From 71927e7ee069c33019780158670df2415ee1ef3b Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Mon, 31 Mar 2014 15:12:20 +0000 Subject: Bug 989650 - backport bug 294021 to bmo/4.2 to allow requestees to set attachment flags even if they don't have editbugs privs r=glob --- attachment.cgi | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'attachment.cgi') diff --git a/attachment.cgi b/attachment.cgi index 18ac6f57a..3ff16eb44 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -668,7 +668,7 @@ sub update { my $attachment = validateID(); my $bug = $attachment->bug; $attachment->_check_bug; - my $can_edit = $attachment->validate_can_edit($bug->product_id); + my $can_edit = $attachment->validate_can_edit; if ($can_edit) { $attachment->set_description(scalar $cgi->param('description')); @@ -721,11 +721,35 @@ sub update { extra_data => $attachment->id }); } + my ($flags, $new_flags) = + Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars); + if ($can_edit) { - my ($flags, $new_flags) = - Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars); $attachment->set_flags($flags, $new_flags); } + # Requestees can set flags targetted to them, even if they cannot + # edit the attachment. Flag setters can edit their own flags too. + elsif (scalar @$flags) { + my @flag_ids = map { $_->{id} } @$flags; + my $flag_objs = Bugzilla::Flag->new_from_list(\@flag_ids); + my %flag_list = map { $_->id => $_ } @$flag_objs; + + my @editable_flags; + foreach my $flag (@$flags) { + my $flag_obj = $flag_list{$flag->{id}}; + if ($flag_obj->setter_id == $user->id + || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id)) + { + push(@editable_flags, $flag); + } + } + + if (scalar @editable_flags) { + $attachment->set_flags(\@editable_flags, []); + # Flag changes must be committed. + $can_edit = 1; + } + } # Figure out when the changes were made. my $timestamp = $dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)'); -- cgit v1.2.3-24-g4f1b