From 5b595f757ec207f03b6e36fe30d5e2ee517c64ca Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 28 Sep 2009 17:24:16 +0000 Subject: Bug 140999: Users without edit permissions for an attachment should still be able to make comments - Patch by Frédéric Buclin a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Attachment.pm | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'Bugzilla/Attachment.pm') diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index b1aecd5b0..42372393c 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -720,7 +720,7 @@ Description: validates if the user is allowed to view and edit the attachment. Params: $attachment - the attachment object being edited. $product_id - the product ID the attachment belongs to. -Returns: 1 on success. Else an error is thrown. +Returns: 1 on success, 0 otherwise. =cut @@ -729,12 +729,9 @@ sub validate_can_edit { my $user = Bugzilla->user; # The submitter can edit their attachments. - return 1 if ($attachment->attacher->id == $user->id - || ((!$attachment->isprivate || $user->is_insider) - && $user->in_group('editbugs', $product_id))); - - # If we come here, then this attachment cannot be edited by the user. - ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); + return ($attachment->attacher->id == $user->id + || ((!$attachment->isprivate || $user->is_insider) + && $user->in_group('editbugs', $product_id))) ? 1 : 0; } =item C @@ -769,7 +766,8 @@ sub validate_obsolete { || ThrowUserError('invalid_attach_id', $vars); # Check that the user can view and edit this attachment. - $attachment->validate_can_edit($bug->product_id); + $attachment->validate_can_edit($bug->product_id) + || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); $vars->{'description'} = $attachment->description; -- cgit v1.2.3-24-g4f1b