Bug 1149055: flag requestees are unable to set an attachment flag via a the…

Bug 1149055: flag requestees are unable to set an attachment flag via a the update_attachment webservice if they do not have editbugs r=dkl,a=glob

Bug 1149055: flag requestees are unable to set an attachment flag via a the…
ae30ea26 · Byron Jones · fff3c761 · ae30ea26
Commit ae30ea26 authored May 08, 2015 by Byron Jones
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 6 deletions

Bug.pm Bugzilla/WebService/Bug.pm +27 -6

No files found.
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -872,8 +872,6 @@ sub update_attachment {
          || ThrowUserError("invalid_attach_id", { attach_id => $id });
        my $bug = $attachment->bug;
        $attachment->_check_bug;
-        $attachment->validate_can_edit
-          || ThrowUserError("illegal_attachment_edit", { attach_id => $id });

        push @attachments, $attachment;
        $bugs{$bug->id} = $bug;
@@ -884,10 +882,33 @@ sub update_attachment {

    # Update the values
    foreach my $attachment (@attachments) {
-        $attachment->set_all($params);
-        if ($flags) {
-            my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment);
-            $attachment->set_flags($old_flags, $new_flags);
+        my ($update_flags, $new_flags) = $flags
+            ? extract_flags($flags, $attachment->bug, $attachment)
+            : ([], []);
+        if ($attachment->validate_can_edit) {
+            $attachment->set_all($params);
+            $attachment->set_flags($update_flags, $new_flags) if $flags;
+        }
+        elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) {
+            # Requestees can set flags targetted to them, even if they cannot
+            # edit the attachment. Flag setters can edit their own flags too.
+            my %flag_list = map { $_->{id} => $_ } @$update_flags;
+            my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]);
+            my @editable_flags;
+            foreach my $flag_obj (@$flag_objs) {
+                if ($flag_obj->setter_id == $user->id
+                    || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id))
+                {
+                    push(@editable_flags, $flag_list{$flag_obj->id});
+                }
+            }
+            if (!scalar @editable_flags) {
+                ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id });
+            }
+            $attachment->set_flags(\@editable_flags, []);
+        }
+        else {
+            ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id });
        }
    }