restrict the search to any group the user is allowed to bless.
+ $vars->{'restrictablegroups'} = $user->bless_groups();
+ $template->process('admin/users/search.html.tmpl', $vars)
+ || ThrowTemplateError($template->error());
+ exit;
+ }
+}
+
sub attachment_process_data {
my ($self, $args) = @_;
my $type = $args->{attributes}->{mimetype};
@@ -80,6 +94,44 @@ sub auth_verify_methods {
}
}
+sub bug_check_can_change_field {
+ my ($self, $args) = @_;
+
+ my ($bug, $field, $new_value, $old_value, $priv_results)
+ = @$args{qw(bug field new_value old_value priv_results)};
+
+ my $user = Bugzilla->user;
+
+ # Disallow a bug from being reopened if currently closed unless user
+ # is in 'admin' group
+ if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') {
+ if (!is_open_state($old_value) && is_open_state($new_value)
+ && !$user->in_group('admin'))
+ {
+ push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED);
+ return;
+ }
+ }
+
+ # Disallow a bug's keywords from being edited unless user is the
+ # reporter of the bug
+ if ($field eq 'keywords' && $bug->product_obj->name eq 'Example'
+ && $user->login ne $bug->reporter->login)
+ {
+ push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER);
+ return;
+ }
+
+ # Allow updating of priority even if user cannot normally edit the bug
+ # and they are in group 'engineering'
+ if ($field eq 'priority' && $bug->product_obj->name eq 'Example'
+ && $user->in_group('engineering'))
+ {
+ push(@$priv_results, PRIVILEGES_REQUIRED_NONE);
+ return;
+ }
+}
+
sub bug_columns {
my ($self, $args) = @_;
my $columns = $args->{'columns'};
@@ -691,6 +743,12 @@ sub page_before_template {
}
}
+sub path_info_whitelist {
+ my ($self, $args) = @_;
+ my $whitelist = $args->{whitelist};
+ push(@$whitelist, "page.cgi");
+}
+
sub post_bug_after_creation {
my ($self, $args) = @_;
@@ -819,58 +877,6 @@ sub template_before_process {
}
}
-sub bug_check_can_change_field {
- my ($self, $args) = @_;
-
- my ($bug, $field, $new_value, $old_value, $priv_results)
- = @$args{qw(bug field new_value old_value priv_results)};
-
- my $user = Bugzilla->user;
-
- # Disallow a bug from being reopened if currently closed unless user
- # is in 'admin' group
- if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') {
- if (!is_open_state($old_value) && is_open_state($new_value)
- && !$user->in_group('admin'))
- {
- push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED);
- return;
- }
- }
-
- # Disallow a bug's keywords from being edited unless user is the
- # reporter of the bug
- if ($field eq 'keywords' && $bug->product_obj->name eq 'Example'
- && $user->login ne $bug->reporter->login)
- {
- push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER);
- return;
- }
-
- # Allow updating of priority even if user cannot normally edit the bug
- # and they are in group 'engineering'
- if ($field eq 'priority' && $bug->product_obj->name eq 'Example'
- && $user->in_group('engineering'))
- {
- push(@$priv_results, PRIVILEGES_REQUIRED_NONE);
- return;
- }
-}
-
-sub admin_editusers_action {
- my ($self, $args) = @_;
- my ($vars, $action, $user) = @$args{qw(vars action user)};
- my $template = Bugzilla->template;
-
- if ($action eq 'my_action') {
- # Allow to restrict the search to any group the user is allowed to bless.
- $vars->{'restrictablegroups'} = $user->bless_groups();
- $template->process('admin/users/search.html.tmpl', $vars)
- || ThrowTemplateError($template->error());
- exit;
- }
-}
-
sub user_preferences {
my ($self, $args) = @_;
my $tab = $args->{current_tab};