From 31d86bb1bf64adba6d20fd9389dcedd30fd7bb84 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 4 Feb 2007 23:36:46 +0000 Subject: Bug 364177: On attachment and bug creation, if *one* requestee cannot see the bug, *all* requests are cancelled - Patch by Frédéric Buclin r/a=mkanat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Attachment.pm | 2 +- Bugzilla/Flag.pm | 46 +++++++++++++++++++++++++++++++++++----------- post_bug.cgi | 2 +- 3 files changed, 37 insertions(+), 13 deletions(-) diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 6a798d046..cf4f475f6 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -865,7 +865,7 @@ sub insert_attachment_for_bug { my $error_mode_cache = Bugzilla->error_mode; Bugzilla->error_mode(ERROR_MODE_DIE); eval { - Bugzilla::Flag::validate($cgi, $bug->bug_id, -1); + Bugzilla::Flag::validate($cgi, $bug->bug_id, -1, SKIP_REQUESTEE_ON_ERROR); Bugzilla::Flag::process($bug, $attachment, $timestamp, $cgi); }; Bugzilla->error_mode($error_mode_cache); diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index 9e7483838..a831fc950 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -61,7 +61,8 @@ use Bugzilla::Mailer; use Bugzilla::Constants; use Bugzilla::Field; -use base qw(Bugzilla::Object); +use base qw(Bugzilla::Object Exporter); +@Bugzilla::Flag::EXPORT = qw(SKIP_REQUESTEE_ON_ERROR); ############################### #### Initialization #### @@ -80,6 +81,8 @@ use constant DB_COLUMNS => qw( use constant DB_TABLE => 'flags'; use constant LIST_ORDER => 'id'; +use constant SKIP_REQUESTEE_ON_ERROR => 1; + ############################### #### Accessors ###### ############################### @@ -245,7 +248,7 @@ sub count { =over -=item C +=item C Validates fields containing flag modifications. @@ -257,7 +260,7 @@ to -1 to force its check anyway. =cut sub validate { - my ($cgi, $bug_id, $attach_id) = @_; + my ($cgi, $bug_id, $attach_id, $skip_requestee_on_error) = @_; my $dbh = Bugzilla->dbh; @@ -324,7 +327,7 @@ sub validate { } _validate(undef, $flag_type, $status, undef, \@requestees, $private_attachment, - $bug_id, $attach_id); + $bug_id, $attach_id, $skip_requestee_on_error); } # Validate existing flags. @@ -337,13 +340,14 @@ sub validate { my $flag = new Bugzilla::Flag($id); $flag || ThrowCodeError("flag_nonexistent", { id => $id }); - _validate($flag, $flag->type, $status, undef, \@requestees, $private_attachment); + _validate($flag, $flag->type, $status, undef, \@requestees, $private_attachment, + undef, undef, $skip_requestee_on_error); } } sub _validate { my ($flag, $flag_type, $status, $setter, $requestees, $private_attachment, - $bug_id, $attach_id) = @_; + $bug_id, $attach_id, $skip_requestee_on_error) = @_; # By default, the flag setter (or requester) is the current user. $setter ||= Bugzilla->user; @@ -398,8 +402,14 @@ sub _validate { if ($status eq '?' && $flag_type->is_requesteeble) { my $old_requestee = ($flag && $flag->requestee) ? $flag->requestee->login : ''; + + my @legal_requestees; foreach my $login (@$requestees) { - next if $login eq $old_requestee; + if ($login eq $old_requestee) { + # This requestee was already set. Leave him alone. + push(@legal_requestees, $login); + next; + } # We know the requestee exists because we ran # Bugzilla::User::match_field before getting here. @@ -409,6 +419,7 @@ sub _validate { # Note that if permissions on this bug are changed, # can_see_bug() will refer to old settings. if (!$requestee->can_see_bug($bug_id)) { + next if $skip_requestee_on_error; ThrowUserError('flag_requestee_unauthorized', { flag_type => $flag_type, requestee => $requestee, @@ -423,6 +434,7 @@ sub _validate { && Bugzilla->params->{'insidergroup'} && !$requestee->in_group(Bugzilla->params->{'insidergroup'})) { + next if $skip_requestee_on_error; ThrowUserError('flag_requestee_unauthorized_attachment', { flag_type => $flag_type, requestee => $requestee, @@ -431,10 +443,22 @@ sub _validate { } # Throw an error if the user won't be allowed to set the flag. - $requestee->can_set_flag($flag_type) - || ThrowUserError('flag_requestee_needs_privs', - {'requestee' => $requestee, - 'flagtype' => $flag_type}); + if (!$requestee->can_set_flag($flag_type)) { + next if $skip_requestee_on_error; + ThrowUserError('flag_requestee_needs_privs', + {'requestee' => $requestee, + 'flagtype' => $flag_type}); + } + + # This requestee can be set. + push(@legal_requestees, $login); + } + + # Update the requestee list for this flag. + if (scalar(@legal_requestees) < scalar(@$requestees)) { + my $field_name = 'requestee_type-' . $flag_type->id; + Bugzilla->cgi->delete($field_name); + Bugzilla->cgi->param(-name => $field_name, -value => \@legal_requestees); } } diff --git a/post_bug.cgi b/post_bug.cgi index 2c40a4441..c471fd23a 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -223,7 +223,7 @@ if (defined($cgi->upload('data')) || $cgi->param('attachurl')) { my $error_mode_cache = Bugzilla->error_mode; Bugzilla->error_mode(ERROR_MODE_DIE); eval { - Bugzilla::Flag::validate($cgi, $id); + Bugzilla::Flag::validate($cgi, $id, undef, SKIP_REQUESTEE_ON_ERROR); Bugzilla::Flag::process($bug, undef, $timestamp, $cgi); }; Bugzilla->error_mode($error_mode_cache); -- cgit v1.2.3-24-g4f1b