From fc2d539c324a34254a5cb5e9ebeb386c39220f93 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Mon, 4 Apr 2016 16:39:14 +0000
Subject: Bug 1257662 - Disallow clearing a flag if the flag is set to allow
 granting by specifc group and changer is not in group

---
 Bugzilla/User.pm | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Bugzilla/User.pm')

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 5386e70ca..3fe59fe76 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1529,6 +1529,13 @@ sub can_set_flag {
             || $self->in_group_id($flag_type->grant_group_id)) ? 1 : 0;
 }
 
+sub can_unset_flag {
+    my ($self, $flag_type, $flag_status) = @_;
+    return 1 if !$flag_type->grant_group_id;
+    return 1 if ($flag_status ne '+' && $flag_status ne '-');
+    return $self->in_group_id($flag_type->grant_group_id) ? 1 : 0;
+}
+
 # visible_groups_inherited returns a reference to a list of all the groups
 # whose members are visible to this user.
 sub visible_groups_inherited {
-- 
cgit v1.2.3-24-g4f1b