diff options
| author | Byron Jones <bjones@mozilla.com> | 2013-11-14 17:37:12 +0100 |
|---|---|---|
| committer | Byron Jones <bjones@mozilla.com> | 2013-11-14 17:37:12 +0100 |
| commit | 3ae054763b8f3de1dae7e8c673c850d6d15185ca (patch) | |
| tree | 2f55ac988a1e278d9420d7ca2613f480c2639d92 /extensions/TrackingFlags | |
| parent | 57847be7c4335c5150daa79e913a6ffbb8e37142 (diff) | |
| download | bugzilla-3ae054763b8f3de1dae7e8c673c850d6d15185ca.tar.gz bugzilla-3ae054763b8f3de1dae7e8c673c850d6d15185ca.tar.xz | |
Bug 938568: Unprivileged users unable to comment on bugs
Diffstat (limited to 'extensions/TrackingFlags')
| -rw-r--r-- | extensions/TrackingFlags/Extension.pm | 24 | ||||
| -rw-r--r-- | extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl | 2 |
2 files changed, 24 insertions, 2 deletions
diff --git a/extensions/TrackingFlags/Extension.pm b/extensions/TrackingFlags/Extension.pm index 5a7e846ad..b9b1956f0 100644 --- a/extensions/TrackingFlags/Extension.pm +++ b/extensions/TrackingFlags/Extension.pm @@ -393,6 +393,9 @@ sub bug_create_cf_accessors { if (!Bugzilla::Bug->can("set_$flag_name")) { my $setter = sub { my ($self, $value) = @_; + $value = ref($value) eq 'ARRAY' + ? $value->[0] + : $value; $self->set($flag_name, $value); }; no strict 'refs'; @@ -496,7 +499,7 @@ sub object_end_of_set_all { foreach my $flag (@$tracking_flags) { my $flag_name = $flag->name; if (exists $params->{$flag_name}) { - my $value = ref($params->{$flag_name}) + my $value = ref($params->{$flag_name}) eq 'ARRAY' ? $params->{$flag_name}->[0] : $params->{$flag_name}; $object->set($flag_name, $value); @@ -504,6 +507,25 @@ sub object_end_of_set_all { } } +sub bug_check_can_change_field { + my ($self, $args) = @_; + my ($bug, $field, $old_value, $new_value, $priv_results) + = @$args{qw(bug field old_value new_value priv_results)}; + + return if $field !~ /^cf_/ or $old_value eq $new_value; + return unless my $flag = Bugzilla::Extension::TrackingFlags::Flag->new({ name => $field }); + + if ($flag->can_set_value($new_value)) { + push @$priv_results, PRIVILEGES_REQUIRED_NONE; + } + else { + # we can't return PRIVILEGES_REQUIRED_EMPOWERED as that has different + # conditions (eg. it assumes reporters can always change fields). + ThrowUserError('tracking_flags_change_denied', + { flag => $flag, value => $new_value }); + } +} + sub bug_end_of_update { my ($self, $args) = @_; my ($bug, $old_bug, $timestamp, $changes) diff --git a/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl index 7987c7d8d..fb4dffdf9 100644 --- a/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl +++ b/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl @@ -9,7 +9,7 @@ [% IF error == "tracking_flags_change_denied" %] [% title = "Tracking Flag Modification Denied" %] You tried to update the status of the tracking flag '[% flag.name FILTER html %]' - [% IF value %] to '[% value.name FILTER html %]'[% END %]. + [% IF value %] to '[% value FILTER html %]'[% END %]. Only a user with the required permissions may make this change. [% ELSIF error == "tracking_flags_missing_mandatory" %] |