diff options
Diffstat (limited to 'editcomponents.cgi')
| -rwxr-xr-x | editcomponents.cgi | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/editcomponents.cgi b/editcomponents.cgi index 2ff41d628..17ad290c5 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -36,7 +36,6 @@ use Bugzilla::Series; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; -use Bugzilla::Product; use Bugzilla::Component; use Bugzilla::Bug; use Bugzilla::Token; @@ -76,6 +75,7 @@ my $whoid = $user->id; print $cgi->header(); $user->in_group('editcomponents') + || scalar(@{$user->get_products_by_permission('editcomponents')}) || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "components"}); @@ -94,7 +94,13 @@ my $token = $cgi->param('token'); # unless ($product_name) { - $vars->{'products'} = $user->get_selectable_products; + my $selectable_products = $user->get_selectable_products; + # If the user has editcomponents privs for some products only, + # we have to restrict the list of products to display. + unless ($user->in_group('editcomponents')) { + $selectable_products = $user->get_products_by_permission('editcomponents'); + } + $vars->{'products'} = $selectable_products; $vars->{'showbugcounts'} = $showbugcounts; $template->process("admin/components/select-product.html.tmpl", $vars) @@ -102,13 +108,7 @@ unless ($product_name) { exit; } -# First make sure the product name is valid. -my $product = Bugzilla::Product::check_product($product_name); - -# Then make sure the user is allowed to edit properties of this product. -$user->can_see_product($product->name) - || ThrowUserError('product_access_denied', {product => $product->name}); - +my $product = $user->check_can_admin_product($product_name); # # action='' -> Show nice list of components |