From 7dcb30cb4e5b26a052aaca21f3bcf4657f8c3126 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Sat, 17 Sep 2011 13:45:01 +0200
Subject: Bug 686227: Users with editcomponents privs must be able to add
 products they cannot see to the inclusion and exclusion lists when creating
 or editing a flagtype r=dkl a=LpSolit

---
 Bugzilla/FlagType.pm | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'Bugzilla/FlagType.pm')

diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index bd3f7b054..7f37dd884 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -357,7 +357,15 @@ sub set_request_group    { $_[0]->set('request_group_id', $_[1]); }
 
 sub set_clusions {
     my ($self, $list) = @_;
+    my $user = Bugzilla->user;
     my %products;
+    my $params = {};
+
+    # If the user has editcomponents privs, then we only need to make sure
+    # that the product exists.
+    if ($user->in_group('editcomponents')) {
+        $params->{allow_inaccessible} = 1;
+    }
 
     foreach my $category (keys %$list) {
         my %clusions;
@@ -369,8 +377,16 @@ sub set_clusions {
             my $comp_name = '__Any__';
             # Does the product exist?
             if ($prod_id) {
-                $products{$prod_id} ||= Bugzilla::Product->check({ id => $prod_id });
-                detaint_natural($prod_id);
+                detaint_natural($prod_id)
+                  || ThrowCodeError('param_must_be_numeric',
+                                    { function => 'Bugzilla::FlagType::set_clusions' });
+
+                if (!$products{$prod_id}) {
+                    $params->{id} = $prod_id;
+                    $products{$prod_id} = Bugzilla::Product->check($params);
+                    $user->in_group('editcomponents', $prod_id)
+                      || ThrowUserError('product_access_denied', $params);
+                }
                 $prod_name = $products{$prod_id}->name;
 
                 # Does the component belong to this product?
-- 
cgit v1.2.3-24-g4f1b


From 6debb2e12f69b687737678deace99b77c705587b Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Sun, 18 Sep 2011 19:23:26 +0200
Subject: Bug 687247: Bugzilla crashes when creating a new flagtype on
 PostgreSQL a=LpSolit

---
 Bugzilla/FlagType.pm | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Bugzilla/FlagType.pm')

diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index 7f37dd884..ea81dfe46 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -118,6 +118,8 @@ sub create {
 
     $class->check_required_create_fields(@_);
     my $params = $class->run_create_validators(@_);
+    # In the DB, only the first character of the target type is stored.
+    $params->{target_type} = substr($params->{target_type}, 0, 1);
 
     # Extract everything which is not a valid column name.
     $params->{grant_group_id} = delete $params->{grant_group};
-- 
cgit v1.2.3-24-g4f1b