diff options
| -rw-r--r-- | bug_form.pl | 15 | ||||
| -rwxr-xr-x | process_bug.cgi | 3 |
2 files changed, 14 insertions, 4 deletions
diff --git a/bug_form.pl b/bug_form.pl index 520949a36..a556867f2 100644 --- a/bug_form.pl +++ b/bug_form.pl @@ -460,11 +460,18 @@ my $knum = 1; my $status = $bug{'bug_status'}; -my $canedit = UserInGroup("editbugs"); +# In the below, if the person hasn't logged in ($::userid == 0), then +# we treat them as if they can do anything. That's because we don't +# know why they haven't logged in; it may just be because they don't +# use cookies. Display everything as if they have all the permissions +# in the world; their permissions will get checked when they log in +# and actually try to make the change. + +my $canedit = UserInGroup("editbugs") || ($::userid == 0); my $canconfirm; if ($status eq $::unconfirmedstate) { - $canconfirm = UserInGroup("canconfirm"); + $canconfirm = UserInGroup("canconfirm") || ($::userid == 0); if ($canedit || $canconfirm) { print "<INPUT TYPE=radio NAME=knob VALUE=confirm>"; print "Confirm bug (change status to <b>NEW</b>)<br>"; @@ -473,8 +480,8 @@ if ($status eq $::unconfirmedstate) { } -if ($::userid && ($canedit || $::userid == $assignedtoid || - $::userid == $reporterid || $::userid == $qacontactid)) { +if ($canedit || $::userid == $assignedtoid || + $::userid == $reporterid || $::userid == $qacontactid) { if (IsOpenedState($status)) { if ($status ne "ASSIGNED") { print "<INPUT TYPE=radio NAME=knob VALUE=accept>"; diff --git a/process_bug.cgi b/process_bug.cgi index 1e25ef861..5b5b9e44e 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -279,6 +279,9 @@ sub ChangeStatus { } else { $::query .= "bug_status = '$str'"; } + $::FORM{'bug_status'} = $str; # Used later for call to + # CheckCanChangeField to make sure this + # is really kosher. } } |