From 641f68eed63a982261e37431b6265d01914583a6 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Fri, 30 Nov 2007 01:54:25 +0000
Subject: Bug 405788: $bug->add_comment incorrectly calls
 check_can_change_field() - Patch by Frédéric Buclin <LpSolit@gmail.com>
 r/a=mkanat
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bugzilla/Bug.pm | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 0a45daf14..7c0cc191f 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1565,10 +1565,6 @@ sub add_comment {
     my ($self, $comment, $params) = @_;
 
     $comment = $self->_check_comment($comment);
-    # XXX At some point we need to refactor check_can_change_field
-    # so that custom installs can use PrivilegesRequired here.
-    $self->check_can_change_field('longdesc')
-        || ThrowUserError('illegal_change', { field => 'longdesc' });
 
     $params ||= {};
     if (exists $params->{work_time}) {
@@ -1589,6 +1585,11 @@ sub add_comment {
         return;
     }
 
+    # So we really want to comment. Make sure we are allowed to do so.
+    my $privs;
+    $self->check_can_change_field('longdesc', 0, 1, \$privs)
+        || ThrowUserError('illegal_change', { field => 'longdesc', privs => $privs });
+
     $self->{added_comments} ||= [];
     my $add_comment = dclone($params);
     $add_comment->{thetext} = $comment;
-- 
cgit v1.2.3-24-g4f1b