Bug 452896: A user with no privs who reported a bug couldn't move it to another…

Bug 452896: A user with no privs who reported a bug couldn't move it to another product if the target milestone was set Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat

Bug 452896: A user with no privs who reported a bug couldn't move it to another…
4b781a33 · mkanat%bugzilla.org · 79cd8e82 · 4b781a33 · 4b781a33
Commit 4b781a33 authored Oct 03, 2008 by mkanat%bugzilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 5 deletions

Bug.pm Bugzilla/Bug.pm +17 -2

verify-new-product.html.tmpl template/en/default/bug/process/verify-new-product.html.tmpl +10 -3

No files found.
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1870,7 +1870,15 @@ sub set_product {
        Bugzilla->error_mode(ERROR_MODE_DIE);
        my $component_ok = eval { $self->set_component($comp_name);      1; };
        my $version_ok   = eval { $self->set_version($vers_name);        1; };
-        my $milestone_ok = eval { $self->set_target_milestone($tm_name); 1; };
+        my $milestone_ok = 1;
+        # Reporters can move bugs between products but not set the TM.
+        if ($self->check_can_change_field('target_milestone', 0, 1)) {
+            $milestone_ok = eval { $self->set_target_milestone($tm_name); 1; };
+        }
+        else {
+            # Have to set this directly to bypass the validators.
+            $self->{target_milestone} = $product->default_milestone;
+        }
        # If there were any errors thrown, make sure we don't mess up any
        # other part of Bugzilla that checks $@.
        undef $@;
@@ -1918,6 +1926,7 @@ sub set_product {
        if (%vars) {
            $vars{product} = $product;
+            $vars{bug} = $self;
            my $template = Bugzilla->template;
            $template->process("bug/process/verify-new-product.html.tmpl",
                \%vars) || ThrowTemplateError($template->error());
@@ -1929,7 +1938,13 @@ sub set_product {
        # just die if any of these are invalid.
        $self->set_component($comp_name);
        $self->set_version($vers_name);
-        $self->set_target_milestone($tm_name);
+        if ($self->check_can_change_field('target_milestone', 0, 1)) {
+            $self->set_target_milestone($tm_name);
+        }
+        else {
+            # Have to set this directly to bypass the validators.
+            $self->{target_milestone} = $product->default_milestone;
+        }
    }
    if ($product_changed) {

--- a/template/en/default/bug/process/verify-new-product.html.tmpl
+++ b/template/en/default/bug/process/verify-new-product.html.tmpl
@@ -49,10 +49,15 @@
 <input type="hidden" name="confirm_product_change" value="1">
 [%# Verify the version, component, and target milestone fields. %]
-<h3>Verify Version, Component[% ", Target Milestone" IF Param("usetargetmilestone") %]</h3>
+<h3>Verify Version, Component
+  [%- ", Target Milestone" 
+      IF Param("usetargetmilestone")
+         && bug.check_can_change_field('target_milestone', 0, 1) %]</h3>
 <p>
-[% IF Param("usetargetmilestone") %]
+[% IF Param("usetargetmilestone") 
+   && bug.check_can_change_field('target_milestone', 0, 1) 
+%]
  You are moving the [% terms.bug %](s) to the product 
  <b>[% product.name FILTER html %]</b>,
  and the version, component, and/or target milestone fields are no longer
@@ -93,7 +98,9 @@
                 default=default_component
                 size=10 %]
    </td>
-    [% IF Param("usetargetmilestone") %]
+    [% IF Param("usetargetmilestone") 
+          && bug.check_can_change_field('target_milestone', 0, 1) 
+    %]
      <td>
        <b>Target Milestone:</b><br>
      [% PROCESS "global/select-menu.html.tmpl"