summaryrefslogtreecommitdiffstats
path: root/editcomponents.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'editcomponents.cgi')
-rwxr-xr-xeditcomponents.cgi18
1 files changed, 9 insertions, 9 deletions
diff --git a/editcomponents.cgi b/editcomponents.cgi
index 2ff41d628..17ad290c5 100755
--- a/editcomponents.cgi
+++ b/editcomponents.cgi
@@ -36,7 +36,6 @@ use Bugzilla::Series;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
-use Bugzilla::Product;
use Bugzilla::Component;
use Bugzilla::Bug;
use Bugzilla::Token;
@@ -76,6 +75,7 @@ my $whoid = $user->id;
print $cgi->header();
$user->in_group('editcomponents')
+ || scalar(@{$user->get_products_by_permission('editcomponents')})
|| ThrowUserError("auth_failure", {group => "editcomponents",
action => "edit",
object => "components"});
@@ -94,7 +94,13 @@ my $token = $cgi->param('token');
#
unless ($product_name) {
- $vars->{'products'} = $user->get_selectable_products;
+ my $selectable_products = $user->get_selectable_products;
+ # If the user has editcomponents privs for some products only,
+ # we have to restrict the list of products to display.
+ unless ($user->in_group('editcomponents')) {
+ $selectable_products = $user->get_products_by_permission('editcomponents');
+ }
+ $vars->{'products'} = $selectable_products;
$vars->{'showbugcounts'} = $showbugcounts;
$template->process("admin/components/select-product.html.tmpl", $vars)
@@ -102,13 +108,7 @@ unless ($product_name) {
exit;
}
-# First make sure the product name is valid.
-my $product = Bugzilla::Product::check_product($product_name);
-
-# Then make sure the user is allowed to edit properties of this product.
-$user->can_see_product($product->name)
- || ThrowUserError('product_access_denied', {product => $product->name});
-
+my $product = $user->check_can_admin_product($product_name);
#
# action='' -> Show nice list of components