Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
7a9a4fdc
Commit
7a9a4fdc
authored
Sep 01, 2011
by
Robert Webb
Committed by
Max Kanat-Alexander
Sep 01, 2011
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 683025 - Add a check_for_edit to Bugzilla::Bug to return the bug object
if the user can edit the bug r=mkanat, a=mkanat
parent
4055a481
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
17 additions
and
37 deletions
+17
-37
Bug.pm
Bugzilla/Bug.pm
+10
-0
Local.pm
Bugzilla/BugUrl/Bugzilla/Local.pm
+1
-7
Bug.pm
Bugzilla/WebService/Bug.pm
+4
-19
process_bug.cgi
process_bug.cgi
+2
-11
No files found.
Bugzilla/Bug.pm
View file @
7a9a4fdc
...
...
@@ -403,6 +403,16 @@ sub check {
return
$self
;
}
sub
check_for_edit
{
my
$class
=
shift
;
my
$bug
=
$class
->
check
(
@_
);
Bugzilla
->
user
->
can_edit_product
(
$bug
->
product_id
)
||
ThrowUserError
(
"product_edit_denied"
,
{
product
=>
$bug
->
product
});
return
$bug
;
}
sub
check_is_visible
{
my
$self
=
shift
;
my
$user
=
Bugzilla
->
user
;
...
...
Bugzilla/BugUrl/Bugzilla/Local.pm
View file @
7a9a4fdc
...
...
@@ -119,7 +119,7 @@ sub _check_value {
}
my
$ref_bug_id
=
$uri
->
query_param
(
'id'
);
my
$ref_bug
=
Bugzilla::
Bug
->
check
(
$ref_bug_id
);
my
$ref_bug
=
Bugzilla::
Bug
->
check
_for_edit
(
$ref_bug_id
);
my
$self_bug_id
=
$params
->
{
bug_id
};
$params
->
{
ref_bug
}
=
$ref_bug
;
...
...
@@ -127,12 +127,6 @@ sub _check_value {
ThrowUserError
(
'see_also_self_reference'
);
}
my
$product
=
$ref_bug
->
product_obj
;
if
(
!
Bugzilla
->
user
->
can_edit_product
(
$product
->
id
))
{
ThrowUserError
(
"product_edit_denied"
,
{
product
=>
$product
->
name
});
}
return
$uri
;
}
...
...
Bugzilla/WebService/Bug.pm
View file @
7a9a4fdc
...
...
@@ -481,7 +481,7 @@ sub update {
my
$ids
=
delete
$params
->
{
ids
};
defined
$ids
||
ThrowCodeError
(
'param_required'
,
{
param
=>
'ids'
});
my
@bugs
=
map
{
Bugzilla::
Bug
->
check
(
$_
)
}
@$ids
;
my
@bugs
=
map
{
Bugzilla::
Bug
->
check
_for_edit
(
$_
)
}
@$ids
;
my
%
values
=
%
$params
;
$values
{
other_bugs
}
=
\
@bugs
;
...
...
@@ -497,11 +497,6 @@ sub update {
delete
$values
{
flags
};
foreach
my
$bug
(
@bugs
)
{
if
(
!
$user
->
can_edit_product
(
$bug
->
product_obj
->
id
)
)
{
ThrowUserError
(
"product_edit_denied"
,
{
product
=>
$bug
->
product
});
}
$bug
->
set_all
(
\%
values
);
}
...
...
@@ -632,11 +627,7 @@ sub add_attachment {
defined
$params
->
{
data
}
||
ThrowCodeError
(
'param_required'
,
{
param
=>
'data'
});
my
@bugs
=
map
{
Bugzilla::
Bug
->
check
(
$_
)
}
@
{
$params
->
{
ids
}
};
foreach
my
$bug
(
@bugs
)
{
Bugzilla
->
user
->
can_edit_product
(
$bug
->
product_id
)
||
ThrowUserError
(
"product_edit_denied"
,
{
product
=>
$bug
->
product
});
}
my
@bugs
=
map
{
Bugzilla::
Bug
->
check_for_edit
(
$_
)
}
@
{
$params
->
{
ids
}
};
my
@created
;
$dbh
->
bz_start_transaction
();
...
...
@@ -681,11 +672,8 @@ sub add_comment {
(
defined
$comment
&&
trim
(
$comment
)
ne
''
)
||
ThrowCodeError
(
'param_required'
,
{
param
=>
'comment'
});
my
$bug
=
Bugzilla::
Bug
->
check
(
$params
->
{
id
});
my
$bug
=
Bugzilla::
Bug
->
check
_for_edit
(
$params
->
{
id
});
$user
->
can_edit_product
(
$bug
->
product_id
)
||
ThrowUserError
(
"product_edit_denied"
,
{
product
=>
$bug
->
product
});
# Backwards-compatibility for versions before 3.6
if
(
defined
$params
->
{
private
})
{
$params
->
{
is_private
}
=
delete
$params
->
{
private
};
...
...
@@ -726,10 +714,7 @@ sub update_see_also {
my
@bugs
;
foreach
my
$id
(
@
{
$params
->
{
ids
}
})
{
my
$bug
=
Bugzilla::
Bug
->
check
(
$id
);
$user
->
can_edit_product
(
$bug
->
product_id
)
||
ThrowUserError
(
"product_edit_denied"
,
{
product
=>
$bug
->
product
});
my
$bug
=
Bugzilla::
Bug
->
check_for_edit
(
$id
);
push
(
@bugs
,
$bug
);
if
(
$remove
)
{
$bug
->
remove_see_also
(
$_
)
foreach
@$remove
;
...
...
process_bug.cgi
View file @
7a9a4fdc
...
...
@@ -96,14 +96,14 @@ sub should_set {
# Create a list of objects for all bugs being modified in this request.
my
@bug_objects
;
if
(
defined
$cgi
->
param
(
'id'
))
{
my
$bug
=
Bugzilla::
Bug
->
check
(
scalar
$cgi
->
param
(
'id'
));
my
$bug
=
Bugzilla::
Bug
->
check
_for_edit
(
scalar
$cgi
->
param
(
'id'
));
$cgi
->
param
(
'id'
,
$bug
->
id
);
push
(
@bug_objects
,
$bug
);
}
else
{
foreach
my
$i
(
$cgi
->
param
())
{
if
(
$i
=~
/^id_([1-9][0-9]*)/
)
{
my
$id
=
$1
;
push
(
@bug_objects
,
Bugzilla::
Bug
->
check
(
$id
));
push
(
@bug_objects
,
Bugzilla::
Bug
->
check
_for_edit
(
$id
));
}
}
}
...
...
@@ -213,15 +213,6 @@ else {
$action
=
'nothing'
;
}
# For each bug, we have to check if the user can edit the bug the product
# is currently in, before we allow them to change anything.
foreach
my
$bug
(
@bug_objects
)
{
if
(
!
$user
->
can_edit_product
(
$bug
->
product_obj
->
id
))
{
ThrowUserError
(
"product_edit_denied"
,
{
product
=>
$bug
->
product
});
}
}
# Component, target_milestone, and version are in here just in case
# the 'product' field wasn't defined in the CGI. It doesn't hurt to set
# them twice.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
