Fix for bug 96085: don't allow unauthorized users to access restricted bugs that…

Fix for bug 96085: don't allow unauthorized users to access restricted bugs that do not have a QA contact. Patch by Myk Melez <myk@mozilla.org> r=Jake <jake@acutex.net>

Fix for bug 96085: don't allow unauthorized users to access restricted bugs that…
126c2d75 · myk%mozilla.org · 5391f72b · 126c2d75
Commit 126c2d75 authored Aug 21, 2001 by myk%mozilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 7 deletions

CGI.pl CGI.pl +10 -7

No files found.
--- a/CGI.pl
+++ b/CGI.pl
@@ -294,13 +294,16 @@ sub ValidateBugID {
    my ($isauthorized, $reporter, $assignee, $qacontact, $reporter_accessible, 
        $assignee_accessible, $qacontact_accessible, $cclist_accessible) = FetchSQLData();

-    # Finish validation and return if the user is authorized either by being
-    # a member of all necessary groups or by being the reporter, assignee, or QA contact.
-    return
-      if $isauthorized 
-        || ($reporter_accessible && $reporter == $userid)
-        || ($assignee_accessible && $assignee == $userid)
-        || ($qacontact_accessible && $qacontact == $userid);
+    # Finish validation and return if the user is a member of all groups to which the bug belongs.
+    return if $isauthorized;
+
+    # Finish validation and return if the user is in a role that has access to the bug.
+    if ($userid) {
+        return 
+	  if ($reporter_accessible && $reporter == $userid)
+            || ($assignee_accessible && $assignee == $userid)
+              || ($qacontact_accessible && $qacontact == $userid);
+    }

    # Try to authorize the user one more time by seeing if they are on 
    # the cc: list.  If so, finish validation and return.