From e1f05a42100cc00535af1890664c87be1a7ca6bd Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Thu, 23 Jul 2009 02:16:15 +0000
Subject: Bug 505592: Make add_see_also and remove_see_also call
 check_can_change_field Patch by Max Kanat-Alexander <mkanat@bugzilla.org>
 r=LpSolit, a=LpSolit

---
 Bugzilla/Bug.pm | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/Bug.pm')

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 9b0bac1e1..64a53b8a1 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -2426,6 +2426,14 @@ sub add_see_also {
     # case-sensitive, but most of our DBs are case-insensitive, so we do
     # this check case-insensitively.
     if (!grep { lc($_) eq lc($result) } @{ $self->see_also }) {
+        my $privs;
+        my $can = $self->check_can_change_field('see_also', '', $result, \$privs);
+        if (!$can) {
+            ThrowUserError('illegal_change', { field    => 'see_also',
+                                               newvalue => $result,
+                                               privs    => $privs });
+        }
+
         push(@{ $self->see_also }, $result);
     }
 }
@@ -2433,7 +2441,15 @@ sub add_see_also {
 sub remove_see_also {
     my ($self, $url) = @_;
     my $see_also = $self->see_also;
-    @$see_also = grep { lc($_) ne lc($url) } @$see_also;
+    my @new_see_also = grep { lc($_) ne lc($url) } @$see_also;
+    my $privs;
+    my $can = $self->check_can_change_field('see_also', $see_also, \@new_see_also, \$privs);
+    if (!$can) {
+        ThrowUserError('illegal_change', { field    => 'see_also',
+                                           oldvalue => $url,
+                                           privs    => $privs });
+        }
+    $self->{see_also} = \@new_see_also;
 }
 
 #####################################################################
-- 
cgit v1.2.3-24-g4f1b