From 1f9c83ae81c5c81d005fa0d9a428e23ea5126576 Mon Sep 17 00:00:00 2001 From: "bugreport%peshkin.net" <> Date: Tue, 18 Oct 2005 04:19:00 +0000 Subject: Bug 309681 Prevent users from adding another user who shouldn't have access to a bug as assignee or CC member Patch by Gabriel Sales de Oliveira r=joel, a=justdave --- Bugzilla/Bug.pm | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'Bugzilla/Bug.pm') diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 526f002b0..c08703789 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -1303,6 +1303,17 @@ sub ValidateDependencies { return %deps; } +#Verify if the new assignee belongs to the group of +#the product that the bug(s) is in. +sub can_add_user_to_bug { + my ($prod_id, $id, $uid) = @_; + my $user = new Bugzilla::User($uid); + if (!$user->can_edit_product($prod_id)) { + ThrowUserError("invalid_user_group", { 'user' => + $user->login, bug_id => $id }); + } +} + sub AUTOLOAD { use vars qw($AUTOLOAD); my $attr = $AUTOLOAD; -- cgit v1.2.3-24-g4f1b