diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2012-08-15 23:46:13 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-08-15 23:46:13 +0200 |
commit | ba0b995c4453d3642e19343fa98f1b4034114f39 (patch) | |
tree | 4591772b7175810ed33fb1267ff393b771b59dd7 /extensions | |
parent | 5bcba2b42c531a50c0017a262e879b0b42940b53 (diff) | |
download | bugzilla-ba0b995c4453d3642e19343fa98f1b4034114f39.tar.gz bugzilla-ba0b995c4453d3642e19343fa98f1b4034114f39.tar.xz |
Bug 779088 - Allow extensions to whitelist PATH_INFO
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/Example/Extension.pm | 110 |
1 files changed, 58 insertions, 52 deletions
diff --git a/extensions/Example/Extension.pm b/extensions/Example/Extension.pm index 885a8e8ff..8eef19a6e 100644 --- a/extensions/Example/Extension.pm +++ b/extensions/Example/Extension.pm @@ -44,6 +44,20 @@ use constant REL_EXAMPLE => -127; our $VERSION = '1.0'; +sub admin_editusers_action { + my ($self, $args) = @_; + my ($vars, $action, $user) = @$args{qw(vars action user)}; + my $template = Bugzilla->template; + + if ($action eq 'my_action') { + # Allow to restrict the search to any group the user is allowed to bless. + $vars->{'restrictablegroups'} = $user->bless_groups(); + $template->process('admin/users/search.html.tmpl', $vars) + || ThrowTemplateError($template->error()); + exit; + } +} + sub attachment_process_data { my ($self, $args) = @_; my $type = $args->{attributes}->{mimetype}; @@ -80,6 +94,44 @@ sub auth_verify_methods { } } +sub bug_check_can_change_field { + my ($self, $args) = @_; + + my ($bug, $field, $new_value, $old_value, $priv_results) + = @$args{qw(bug field new_value old_value priv_results)}; + + my $user = Bugzilla->user; + + # Disallow a bug from being reopened if currently closed unless user + # is in 'admin' group + if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') { + if (!is_open_state($old_value) && is_open_state($new_value) + && !$user->in_group('admin')) + { + push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED); + return; + } + } + + # Disallow a bug's keywords from being edited unless user is the + # reporter of the bug + if ($field eq 'keywords' && $bug->product_obj->name eq 'Example' + && $user->login ne $bug->reporter->login) + { + push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER); + return; + } + + # Allow updating of priority even if user cannot normally edit the bug + # and they are in group 'engineering' + if ($field eq 'priority' && $bug->product_obj->name eq 'Example' + && $user->in_group('engineering')) + { + push(@$priv_results, PRIVILEGES_REQUIRED_NONE); + return; + } +} + sub bug_columns { my ($self, $args) = @_; my $columns = $args->{'columns'}; @@ -691,6 +743,12 @@ sub page_before_template { } } +sub path_info_whitelist { + my ($self, $args) = @_; + my $whitelist = $args->{whitelist}; + push(@$whitelist, "page.cgi"); +} + sub post_bug_after_creation { my ($self, $args) = @_; @@ -819,58 +877,6 @@ sub template_before_process { } } -sub bug_check_can_change_field { - my ($self, $args) = @_; - - my ($bug, $field, $new_value, $old_value, $priv_results) - = @$args{qw(bug field new_value old_value priv_results)}; - - my $user = Bugzilla->user; - - # Disallow a bug from being reopened if currently closed unless user - # is in 'admin' group - if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') { - if (!is_open_state($old_value) && is_open_state($new_value) - && !$user->in_group('admin')) - { - push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED); - return; - } - } - - # Disallow a bug's keywords from being edited unless user is the - # reporter of the bug - if ($field eq 'keywords' && $bug->product_obj->name eq 'Example' - && $user->login ne $bug->reporter->login) - { - push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER); - return; - } - - # Allow updating of priority even if user cannot normally edit the bug - # and they are in group 'engineering' - if ($field eq 'priority' && $bug->product_obj->name eq 'Example' - && $user->in_group('engineering')) - { - push(@$priv_results, PRIVILEGES_REQUIRED_NONE); - return; - } -} - -sub admin_editusers_action { - my ($self, $args) = @_; - my ($vars, $action, $user) = @$args{qw(vars action user)}; - my $template = Bugzilla->template; - - if ($action eq 'my_action') { - # Allow to restrict the search to any group the user is allowed to bless. - $vars->{'restrictablegroups'} = $user->bless_groups(); - $template->process('admin/users/search.html.tmpl', $vars) - || ThrowTemplateError($template->error()); - exit; - } -} - sub user_preferences { my ($self, $args) = @_; my $tab = $args->{current_tab}; |