diff options
Diffstat (limited to 'editmilestones.cgi')
| -rwxr-xr-x | editmilestones.cgi | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/editmilestones.cgi b/editmilestones.cgi index 95babd737..c87828526 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -60,20 +60,22 @@ my $showbugcounts = (defined $cgi->param('showbugcounts')); # unless ($product_name) { - - my @products = Bugzilla::Product::get_all_products(); - + $vars->{'products'} = $user->get_selectable_products; $vars->{'showbugcounts'} = $showbugcounts; - $vars->{'products'} = \@products; - $template->process("admin/milestones/select-product.html.tmpl", - $vars) - || ThrowTemplateError($template->error()); + $template->process("admin/milestones/select-product.html.tmpl", $vars) + || ThrowTemplateError($template->error()); exit; } +# First make sure the product name is valid. my $product = Bugzilla::Product::check_product($product_name); +# Then make sure the user is allowed to edit properties of this product. +$user->can_see_product($product->name) + || ThrowUserError('product_access_denied', {product => $product->name}); + + # # action='' -> Show nice list of milestones # |