From 0d3a72b793725118641c4d7abf511b4fc98f7aef Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sat, 11 Nov 2006 00:51:27 +0000 Subject: Bug 189627: Implement per-product privileges - Patch by Frédéric Buclin r=mkanat a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editversions.cgi | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'editversions.cgi') diff --git a/editversions.cgi b/editversions.cgi index 486756307..7bda6215d 100755 --- a/editversions.cgi +++ b/editversions.cgi @@ -35,7 +35,6 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; -use Bugzilla::Product; use Bugzilla::Version; use Bugzilla::Token; @@ -53,6 +52,7 @@ my $user = Bugzilla->login(LOGIN_REQUIRED); print $cgi->header(); $user->in_group('editcomponents') + || scalar(@{$user->get_products_by_permission('editcomponents')}) || ThrowUserError("auth_failure", {group => "editcomponents", action => "edit", object => "versions"}); @@ -71,7 +71,13 @@ my $token = $cgi->param('token'); # unless ($product_name) { - $vars->{'products'} = $user->get_selectable_products; + my $selectable_products = $user->get_selectable_products; + # If the user has editcomponents privs for some products only, + # we have to restrict the list of products to display. + unless ($user->in_group('editcomponents')) { + $selectable_products = $user->get_products_by_permission('editcomponents'); + } + $vars->{'products'} = $selectable_products; $vars->{'showbugcounts'} = $showbugcounts; $template->process("admin/versions/select-product.html.tmpl", $vars) @@ -79,13 +85,7 @@ unless ($product_name) { exit; } -# First make sure the product name is valid. -my $product = Bugzilla::Product::check_product($product_name); - -# Then make sure the user is allowed to edit properties of this product. -$user->can_see_product($product->name) - || ThrowUserError('product_access_denied', {product => $product->name}); - +my $product = $user->check_can_admin_product($product_name); # # action='' -> Show nice list of versions -- cgit v1.2.3-24-g4f1b