summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Flag.pm6
-rw-r--r--Bugzilla/User.pm7
2 files changed, 10 insertions, 3 deletions
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index 07041bd79..c6c979fa7 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -782,13 +782,13 @@ sub _check_setter {
# Make sure the user is authorized to modify flags, see bug 180879:
# - The flag exists and is unchanged.
# - The flag setter can unset flag.
- # - Users in the request_group can clear pending requests and set flags
- # and can rerequest set flags.
- # - Users in the grant_group can set/clear flags, including "+" and "-".
+ # - Users in the request_group can clear pending requests
+ # - Users in the grant_group can set/cleari/request flags, including "+" and "-".
unless (($status eq $self->{_old_status})
|| ($status eq 'X' && $setter->id == Bugzilla->user->id)
|| (($status eq 'X' || $status eq '?')
&& $setter->can_request_flag($self->type))
+ || $setter->can_unset_flag($self->type, $self->{_old_status})
|| $setter->can_set_flag($self->type))
{
ThrowUserError('flag_update_denied',
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 5386e70ca..3fe59fe76 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1529,6 +1529,13 @@ sub can_set_flag {
|| $self->in_group_id($flag_type->grant_group_id)) ? 1 : 0;
}
+sub can_unset_flag {
+ my ($self, $flag_type, $flag_status) = @_;
+ return 1 if !$flag_type->grant_group_id;
+ return 1 if ($flag_status ne '+' && $flag_status ne '-');
+ return $self->in_group_id($flag_type->grant_group_id) ? 1 : 0;
+}
+
# visible_groups_inherited returns a reference to a list of all the groups
# whose members are visible to this user.
sub visible_groups_inherited {