summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xprocess_bug.cgi7
-rw-r--r--template/en/default/admin/params/groupsecurity.html.tmpl10
-rw-r--r--template/en/default/global/user-error.html.tmpl7
3 files changed, 22 insertions, 2 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index adb6a3ded..dc119179c 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -165,6 +165,13 @@ foreach my $field ("dependson", "blocked") {
$vars->{'field'} = $field;
ThrowUserError("illegal_change", $vars);
}
+ if (Param("strict_isolation")) {
+ my $deltabug = new Bugzilla::Bug($id, $user);
+ if (!$user->can_edit_product($deltabug->{'product_id'})) {
+ $vars->{'field'} = $field;
+ ThrowUserError("illegal_change_deps", $vars);
+ }
+ }
}
} else {
# Bugzilla does not support mass-change of dependencies so they
diff --git a/template/en/default/admin/params/groupsecurity.html.tmpl b/template/en/default/admin/params/groupsecurity.html.tmpl
index d4e219a88..9016a7038 100644
--- a/template/en/default/admin/params/groupsecurity.html.tmpl
+++ b/template/en/default/admin/params/groupsecurity.html.tmpl
@@ -49,6 +49,12 @@
usevisibilitygroups => "Do you wish to restrict visibility of users to members of " _
"specific groups?",
- strict_isolation => "Don't allow users to assign, be qa-contacts or add to CC list " _
- "any user that do not have permission to edit the bug." }
+ strict_isolation => "Don't allow users to be assigned to, " _
+ "be qa-contacts on, " _
+ "be added to CC list, " _
+ "or make or remove dependencies " _
+ "involving any bug that is in a product on which that " _
+ "user is forbidden to edit.",
+
+ }
%]
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 334f1c54e..f0c828888 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -547,6 +547,13 @@
[% END %]
a sufficiently empowered user may change that field.
+ [% ELSIF error == "illegal_change_deps" %]
+ [% title = "Not allowed" %]
+ You tried to change the
+ <strong>[% field_descs.$field FILTER html %]</strong> field
+ but only a user empowered to edit
+ both involved [% terms.bugs %] may change that field.
+
[% ELSIF error == "illegal_changed_in_last_x_days" %]
[% title = "Your Search Makes No Sense" %]
The <em>Changed in last ___ days</em> field must be a simple number.