summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rwxr-xr-xBugzilla/Bug.pm11
-rw-r--r--Bugzilla/Config/GroupSecurity.pm6
-rw-r--r--Bugzilla/User.pm25
3 files changed, 42 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 526f002b0..c08703789 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1303,6 +1303,17 @@ sub ValidateDependencies {
return %deps;
}
+#Verify if the new assignee belongs to the group of
+#the product that the bug(s) is in.
+sub can_add_user_to_bug {
+ my ($prod_id, $id, $uid) = @_;
+ my $user = new Bugzilla::User($uid);
+ if (!$user->can_edit_product($prod_id)) {
+ ThrowUserError("invalid_user_group", { 'user' =>
+ $user->login, bug_id => $id });
+ }
+}
+
sub AUTOLOAD {
use vars qw($AUTOLOAD);
my $attr = $AUTOLOAD;
diff --git a/Bugzilla/Config/GroupSecurity.pm b/Bugzilla/Config/GroupSecurity.pm
index e48cd4966..bd1aa3829 100644
--- a/Bugzilla/Config/GroupSecurity.pm
+++ b/Bugzilla/Config/GroupSecurity.pm
@@ -74,6 +74,12 @@ sub get_param_list {
name => 'usevisibilitygroups',
type => 'b',
default => 0
+ },
+
+ {
+ name => 'strict_isolation',
+ type => 'b',
+ default => 0
} );
return @param_list;
}
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 85584d70c..9b99428a6 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -382,6 +382,26 @@ sub can_see_user {
return Bugzilla->dbh->selectrow_array($query, undef, $otherUser->id);
}
+sub can_edit_product {
+ my ($self, $prod_id) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $sth = $self->{sthCanEditProductId};
+ my $userid = $self->{id};
+ my $query = q{SELECT group_id FROM group_control_map
+ WHERE product_id =?
+ AND canedit != 0 };
+ if (%{$self->groups}) {
+ my $groups = join(',', values(%{$self->groups}));
+ $query .= qq{AND group_id NOT IN($groups)};
+ }
+ unless ($sth) { $sth = $dbh->prepare($query); }
+ $sth->execute($prod_id);
+ $self->{sthCanEditProductId} = $sth;
+ my $result = $sth->fetchrow_array();
+
+ return (!defined($result));
+}
+
sub can_see_bug {
my ($self, $bugid) = @_;
my $dbh = Bugzilla->dbh;
@@ -1535,6 +1555,11 @@ that you need to be aware of a group in order to bless a group.
Returns 1 if the specified user account exists and is visible to the user,
0 otherwise.
+=item C<can_edit_product(prod_id)>
+
+Determines if, given a product id, the user can edit bugs in this product
+at all.
+
=item C<can_see_bug(bug_id)>
Determines if the user can see the specified bug.