From 5b595f757ec207f03b6e36fe30d5e2ee517c64ca Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 28 Sep 2009 17:24:16 +0000 Subject: Bug 140999: Users without edit permissions for an attachment should still be able to make comments - Patch by Frédéric Buclin a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- attachment.cgi | 82 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 45 insertions(+), 37 deletions(-) (limited to 'attachment.cgi') diff --git a/attachment.cgi b/attachment.cgi index bbbf4afb3..32f6e5ec0 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -572,37 +572,39 @@ sub update { my $attachment = validateID(); my $bug = $attachment->bug; $attachment->_check_bug; - $attachment->validate_can_edit($bug->product_id); # FIXME: allow comments anyway. - - $attachment->set_description(scalar $cgi->param('description')); - $attachment->set_is_patch(scalar $cgi->param('ispatch')); - $attachment->set_content_type(scalar $cgi->param('contenttypeentry')); - $attachment->set_is_obsolete(scalar $cgi->param('isobsolete')); - $attachment->set_is_private(scalar $cgi->param('isprivate')); - $attachment->set_filename(scalar $cgi->param('filename')); - - # Now make sure the attachment has not been edited since we loaded the page. - if (defined $cgi->param('delta_ts') - && $cgi->param('delta_ts') ne $attachment->modification_time) - { - ($vars->{'operations'}) = - Bugzilla::Bug::GetBugActivity($bug->id, $attachment->id, $cgi->param('delta_ts')); - - # The token contains the old modification_time. We need a new one. - $cgi->param('token', issue_hash_token([$attachment->id, $attachment->modification_time])); - - # If the modification date changed but there is no entry in - # the activity table, this means someone commented only. - # In this case, there is no reason to midair. - if (scalar(@{$vars->{'operations'}})) { - $cgi->param('delta_ts', $attachment->modification_time); - $vars->{'attachment'} = $attachment; - - print $cgi->header(); - # Warn the user about the mid-air collision and ask them what to do. - $template->process("attachment/midair.html.tmpl", $vars) - || ThrowTemplateError($template->error()); - exit; + my $can_edit = $attachment->validate_can_edit($bug->product_id); + + if ($can_edit) { + $attachment->set_description(scalar $cgi->param('description')); + $attachment->set_is_patch(scalar $cgi->param('ispatch')); + $attachment->set_content_type(scalar $cgi->param('contenttypeentry')); + $attachment->set_is_obsolete(scalar $cgi->param('isobsolete')); + $attachment->set_is_private(scalar $cgi->param('isprivate')); + $attachment->set_filename(scalar $cgi->param('filename')); + + # Now make sure the attachment has not been edited since we loaded the page. + if (defined $cgi->param('delta_ts') + && $cgi->param('delta_ts') ne $attachment->modification_time) + { + ($vars->{'operations'}) = + Bugzilla::Bug::GetBugActivity($bug->id, $attachment->id, $cgi->param('delta_ts')); + + # The token contains the old modification_time. We need a new one. + $cgi->param('token', issue_hash_token([$attachment->id, $attachment->modification_time])); + + # If the modification date changed but there is no entry in + # the activity table, this means someone commented only. + # In this case, there is no reason to midair. + if (scalar(@{$vars->{'operations'}})) { + $cgi->param('delta_ts', $attachment->modification_time); + $vars->{'attachment'} = $attachment; + + print $cgi->header(); + # Warn the user about the mid-air collision and ask them what to do. + $template->process("attachment/midair.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; + } } } @@ -622,16 +624,22 @@ sub update { $bug->add_comment($comment, { isprivate => $attachment->isprivate }); } - my ($flags, $new_flags) = Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars); - $attachment->set_flags($flags, $new_flags); + if ($can_edit) { + my ($flags, $new_flags) = + Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars); + $attachment->set_flags($flags, $new_flags); + } # Figure out when the changes were made. my $timestamp = $dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)'); - my $changes = $attachment->update($timestamp); - # If there are changes, we updated delta_ts in the DB. We have to - # reflect this change in the bug object. - $bug->{delta_ts} = $timestamp if scalar(keys %$changes); + if ($can_edit) { + my $changes = $attachment->update($timestamp); + # If there are changes, we updated delta_ts in the DB. We have to + # reflect this change in the bug object. + $bug->{delta_ts} = $timestamp if scalar(keys %$changes); + } + # Commit the comment, if any. $bug->update($timestamp); -- cgit v1.2.3-24-g4f1b