summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Bug.pm20
1 files changed, 15 insertions, 5 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 9e4135d1c..312039306 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1718,17 +1718,27 @@ sub _check_dependencies {
@bug_ids = grep {$_} @bug_ids;
# We do this up here to make sure all aliases are converted to IDs.
@bug_ids = map { $invocant->check($_, $type)->id } @bug_ids;
-
+
+ my $user = Bugzilla->user;
my @check_access = @bug_ids;
# When we're updating a bug, only added or removed bug_ids are
# checked for whether or not we can see/edit those bugs.
if (ref $invocant) {
my $old = $invocant->$type;
my ($removed, $added) = diff_arrays($old, \@bug_ids);
- @check_access = (@$added, @$removed);
-
+
+ # If a user has editbugs they are allowed to add dependencies on
+ # bugs that they cannot see -- only check access for bugs that are
+ # removed.
+ if ($user->in_group('editbugs')) {
+ @check_access = @$removed;
+ }
+ else {
+ @check_access = (@$added, @$removed);
+ }
+
# Check field permissions if we've changed anything.
- if (@check_access) {
+ if (@$added || @$removed) {
my $privs;
if (!$invocant->check_can_change_field($type, 0, 1, \$privs)) {
ThrowUserError('illegal_change', { field => $type,
@@ -1737,8 +1747,8 @@ sub _check_dependencies {
}
}
- my $user = Bugzilla->user;
foreach my $modified_id (@check_access) {
+ # Check that the user has access to the other bug.
my $delta_bug = $invocant->check($modified_id);
# Under strict isolation, you can't modify a bug if you can't
# edit it, even if you can see it.