diff options
| author | travis%sedsystems.ca <> | 2005-01-21 08:22:07 +0100 |
|---|---|---|
| committer | travis%sedsystems.ca <> | 2005-01-21 08:22:07 +0100 |
| commit | 4f4c25bb8d7bacecad8f69363d96483ea92ffc32 (patch) | |
| tree | 5cd1417f8950deb82704370283e1eb0bc5c5229b /template | |
| parent | 61a49f228204e2991aea7970c44efdd433f8c71b (diff) | |
| download | bugzilla-4f4c25bb8d7bacecad8f69363d96483ea92ffc32.tar.gz bugzilla-4f4c25bb8d7bacecad8f69363d96483ea92ffc32.tar.xz | |
Bug 266579 : Users without privs can confirm bugs by assigning to themselves first, without having canconfirm privs
Patch by LpSolit@gmail.com r=myk a=justdave
Diffstat (limited to 'template')
| -rw-r--r-- | template/en/default/bug/create/create.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/bug/knob.html.tmpl | 93 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 12 | ||||
| -rw-r--r-- | template/en/default/global/userselect.html.tmpl | 5 |
4 files changed, 62 insertions, 50 deletions
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index dd0d4f13c..d22ab8dc6 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -187,6 +187,7 @@ function set_assign_to() { [% INCLUDE global/userselect.html.tmpl name => "assigned_to" value => assigned_to + disabled => assigned_to_disabled size => 32 emptyok => 1 %] @@ -200,6 +201,7 @@ function set_assign_to() { [% INCLUDE global/userselect.html.tmpl name => "cc" value => cc + disabled => cc_disabled size => 45 emptyok => 1 multiple => 5 diff --git a/template/en/default/bug/knob.html.tmpl b/template/en/default/bug/knob.html.tmpl index cc8ca32b5..035db1ae5 100644 --- a/template/en/default/bug/knob.html.tmpl +++ b/template/en/default/bug/knob.html.tmpl @@ -43,19 +43,20 @@ [% knum = knum + 1 %] [% END %] - [% IF bug.user.canedit %] - [% IF bug.isopened %] - [% IF bug.bug_status != "ASSIGNED" && bug.user.canconfirm %] - <input type="radio" id="knob-accept" name="knob" value="accept"> - <label for="knob-accept"> - Accept [% terms.bug %] ( - [% IF bug.isunconfirmed %]confirm [% terms.bug %], [% END %]change - status to <b>ASSIGNED</b>) - </label> - <br> - [% knum = knum + 1 %] - [% END %] + [% IF bug.isopened && bug.bug_status != "ASSIGNED" && bug.user.canedit + && (!bug.isunconfirmed || bug.user.canconfirm) %] + <input type="radio" id="knob-accept" name="knob" value="accept"> + <label for="knob-accept"> + Accept [% terms.bug %] ( + [% IF bug.isunconfirmed %]confirm [% terms.bug %], [% END %]change + status to <b>ASSIGNED</b>) + </label> + <br> + [% knum = knum + 1 %] + [% END %] + [% IF bug.user.canedit || bug.user.isreporter %] + [% IF bug.isopened %] [% IF bug.resolution %] <input type="radio" id="knob-clear" name="knob" value="clearresolution"> <label for="knob-clear"> @@ -90,45 +91,47 @@ <br> [% knum = knum + 1 %] - <input type="radio" id="knob-reassign" name="knob" value="reassign"> - <label for="knob-reassign"> - <a href="page.cgi?id=fields.html#assigned_to">Reassign</a> - [% terms.bug %] to - </label> - [% safe_assigned_to = FILTER js; bug.assigned_to.login; END %] - [% INCLUDE global/userselect.html.tmpl - name => "assigned_to" - value => bug.assigned_to.login - size => 32 - onchange => "if ((this.value != '$safe_assigned_to') && (this.value != '')) { - document.changeform.knob[$knum].checked=true; - }" - %] - <br> - [% IF bug.isunconfirmed && bug.user.canconfirm %] - <input type="checkbox" id="andconfirm" name="andconfirm"> - <label for="andconfirm"> - and confirm [% terms.bug %] (change status to <b>NEW</b>) + [% IF bug.user.canedit %] + <input type="radio" id="knob-reassign" name="knob" value="reassign"> + <label for="knob-reassign"> + <a href="page.cgi?id=fields.html#assigned_to">Reassign</a> + [% terms.bug %] to </label> + [% safe_assigned_to = FILTER js; bug.assigned_to.login; END %] + [% INCLUDE global/userselect.html.tmpl + name => "assigned_to" + value => bug.assigned_to.login + size => 32 + onchange => "if ((this.value != '$safe_assigned_to') && (this.value != '')) { + document.changeform.knob[$knum].checked=true; + }" + %] <br> - [% END %] - [% knum = knum + 1 %] + [% IF bug.isunconfirmed && bug.user.canconfirm %] + <input type="checkbox" id="andconfirm" name="andconfirm"> + <label for="andconfirm"> + and confirm [% terms.bug %] (change status to <b>NEW</b>) + </label> + <br> + [% END %] + [% knum = knum + 1 %] - <input type="radio" id="knob-reassign-cmp" name="knob" value="reassignbycomponent"> - <label for="knob-reassign-cmp"> - Reassign [% terms.bug %] to owner - [% " and QA contact" IF Param('useqacontact') %] - of selected component - </label> - <br> - [% IF bug.isunconfirmed && bug.user.canconfirm %] - <input type="checkbox" id="compconfirm" name="compconfirm"> - <label for="compconfirm"> - and confirm [% terms.bug %] (change status to <b>NEW</b>) + <input type="radio" id="knob-reassign-cmp" name="knob" value="reassignbycomponent"> + <label for="knob-reassign-cmp"> + Reassign [% terms.bug %] to owner + [% " and QA contact" IF Param('useqacontact') %] + of selected component </label> <br> + [% IF bug.isunconfirmed && bug.user.canconfirm %] + <input type="checkbox" id="compconfirm" name="compconfirm"> + <label for="compconfirm"> + and confirm [% terms.bug %] (change status to <b>NEW</b>) + </label> + <br> + [% END %] + [% knum = knum + 1 %] [% END %] - [% knum = knum + 1 %] [% ELSE %] [% IF bug.resolution != "MOVED" || (bug.resolution == "MOVED" && bug.user.canmove) %] diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index aa4a43286..5ea789a2f 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -436,10 +436,14 @@ You tried to change the <strong>[% field_descs.$field FILTER html %]</strong> field from <em>[% oldvalue FILTER html %]</em> to - <em>[% newvalue FILTER html %]</em>, - but only the owner or submitter of the [% terms.bug %], or a - sufficiently empowered user, may change that field. - + <em>[% newvalue FILTER html %]</em>, but only + [% IF privs < 3 %] + the owner + [% IF privs < 2 %] or reporter [% END %] + of the [% terms.bug %], or + [% END %] + a sufficiently empowered user may change that field. + [% ELSIF error == "illegal_changed_in_last_x_days" %] [% title = "Your Search Makes No Sense" %] The <em>Changed in last ___ days</em> field must be a simple number. diff --git a/template/en/default/global/userselect.html.tmpl b/template/en/default/global/userselect.html.tmpl index 2162e2601..91692fd21 100644 --- a/template/en/default/global/userselect.html.tmpl +++ b/template/en/default/global/userselect.html.tmpl @@ -20,6 +20,7 @@ # name: mandatory; field name # value: optional; default field value/selection # onchange: optional; onchange attribute value + # disabled: optional; if true, the field is disabled # accesskey: optional, input only; accesskey attribute value # size: optional, input only; size attribute value # emptyok: optional, select only; if true, prepend menu option to start of select @@ -30,6 +31,7 @@ [% IF Param("usemenuforusers") %] <select name="[% name FILTER html %]" [% IF onchange %] onchange="[% onchange FILTER html %]" [% END %] + [% IF disabled %] disabled="[% disabled FILTER html %]" [% END %] [% IF accesskey %] accesskey="[% accesskey FILTER html %]" [% END %] [% IF multiple %] multiple="multiple" size="[% multiple FILTER html %]" [% END %] > @@ -48,9 +50,10 @@ <input name="[% name FILTER html %]" value="[% value FILTER html %]" + [% IF onchange %] onchange="[% onchange FILTER html %]" [% END %] + [% IF disabled %] disabled="[% disabled FILTER html %]" [% END %] [% IF accesskey %] accesskey="[% accesskey FILTER html %]" [% END %] [% IF size %] size="[% size FILTER html %]" [% END %] - [% IF onchange %] onchange="[% onchange FILTER html %]" [% END %] > [% END %] |