From fde6d4aa81a56418ae5cdfd16a6b917534d66bed Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Mon, 1 Feb 2010 15:52:24 -0800
Subject: Bug 514970: Clean up duplicates.cgi and make it use Bug objects
 r=LpSolit, a=LpSolit

---
 Bugzilla/Object.pm         |  3 ++-
 Bugzilla/Product.pm        | 11 +++++++++++
 Bugzilla/User.pm           | 11 ++++++-----
 Bugzilla/WebService/Bug.pm |  2 +-
 4 files changed, 20 insertions(+), 7 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index 92353b6a0..4ee362945 100644
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -134,7 +134,8 @@ sub check {
         # We don't want to override the normal template "user" object if
         # "user" is one of the params.
         delete $param->{user};
-        ThrowUserError('object_does_not_exist', { %$param, class => $class });
+        my $error = delete $param->{_error} || 'object_does_not_exist';
+        ThrowUserError($error, { %$param, class => $class });
     }
     return $obj;
 }
diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index 0228aca02..c993905db 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -913,6 +913,17 @@ sub check_product {
     return $product;
 }
 
+sub check {
+    my ($class, $params) = @_;
+    $params = { name => $params } if !ref $params;
+    $params->{_error} = 'product_access_denied';
+    my $product = $class->SUPER::check($params);
+    if (!Bugzilla->user->can_access_product($product)) {
+        ThrowUserError('product_access_denied', $params);
+    }
+    return $product;
+}
+
 1;
 
 __END__
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 59324383f..06c6be5cb 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -810,8 +810,8 @@ sub get_enterable_products {
 }
 
 sub can_access_product {
-    my ($self, $product_name) = @_;
-
+    my ($self, $product) = @_;
+    my $product_name = blessed($product) ? $product->name : $product;
     return scalar(grep {$_->name eq $product_name} @{$self->get_accessible_products});
 }
 
@@ -2055,10 +2055,11 @@ the database again. Used mostly by L<Bugzilla::Product>.
 
  Returns:     an array of product objects.
 
-=item C<can_access_product(product_name)>
+=item C<can_access_product($product)>
 
-Returns 1 if the user can search or enter bugs into the specified product,
-and 0 if the user should not be aware of the existence of the product.
+Returns 1 if the user can search or enter bugs into the specified product
+(either a L<Bugzilla::Product> or a product name), and 0 if the user should
+not be aware of the existence of the product.
 
 =item C<get_accessible_products>
 
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 6051a1d1c..53f3255d1 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -434,7 +434,7 @@ sub legal_values {
         defined $id || ThrowCodeError('param_required',
             { function => 'Bug.legal_values', param => 'product_id' });
         grep($_->id eq $id, @{Bugzilla->user->get_accessible_products})
-            || ThrowUserError('product_access_denied', { product => $id });
+            || ThrowUserError('product_access_denied', { id => $id });
 
         my $product = new Bugzilla::Product($id);
         my @objects;
-- 
cgit v1.2.3-24-g4f1b