From dace6ab711a16731f1015cd9bd47f12f25165212 Mon Sep 17 00:00:00 2001
From: Byron Jones <bjones@mozilla.com>
Date: Wed, 30 Oct 2013 15:29:08 +0800
Subject: Bug 927778: users without canconfirm cannot set needinfo, and can
 clear needinfo requests which aren't targeted at them

---
 .../Needinfo/template/en/default/bug/needinfo.html.tmpl     | 13 +++++++++++--
 .../en/default/hook/global/user-error-errors.html.tmpl      | 13 +++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 extensions/Needinfo/template/en/default/hook/global/user-error-errors.html.tmpl

(limited to 'extensions/Needinfo/template/en/default')

diff --git a/extensions/Needinfo/template/en/default/bug/needinfo.html.tmpl b/extensions/Needinfo/template/en/default/bug/needinfo.html.tmpl
index 0e023fcc2..60a1b0a1c 100644
--- a/extensions/Needinfo/template/en/default/bug/needinfo.html.tmpl
+++ b/extensions/Needinfo/template/en/default/bug/needinfo.html.tmpl
@@ -34,9 +34,11 @@
     [% FOREACH flag = needinfo_flags %]
       <tr>
         [% IF !flag.requestee || flag.requestee.id == user.id %]
+          [%# needinfo targetted at the current user, or anyone %]
           <td align="center">
             <input type="checkbox" id="needinfo_override_[% flag.id FILTER html %]"
-                   name="needinfo_override_[% flag.id FILTER html %]" value="1" checked>
+                   name="needinfo_override_[% flag.id FILTER html %]" value="1"
+                   [% "checked" IF flag.requestee || user.in_group("canconfirm") %]>
           </td>
           <td>
             <label for="needinfo_override_[% flag.id FILTER html %]">
@@ -44,7 +46,8 @@
               <em>[% IF !flag.requestee %]anyone[% ELSE %][% flag.requestee.login FILTER html %][% END %]</em>.
             </label>
           </td>
-        [% ELSE %]
+        [% ELSIF user.in_group("canconfirm") || flag.setter_id == user.id %]
+          [%# needinfo targetted at someone else, but the user can clear %]
           <td align="center">
             <input type="checkbox" id="needinfo_override_[% flag.id FILTER html %]"
                    name="needinfo_override_[% flag.id FILTER html %]" value="1">
@@ -55,6 +58,12 @@
               (clears the needinfo request).
             </label>
           </td>
+        [% ELSE %]
+          [%# current user does not have permissions to clear needinfo %]
+          <td>&nbsp;</td>
+          <td>
+            Needinfo requested from <em>[% flag.requestee.login FILTER html %]</em>.
+          </td>
         [% END %]
       </tr>
     [% END %]
diff --git a/extensions/Needinfo/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Needinfo/template/en/default/hook/global/user-error-errors.html.tmpl
new file mode 100644
index 000000000..f1241bc61
--- /dev/null
+++ b/extensions/Needinfo/template/en/default/hook/global/user-error-errors.html.tmpl
@@ -0,0 +1,13 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% IF error == "needinfo_illegal_change" %]
+  [% title = 'Needinfo Illegal Change' %]
+  Only the requestee or a user with the required permissions can clear a
+  needinfo flag.
+[% END %]
-- 
cgit v1.2.3-24-g4f1b