diff options
Diffstat (limited to 'Bugzilla/Bug.pm')
-rwxr-xr-x | Bugzilla/Bug.pm | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 18f8316a9..e9c8bf2e9 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -121,7 +121,6 @@ sub VALIDATORS { commentprivacy => \&_check_commentprivacy, deadline => \&_check_deadline, estimated_time => \&_check_estimated_time, - keywords => \&_check_keywords, op_sys => \&_check_op_sys, priority => \&_check_priority, product => \&_check_product, @@ -354,6 +353,8 @@ sub run_create_validators { $params->{version} = $class->_check_version($product, $params->{version}); + $params->{keywords} = $class->_check_keywords($product, $params->{keywords}); + $params->{groups} = $class->_check_groups($product, $params->{groups}); @@ -381,7 +382,7 @@ sub run_create_validators { $params->{assigned_to}, $params->{qa_contact}); ($params->{dependson}, $params->{blocked}) = - $class->_check_dependencies($params->{dependson}, $params->{blocked}); + $class->_check_dependencies($product, $params->{dependson}, $params->{blocked}); # You can't set these fields on bug creation (or sometimes ever). delete $params->{resolution}; @@ -480,7 +481,7 @@ sub _check_assigned_to { $name = trim($name); # Default assignee is the component owner. my $id; - if (!$user->in_group("editbugs") || !$name) { + if (!$user->in_group('editbugs', $component->product_id) || !$name) { $id = $component->default_assignee->id; } else { $id = login_to_id($name, THROW_ERROR); @@ -508,7 +509,8 @@ sub _check_bug_status { my @valid_statuses = VALID_ENTRY_STATUS; - if ($user->in_group('editbugs') || $user->in_group('canconfirm')) { + if ($user->in_group('editbugs', $product->id) + || $user->in_group('canconfirm', $product->id)) { # Default to NEW if the user with privs hasn't selected another status. $status ||= 'NEW'; } @@ -599,10 +601,10 @@ sub _check_deadline { # Takes two comma/space-separated strings and returns arrayrefs # of valid bug IDs. sub _check_dependencies { - my ($invocant, $depends_on, $blocks) = @_; + my ($invocant, $product, $depends_on, $blocks) = @_; # Only editbugs users can set dependencies on bug entry. - return ([], []) unless Bugzilla->user->in_group('editbugs'); + return ([], []) unless Bugzilla->user->in_group('editbugs', $product->id); $depends_on ||= ''; $blocks ||= ''; @@ -676,9 +678,10 @@ sub _check_groups { } sub _check_keywords { - my ($invocant, $keyword_string) = @_; + my ($invocant, $product, $keyword_string) = @_; $keyword_string = trim($keyword_string); - return [] if (!$keyword_string || !Bugzilla->user->in_group('editbugs')); + return [] if (!$keyword_string + || !Bugzilla->user->in_group('editbugs', $product->id)); my %keywords; foreach my $keyword (split(/[\s,]+/, $keyword_string)) { @@ -801,7 +804,7 @@ sub _check_qa_contact { $name = trim($name); my $id; - if (!$user->in_group("editbugs") || !$name) { + if (!$user->in_group('editbugs', $component->product_id) || !$name) { # We want to insert NULL into the database if we get a 0. $id = $component->default_qa_contact->id || undef; } else { @@ -1207,14 +1210,16 @@ sub user { my $user = Bugzilla->user; my $canmove = Bugzilla->params->{'move-enabled'} && $user->is_mover; - my $unknown_privileges = $user->in_group("editbugs"); + my $prod_id = $self->{'product_id'}; + + my $unknown_privileges = $user->in_group('editbugs', $prod_id); my $canedit = $unknown_privileges || $user->id == $self->{assigned_to_id} || (Bugzilla->params->{'useqacontact'} && $self->{'qa_contact_id'} && $user->id == $self->{qa_contact_id}); my $canconfirm = $unknown_privileges - || $user->in_group("canconfirm"); + || $user->in_group('canconfirm', $prod_id); my $isreporter = $user->id && $user->id == $self->{reporter_id}; @@ -1824,19 +1829,19 @@ sub check_can_change_field { # $PrivilegesRequired = 2 : the assignee or an empowered user; # $PrivilegesRequired = 3 : an empowered user. - # Allow anyone with "editbugs" privs to change anything. - if ($user->in_group('editbugs')) { + # Allow anyone with (product-specific) "editbugs" privs to change anything. + if ($user->in_group('editbugs', $self->{'product_id'})) { return 1; } - # *Only* users with "canconfirm" privs can confirm bugs. + # *Only* users with (product-specific) "canconfirm" privs can confirm bugs. if ($field eq 'canconfirm' || ($field eq 'bug_status' && $oldvalue eq 'UNCONFIRMED' && is_open_state($newvalue))) { $$PrivilegesRequired = 3; - return $user->in_group('canconfirm'); + return $user->in_group('canconfirm', $self->{'product_id'}); } # Make sure that a valid bug ID has been given. |