From 10bf6d405accfa7ccfb9aac816b8c54d9e5d86d5 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Thu, 17 Nov 2016 09:14:44 -0500 Subject: Bug 1317965 - Flag permission checks broken by bug 1257662 allowing unauthorized flag modification --- Bugzilla/User.pm | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'Bugzilla/User.pm') diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 447c33c21..0eb9587eb 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -1583,6 +1583,52 @@ sub check_can_admin_flagtype { return wantarray ? ($flagtype, $can_fully_edit) : $flagtype; } +sub can_change_flag { + my ($self, $flag_type, $old_status, $new_status) = @_; + + # "old_status:new_status" => [OR conditions + state $flag_transitions = { + 'X:-' => ['grant_group'], + 'X:+' => ['grant_group'], + 'X:?' => ['request_group'], + + '?:X' => ['request_group', 'is_setter'], + '?:-' => ['grant_group'], + '?:+' => ['grant_group'], + + '+:X' => ['grant_group'], + '+:-' => ['grant_group'], + '+:?' => ['grant_group'], + + '-:X' => ['grant_group'], + '-:+' => ['grant_group'], + '-:?' => ['grant_group'], + }; + + return 1 if $new_status eq $old_status; + + my $action = "$old_status:$new_status"; + my %bool = ( + request_group => $self->can_request_flag($flag_type), + grant_group => $self->can_set_flag($flag_type), + is_setter => $self->id == Bugzilla->user->id, + ); + + my $cond = $flag_transitions->{$action}; + if ($cond) { + if (any { $bool{ $_ } } @$cond) { + return 1; + } + else { + return 0; + } + } + else { + warn "unknown flag transition blocked: $action"; + return 0; + } +} + sub can_request_flag { my ($self, $flag_type) = @_; -- cgit v1.2.3-24-g4f1b