From 82bab122d14431f4bf3f1c31988434aec2386515 Mon Sep 17 00:00:00 2001
From: Hugo Seabrook <hugo.seabrook@gmail.com>
Date: Fri, 15 Feb 2013 14:08:31 +0800
Subject: Bug 830330: Make flags honour bug_check_can_change_field r=dkl,
 a=LpSolit

---
 Bugzilla/Bug.pm  | 4 ++--
 Bugzilla/Flag.pm | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 547e35fa7..5069214ba 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -4085,8 +4085,8 @@ sub check_can_change_field {
         return 1;
     }
 
-    # Allow anyone to change comments.
-    if ($field =~ /^longdesc/) {
+    # Allow anyone to change comments, or set flags
+    if ($field =~ /^longdesc/ || $field eq 'flagtypes.name') {
         return 1;
     }
 
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index 3660e2a7f..98029a1b1 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -294,6 +294,12 @@ sub set_flag {
         ThrowCodeError('flag_unexpected_object', { 'caller' => ref $obj });
     }
 
+    # Make sure the user can change flags
+    my $privs;
+    $bug->check_can_change_field('flagtypes.name', 0, 1, \$privs)
+        || ThrowUserError('illegal_change',
+                          { field => 'flagtypes.name', privs => $privs });
+
     # Update (or delete) an existing flag.
     if ($params->{id}) {
         my $flag = $class->check({ id => $params->{id} });
-- 
cgit v1.2.3-24-g4f1b