summaryrefslogtreecommitdiffstats
path: root/editversions.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'editversions.cgi')
-rwxr-xr-xeditversions.cgi16
1 files changed, 9 insertions, 7 deletions
diff --git a/editversions.cgi b/editversions.cgi
index eae1001ca..be2c8a3c6 100755
--- a/editversions.cgi
+++ b/editversions.cgi
@@ -69,20 +69,22 @@ my $showbugcounts = (defined $cgi->param('showbugcounts'));
#
unless ($product_name) {
-
- my @products = Bugzilla::Product::get_all_products();
-
+ $vars->{'products'} = $user->get_selectable_products;
$vars->{'showbugcounts'} = $showbugcounts;
- $vars->{'products'} = \@products;
- $template->process("admin/versions/select-product.html.tmpl",
- $vars)
- || ThrowTemplateError($template->error());
+ $template->process("admin/versions/select-product.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
exit;
}
+# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+# Then make sure the user is allowed to edit properties of this product.
+$user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
+
#
# action='' -> Show nice list of versions
#