diff options
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/API/1_0/Resource/Bug.pm | 33 | ||||
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 33 |
2 files changed, 54 insertions, 12 deletions
diff --git a/Bugzilla/API/1_0/Resource/Bug.pm b/Bugzilla/API/1_0/Resource/Bug.pm index 61db5950b..c0be3c730 100644 --- a/Bugzilla/API/1_0/Resource/Bug.pm +++ b/Bugzilla/API/1_0/Resource/Bug.pm @@ -1028,8 +1028,6 @@ sub update_attachment { || ThrowUserError("invalid_attach_id", { attach_id => $id }); my $bug = $attachment->bug; $attachment->_check_bug; - $attachment->validate_can_edit - || ThrowUserError("illegal_attachment_edit", { attach_id => $id }); push @attachments, $attachment; $bugs{$bug->id} = $bug; @@ -1049,10 +1047,33 @@ sub update_attachment { # Update the values foreach my $attachment (@attachments) { - $attachment->set_all($params); - if ($flags) { - my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment); - $attachment->set_flags($old_flags, $new_flags); + my ($update_flags, $new_flags) = $flags + ? extract_flags($flags, $attachment->bug, $attachment) + : ([], []); + if ($attachment->validate_can_edit) { + $attachment->set_all($params); + $attachment->set_flags($update_flags, $new_flags) if $flags; + } + elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) { + # Requestees can set flags targetted to them, even if they cannot + # edit the attachment. Flag setters can edit their own flags too. + my %flag_list = map { $_->{id} => $_ } @$update_flags; + my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]); + my @editable_flags; + foreach my $flag_obj (@$flag_objs) { + if ($flag_obj->setter_id == $user->id + || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id)) + { + push(@editable_flags, $flag_list{$flag_obj->id}); + } + } + if (!scalar @editable_flags) { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); + } + $attachment->set_flags(\@editable_flags, []); + } + else { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); } } diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index f034d90d5..47c047745 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -899,8 +899,6 @@ sub update_attachment { || ThrowUserError("invalid_attach_id", { attach_id => $id }); my $bug = $attachment->bug; $attachment->_check_bug; - $attachment->validate_can_edit - || ThrowUserError("illegal_attachment_edit", { attach_id => $id }); push @attachments, $attachment; $bugs{$bug->id} = $bug; @@ -920,10 +918,33 @@ sub update_attachment { # Update the values foreach my $attachment (@attachments) { - $attachment->set_all($params); - if ($flags) { - my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment); - $attachment->set_flags($old_flags, $new_flags); + my ($update_flags, $new_flags) = $flags + ? extract_flags($flags, $attachment->bug, $attachment) + : ([], []); + if ($attachment->validate_can_edit) { + $attachment->set_all($params); + $attachment->set_flags($update_flags, $new_flags) if $flags; + } + elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) { + # Requestees can set flags targetted to them, even if they cannot + # edit the attachment. Flag setters can edit their own flags too. + my %flag_list = map { $_->{id} => $_ } @$update_flags; + my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]); + my @editable_flags; + foreach my $flag_obj (@$flag_objs) { + if ($flag_obj->setter_id == $user->id + || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id)) + { + push(@editable_flags, $flag_list{$flag_obj->id}); + } + } + if (!scalar @editable_flags) { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); + } + $attachment->set_flags(\@editable_flags, []); + } + else { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); } } |