From 3805f522ac2e1ed2a9ebb383beee3a23b7105020 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 15 Sep 2008 10:46:02 +0000 Subject: Bug 455099: Some methods in Search.pm use the wrong user object to check privs - Patch by Frédéric Buclin r=mkanat a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Search.pm | 51 ++++++++------------------------------------------- 1 file changed, 8 insertions(+), 43 deletions(-) (limited to 'Bugzilla') diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 77000ce31..6dc2703fc 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -369,7 +369,7 @@ sub init { my $sql_deadlinefrom; my $sql_deadlineto; - if (Bugzilla->user->in_group(Bugzilla->params->{'timetrackinggroup'})){ + if ($user->is_timetracker) { my $deadlinefrom; my $deadlineto; @@ -1292,12 +1292,7 @@ sub _commenter_exact { $$sequence++; } my $table = "longdescs_$chartseq"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $user->is_insider ? "" : "AND $table.isprivate < 1"; push(@$supptables, "LEFT JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id $extra " . "AND $table.who IN ($match)"); @@ -1316,12 +1311,7 @@ sub _commenter { $$sequence++; } my $table = "longdescs_$chartseq"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1"; $$f = "login_name"; $$ff = "profiles.login_name"; $$funcsbykey{",$$t"}($self, %func_args); @@ -1340,12 +1330,7 @@ sub _long_desc { @func_args{qw(chartid supptables f)}; my $table = "longdescs_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1"; push(@$supptables, "LEFT JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id $extra"); $$f = "$table.thetext"; @@ -1358,12 +1343,7 @@ sub _longdescs_isprivate { @func_args{qw(chartid supptables f)}; my $table = "longdescs_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate < 1"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1"; push(@$supptables, "LEFT JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id $extra"); $$f = "$table.isprivate"; @@ -1505,12 +1485,7 @@ sub _attach_data_thedata { my $atable = "attachments_$$chartid"; my $dtable = "attachdata_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $atable.isprivate = 0"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0"; push(@$supptables, "INNER JOIN attachments AS $atable " . "ON bugs.bug_id = $atable.bug_id $extra"); push(@$supptables, "INNER JOIN attach_data AS $dtable " . @@ -1525,12 +1500,7 @@ sub _attachments_submitter { @func_args{qw(chartid supptables f)}; my $atable = "map_attachment_submitter_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $atable.isprivate = 0"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0"; push(@$supptables, "INNER JOIN attachments AS $atable " . "ON bugs.bug_id = $atable.bug_id $extra"); push(@$supptables, "LEFT JOIN profiles AS attachers_$$chartid " . @@ -1546,12 +1516,7 @@ sub _attachments { my $dbh = Bugzilla->dbh; my $table = "attachments_$$chartid"; - my $extra = ""; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $extra = "AND $table.isprivate = 0"; - } + my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate = 0"; push(@$supptables, "INNER JOIN attachments AS $table " . "ON bugs.bug_id = $table.bug_id $extra"); $$f =~ m/^attachments\.(.*)$/; -- cgit v1.2.3-24-g4f1b