Bug 1151290: It is possible to tell if someone made a private comment on a bug…

Bug 1151290: It is possible to tell if someone made a private comment on a bug even if you are not an 'insider' r=dkl,a=glob

Bug 1151290: It is possible to tell if someone made a private comment on a bug…
b09ffb65 · Simon Green · David Lawrence · 74d7fca1 · b09ffb65
Commit b09ffb65 authored Apr 13, 2015 by Simon Green Committed by David Lawrence Apr 13, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

Search.pm Bugzilla/Search.pm +8 -2

No files found.
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -2515,11 +2515,17 @@ sub _user_nonchanged {
 sub _long_desc_changedby {
    my ($self, $args) = @_;
    my ($chart_id, $joins, $value) = @$args{qw(chart_id joins value)};
    my $table = "longdescs_$chart_id";
    push(@$joins, { table => 'longdescs', as => $table });
    my $user_id = $self->_get_user_id($value);
    $args->{term} = "$table.who = $user_id";
+    # If the user is not part of the insiders group, they cannot see
+    # private comments
+    if (!$self->_user->is_insider) {
+        $args->{term} .= " AND $table.isprivate = 0";
+    }
 }
 sub _long_desc_changedbefore_after {
@@ -2527,7 +2533,7 @@ sub _long_desc_changedbefore_after {
    my ($chart_id, $operator, $value, $joins) =
        @$args{qw(chart_id operator value joins)};
    my $dbh = Bugzilla->dbh;
    my $sql_operator = ($operator =~ /before/) ? '<=' : '>=';
    my $table = "longdescs_$chart_id";
    my $sql_date = $dbh->quote(SqlifyDate($value));