diff options
-rw-r--r-- | extensions/Review/lib/WebService.pm | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/extensions/Review/lib/WebService.pm b/extensions/Review/lib/WebService.pm index f5530dd49..8d10b5423 100644 --- a/extensions/Review/lib/WebService.pm +++ b/extensions/Review/lib/WebService.pm @@ -118,10 +118,22 @@ sub flag_activity { } my $matches = Bugzilla::Extension::Review::FlagStateActivity->match(\%match_criteria); - my @results = map { $self->_flag_state_activity_to_hash($_, $params) } @$matches; + my $user = Bugzilla->user; + $user->visible_bugs([ map { $_->bug_id } @$matches ]); + my @results = map { $self->_flag_state_activity_to_hash($_, $params) } + grep { $user->can_see_bug($_->bug_id) && _can_see_attachment($user, $_) } + @$matches; return \@results; } +sub _can_see_attachment { + my ($user, $flag_state_activity) = @_; + + return 1 if !$flag_state_activity->attachment_id; + return 0 if $flag_state_activity->attachment->isprivate && !$user->is_insider; + return 1; +} + sub rest_resources { return [ # bug-id |