From 3ae054763b8f3de1dae7e8c673c850d6d15185ca Mon Sep 17 00:00:00 2001
From: Byron Jones <bjones@mozilla.com>
Date: Fri, 15 Nov 2013 00:37:12 +0800
Subject: Bug 938568: Unprivileged users unable to comment on bugs

---
 extensions/TrackingFlags/Extension.pm              | 24 +++++++++++++++++++++-
 .../hook/global/user-error-errors.html.tmpl        |  2 +-
 2 files changed, 24 insertions(+), 2 deletions(-)

(limited to 'extensions/TrackingFlags')

diff --git a/extensions/TrackingFlags/Extension.pm b/extensions/TrackingFlags/Extension.pm
index 5a7e846ad..b9b1956f0 100644
--- a/extensions/TrackingFlags/Extension.pm
+++ b/extensions/TrackingFlags/Extension.pm
@@ -393,6 +393,9 @@ sub bug_create_cf_accessors {
         if (!Bugzilla::Bug->can("set_$flag_name")) {
             my $setter = sub {
                 my ($self, $value) = @_;
+                $value = ref($value) eq 'ARRAY'
+                         ? $value->[0]
+                         : $value;
                 $self->set($flag_name, $value);
             };
             no strict 'refs';
@@ -496,7 +499,7 @@ sub object_end_of_set_all {
     foreach my $flag (@$tracking_flags) {
         my $flag_name = $flag->name;
         if (exists $params->{$flag_name}) {
-            my $value = ref($params->{$flag_name})
+            my $value = ref($params->{$flag_name}) eq 'ARRAY'
                         ? $params->{$flag_name}->[0]
                         : $params->{$flag_name};
             $object->set($flag_name, $value);
@@ -504,6 +507,25 @@ sub object_end_of_set_all {
     }
 }
 
+sub bug_check_can_change_field {
+    my ($self, $args) = @_;
+    my ($bug, $field, $old_value, $new_value, $priv_results)
+        = @$args{qw(bug field old_value new_value priv_results)};
+
+    return if $field !~ /^cf_/ or $old_value eq $new_value;
+    return unless my $flag = Bugzilla::Extension::TrackingFlags::Flag->new({ name => $field });
+
+    if ($flag->can_set_value($new_value)) {
+        push @$priv_results, PRIVILEGES_REQUIRED_NONE;
+    }
+    else {
+        # we can't return PRIVILEGES_REQUIRED_EMPOWERED as that has different
+        # conditions (eg. it assumes reporters can always change fields).
+        ThrowUserError('tracking_flags_change_denied',
+                       { flag => $flag, value => $new_value });
+    }
+}
+
 sub bug_end_of_update {
     my ($self, $args) = @_;
     my ($bug, $old_bug, $timestamp, $changes)
diff --git a/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl
index 7987c7d8d..fb4dffdf9 100644
--- a/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl
+++ b/extensions/TrackingFlags/template/en/default/hook/global/user-error-errors.html.tmpl
@@ -9,7 +9,7 @@
 [% IF error == "tracking_flags_change_denied" %]
   [% title = "Tracking Flag Modification Denied" %]
   You tried to update the status of the tracking flag '[% flag.name FILTER html %]'
-  [% IF value %] to '[% value.name FILTER html %]'[% END %].
+  [% IF value %] to '[% value FILTER html %]'[% END %].
   Only a user with the required permissions may make this change.
 
 [% ELSIF error == "tracking_flags_missing_mandatory" %]
-- 
cgit v1.2.3-24-g4f1b