From 727ba2a265bf860c6463eb70fb0c5c256fddd434 Mon Sep 17 00:00:00 2001
From: Simon Green <mail@simon.green>
Date: Wed, 19 Aug 2015 02:17:13 -0400
Subject: Bug 404663 - aliases should be reserved for people w/ editbugs r=dkl,
 a=simon

---
 Bugzilla/Bug.pm | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/Bug.pm')

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 0ec29623e..dda572ed7 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -177,6 +177,7 @@ sub VALIDATOR_DEPENDENCIES {
         if $cache->{bug_validator_dependencies};
 
     my %deps = (
+        alias            => ['product'],
         assigned_to      => ['component'],
         blocked          => ['product'],
         bug_status       => ['product', 'comment', 'target_milestone'],
@@ -1388,12 +1389,24 @@ sub _send_bugmail {
 #####################################################################
 
 sub _check_alias {
-    my ($invocant, $aliases) = @_;
+    my ($invocant, $aliases, undef, $params) = @_;
     $aliases = ref $aliases ? $aliases : [split(/[\s,]+/, $aliases)];
 
     # Remove empty aliases
     @$aliases = grep { $_ } @$aliases;
 
+    my $product = blessed($invocant) ? $invocant->product_obj
+                                     : $params->{product};
+
+    # You need editbugs to edit these fields
+    unless (Bugzilla->user->in_group('editbugs', $product->id)) {
+        if (scalar @$aliases) {
+            ThrowUserError('illegal_change', { field  => 'alias',
+                                               action => 'set',
+                                               privs  => PRIVILEGES_REQUIRED_EMPOWERED });
+        }
+    }
+
     foreach my $alias (@$aliases) {
         $alias = trim($alias);
 
@@ -2967,6 +2980,16 @@ sub add_alias {
 
 sub remove_alias {
     my ($self, $alias) = @_;
+
+    my $privs;
+    my $can = $self->check_can_change_field('alias', '', $alias, \$privs);
+    if (!$can) {
+        ThrowUserError('illegal_change', { field    => 'alias',
+                                           action   => 'unset',
+                                           oldvalue => $alias,
+                                           privs    => $privs });
+    }
+
     my $bug_aliases = $self->alias;
     @$bug_aliases = grep { $_ ne $alias } @$bug_aliases;
 }
@@ -4442,6 +4465,12 @@ sub check_can_change_field {
         return 1;
     }
 
+    # You need editbugs in order to change the alias
+    if ($field eq 'alias') {
+       $$PrivilegesRequired = PRIVILEGES_REQUIRED_EMPOWERED;
+       return 0;
+    }
+
     # *Only* users with (product-specific) "canconfirm" privs can confirm bugs.
     if ($self->_changes_everconfirmed($field, $oldvalue, $newvalue)) {
         $$PrivilegesRequired = PRIVILEGES_REQUIRED_EMPOWERED;
-- 
cgit v1.2.3-24-g4f1b