diff options
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Attachment.pm | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index b1aecd5b0..42372393c 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -720,7 +720,7 @@ Description: validates if the user is allowed to view and edit the attachment. Params: $attachment - the attachment object being edited. $product_id - the product ID the attachment belongs to. -Returns: 1 on success. Else an error is thrown. +Returns: 1 on success, 0 otherwise. =cut @@ -729,12 +729,9 @@ sub validate_can_edit { my $user = Bugzilla->user; # The submitter can edit their attachments. - return 1 if ($attachment->attacher->id == $user->id - || ((!$attachment->isprivate || $user->is_insider) - && $user->in_group('editbugs', $product_id))); - - # If we come here, then this attachment cannot be edited by the user. - ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); + return ($attachment->attacher->id == $user->id + || ((!$attachment->isprivate || $user->is_insider) + && $user->in_group('editbugs', $product_id))) ? 1 : 0; } =item C<validate_obsolete($bug)> @@ -769,7 +766,8 @@ sub validate_obsolete { || ThrowUserError('invalid_attach_id', $vars); # Check that the user can view and edit this attachment. - $attachment->validate_can_edit($bug->product_id); + $attachment->validate_can_edit($bug->product_id) + || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); $vars->{'description'} = $attachment->description; |