From 005af1b6b7e3da76b7c4c4fae9e0f15218d03a8c Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Tue, 18 Mar 2008 14:21:24 +0000 Subject: Bug 413439: Enable "change several bugs at once" if the user has editbugs OR product-specific editbugs for ALL tickets - Patch by miketosh r/a=LpSolit --- buglist.cgi | 50 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 16 deletions(-) (limited to 'buglist.cgi') diff --git a/buglist.cgi b/buglist.cgi index 670844bb9..43d147b82 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -94,10 +94,6 @@ my $dotweak = $cgi->param('tweak') ? 1 : 0; # Log the user in if ($dotweak) { Bugzilla->login(LOGIN_REQUIRED); - Bugzilla->user->in_group("editbugs") - || ThrowUserError("auth_failure", {group => "editbugs", - action => "modify", - object => "multiple_bugs"}); } # Hack to support legacy applications that think the RDF ctype is at format=rdf. @@ -373,6 +369,22 @@ sub GetGroups { return [values %legal_groups]; } +sub _close_standby_message { + my ($contenttype, $disposition, $serverpush) = @_; + my $cgi = Bugzilla->cgi; + + # Close the "please wait" page, then open the buglist page + if ($serverpush) { + print $cgi->multipart_end(); + print $cgi->multipart_start(-type => $contenttype, + -content_disposition => $disposition); + } + else { + print $cgi->header(-type => $contenttype, + -content_disposition => $disposition); + } +} + ################################################################################ # Command Execution @@ -1125,7 +1137,17 @@ $vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype', 'query_based_on'); $vars->{'order'} = $order; -$vars->{'caneditbugs'} = Bugzilla->user->in_group('editbugs'); +$vars->{'caneditbugs'} = 1; + +if (!Bugzilla->user->in_group('editbugs')) { + foreach my $product (keys %$bugproducts) { + my $prod = new Bugzilla::Product({name => $product}); + if (!Bugzilla->user->in_group('editbugs', $prod->id)) { + $vars->{'caneditbugs'} = 0; + last; + } + } +} my @bugowners = keys %$bugowners; if (scalar(@bugowners) > 1 && Bugzilla->user->in_group('editbugs')) { @@ -1144,6 +1166,12 @@ $vars->{'currenttime'} = time(); # The following variables are used when the user is making changes to multiple bugs. if ($dotweak && scalar @bugs) { + if (!$vars->{'caneditbugs'}) { + _close_standby_message('text/html', 'inline', $serverpush); + ThrowUserError('auth_failure', {group => 'editbugs', + action => 'modify', + object => 'multiple_bugs'}); + } $vars->{'dotweak'} = 1; $vars->{'valid_keywords'} = [map($_->name, Bugzilla::Keyword->get_all)]; $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); @@ -1249,17 +1277,7 @@ if ($format->{'extension'} eq "csv") { # Suggest a name for the bug list if the user wants to save it as a file. $disposition .= "; filename=\"$filename\""; -if ($serverpush) { - # Close the "please wait" page, then open the buglist page - print $cgi->multipart_end(); - print $cgi->multipart_start(-type => $contenttype, - -content_disposition => $disposition); -} -else { - print $cgi->header(-type => $contenttype, - -content_disposition => $disposition); -} - +_close_standby_message($contenttype, $disposition, $serverpush); ################################################################################ # Content Generation -- cgit v1.2.3-24-g4f1b