Skip to content

bugzilla
bugzilla
Commit c33b4eb3 authored by olav%bkor.dhs.org's avatar olav%bkor.dhs.org
Browse files
Options

Bug 121576: fields should not be editable when viewing a bug if the user is not logged in

Patch by Olav Vitters <olav@bkor.dhs.org> r=LpSolit a=justdave
parent e58ccfd7
Hide whitespace changes
Inline Side-by-side
Showing with 89 additions and 75 deletions
Bugzilla/Bug.pm
View file @ c33b4eb3
...@@ -1192,14 +1192,7 @@ sub user { ...@@ -1192,14 +1192,7 @@ sub user {
my $user = Bugzilla->user; my $user = Bugzilla->user;
my $canmove = Bugzilla->params->{'move-enabled'} && $user->is_mover; my $canmove = Bugzilla->params->{'move-enabled'} && $user->is_mover;
# In the below, if the person hasn't logged in, then we treat them my $unknown_privileges = $user->in_group("editbugs");
# as if they can do anything. That's because we don't know why they
# haven't logged in; it may just be because they don't use cookies.
# Display everything as if they have all the permissions in the
# world; their permissions will get checked when they log in and
# actually try to make the change.
my $unknown_privileges = !$user->id
|| $user->in_group("editbugs");
my $canedit = $unknown_privileges my $canedit = $unknown_privileges
|| $user->id == $self->{assigned_to_id} || $user->id == $self->{assigned_to_id}
|| (Bugzilla->params->{'useqacontact'} || (Bugzilla->params->{'useqacontact'}
......
template/en/default/bug/edit.html.tmpl
View file @ c33b4eb3
...@@ -20,6 +20,7 @@ ...@@ -20,6 +20,7 @@
# Vaskin Kissoyan <vkissoyan@yahoo.com> # Vaskin Kissoyan <vkissoyan@yahoo.com>
# Max Kanat-Alexander <mkanat@bugzilla.org> # Max Kanat-Alexander <mkanat@bugzilla.org>
# Frédéric Buclin <LpSolit@gmail.com> # Frédéric Buclin <LpSolit@gmail.com>
# Olav Vitters <olav@bkor.dhs.org>
#%] #%]
[% PROCESS global/variables.none.tmpl %] [% PROCESS global/variables.none.tmpl %]
...@@ -215,7 +216,7 @@ ...@@ -215,7 +216,7 @@
[% FOREACH field = fields %] [% FOREACH field = fields %]
<tr> <tr>
[% PROCESS bug/field.html.tmpl value=bug.${field.name} [% PROCESS bug/field.html.tmpl value=bug.${field.name}
editable = bug.check_can_change_field(field.name, 0, 1) || !user.id editable = bug.check_can_change_field(field.name, 0, 1)
value_span = 2 %] value_span = 2 %]
</tr> </tr>
[% END %] [% END %]
...@@ -262,10 +263,22 @@ ...@@ -262,10 +263,22 @@
<table cellspacing="1" cellpadding="1"> <table cellspacing="1" cellpadding="1">
<tr> <tr>
<td colspan="2" valign="top"> <td colspan="2" valign="top">
[% IF bug.flag_types.size > 0 %] [% IF user.id %]
[% PROCESS "flag/list.html.tmpl" flag_no_header = 1 [% IF bug.flag_types.size > 0 %]
flag_types = bug.flag_types [% PROCESS "flag/list.html.tmpl" flag_no_header = 1
any_flags_requesteeble = bug.any_flags_requesteeble %] flag_types = bug.flag_types
any_flags_requesteeble = bug.any_flags_requesteeble %]
[% END %]
[% ELSE %]
[% FOREACH type = bug.flag_types %]
[% FOREACH flag = type.flags %]
[% flag.setter.nick FILTER html %]:
[%+ type.name FILTER html FILTER no_break %][% flag.status %]
[%+ IF flag.requestee %]
([% flag.requestee.nick FILTER html %])
[% END %]<br>
[% END %]
[% END %]
[% END %] [% END %]
</td> </td>
</tr> </tr>
...@@ -362,40 +375,42 @@ ...@@ -362,40 +375,42 @@
<br> <br>
<table cellpadding="1" cellspacing="1"> <table cellpadding="1" cellspacing="1">
<tr> <tr>
<td> [% IF user.id %]
<label for="comment" accesskey="c"><b>Additional <u>C</u>omments</b></label>: <td>
[% IF Param("insidergroup") && user.in_group(Param("insidergroup")) %] <label for="comment" accesskey="c"><b>Additional <u>C</u>omments</b></label>:
<input type="checkbox" name="commentprivacy" value="1" [% IF Param("insidergroup") && user.in_group(Param("insidergroup")) %]
id="newcommentprivacy" <input type="checkbox" name="commentprivacy" value="1"
onClick="updateCommentTagControl(this, form)"> id="newcommentprivacy"
<label for="newcommentprivacy">Private</label> onClick="updateCommentTagControl(this, form)">
[% END %] <label for="newcommentprivacy">Private</label>
<br> [% END %]
<a name="add_comment"></a>
[% INCLUDE global/textarea.html.tmpl
name = 'comment'
id = 'comment'
minrows = 10
maxrows = 25
cols = constants.COMMENT_COLS
%]
[% IF NOT bug.cc || NOT bug.cc.contains(user.login) %]
[% has_role = bug.user.isreporter
|| bug.assigned_to.id == user.id
|| (Param('useqacontact')
&& bug.qa_contact
&& bug.qa_contact.id == user.id) %]
<br> <br>
<input type="checkbox" id="addselfcc" name="addselfcc" <a name="add_comment"></a>
[% " checked=\"checked\"" [% INCLUDE global/textarea.html.tmpl
IF user.settings.state_addselfcc.value == 'always' name = 'comment'
|| (!has_role id = 'comment'
&& user.settings.state_addselfcc.value == 'cc_unless_role') %]> minrows = 10
<label for="addselfcc">Add [% user.identity FILTER html %] to CC list</label> maxrows = 25
[% END %] cols = constants.COMMENT_COLS
</td> %]
[% IF NOT bug.cc || NOT bug.cc.contains(user.login) %]
[% has_role = bug.user.isreporter
|| bug.assigned_to.id == user.id
|| (Param('useqacontact')
&& bug.qa_contact
&& bug.qa_contact.id == user.id) %]
<br>
<input type="checkbox" id="addselfcc" name="addselfcc"
[% " checked=\"checked\""
IF user.settings.state_addselfcc.value == 'always'
|| (!has_role
&& user.settings.state_addselfcc.value == 'cc_unless_role') %]>
<label for="addselfcc">Add [% user.identity FILTER html %] to CC list</label>
[% END %]
</td>
[% END %]
<td valign="top"> <td valign="top">
<fieldset> <fieldset>
...@@ -491,7 +506,7 @@ ...@@ -491,7 +506,7 @@
[% END %] [% END %]
[% END %] [% END %]
[% PROCESS bug/knob.html.tmpl %] [% PROCESS bug/knob.html.tmpl IF user.id %]
[%# *** Additional Comments *** %] [%# *** Additional Comments *** %]
...@@ -500,7 +515,7 @@ ...@@ -500,7 +515,7 @@
<div id="comments"> <div id="comments">
[% PROCESS bug/comments.html.tmpl [% PROCESS bug/comments.html.tmpl
comments = bug.longdescs comments = bug.longdescs
mode = "edit" mode = user.id ? "edit" : "show"
%] %]
</div> </div>
...@@ -658,7 +673,7 @@ ...@@ -658,7 +673,7 @@
<label for="qa_contact" accesskey="q"><b><u>Q</u>A Contact</b></label>: <label for="qa_contact" accesskey="q"><b><u>Q</u>A Contact</b></label>:
</td> </td>
<td colspan="7"> <td colspan="7">
[% IF bug.check_can_change_field("qa_contact", 0, 1) || !user.id %] [% IF bug.check_can_change_field("qa_contact", 0, 1) %]
[% INCLUDE global/userselect.html.tmpl [% INCLUDE global/userselect.html.tmpl
id => "qa_contact" id => "qa_contact"
name => "qa_contact" name => "qa_contact"
...@@ -667,7 +682,7 @@ ...@@ -667,7 +682,7 @@
emptyok => 1 emptyok => 1
%] %]
[% ELSE %] [% ELSE %]
<input type="hidden" name="qa_contact" <input type="hidden" name="qa_contact" id="qa_contact"
value="[% bug.qa_contact.login FILTER html %]"> value="[% bug.qa_contact.login FILTER html %]">
<a href="mailto:[% bug.qa_contact.email FILTER html %]"> <a href="mailto:[% bug.qa_contact.email FILTER html %]">
[% IF bug.qa_contact.login && bug.qa_contact.login.length > 30 %] [% IF bug.qa_contact.login && bug.qa_contact.login.length > 30 %]
...@@ -683,20 +698,22 @@ ...@@ -683,20 +698,22 @@
</tr> </tr>
[% END %] [% END %]
<tr> [% IF user.id %]
<td align="right" valign="top"> <tr>
<label for="newcc" accesskey="a"><b><u>A</u>dd&nbsp;CC</b></label>: <td align="right" valign="top">
</td> <label for="newcc" accesskey="a"><b><u>A</u>dd&nbsp;CC</b></label>:
<td> </td>
[% INCLUDE global/userselect.html.tmpl <td>
id => "newcc" [% INCLUDE global/userselect.html.tmpl
name => "newcc" id => "newcc"
value => "" name => "newcc"
size => 30 value => ""
multiple => 5 size => 30
%] multiple => 5
</td> %]
</tr> </td>
</tr>
[% END %]
<tr> <tr>
[% IF bug.cc %] [% IF bug.cc %]
...@@ -704,15 +721,18 @@ ...@@ -704,15 +721,18 @@
<label for="cc"><b>CC</b></label>: <label for="cc"><b>CC</b></label>:
</td> </td>
<td valign="top"> <td valign="top">
<select id="cc" name="cc" multiple="multiple" size="5"> <select id="cc" name="cc" multiple="multiple" size="5"
[%- " disabled=\"disabled\"" IF !user.id %]>
[% FOREACH c = bug.cc %] [% FOREACH c = bug.cc %]
<option value="[% c FILTER html %]">[% c FILTER html %]</option> <option value="[% c FILTER html %]">[% c FILTER html %]</option>
[% END %] [% END %]
</select> </select>
<br> [% IF user.id %]
<input type="checkbox" id="removecc" name="removecc"> <br>
[%%]<label for="removecc">Remove selected CCs</label> <input type="checkbox" id="removecc" name="removecc">
<br> [%%]<label for="removecc">Remove selected CCs</label>
<br>
[% END %]
</td> </td>
[% ELSE %] [% ELSE %]
<td colspan="2"><input type="hidden" name="cc" value=""></td> <td colspan="2"><input type="hidden" name="cc" value=""></td>
...@@ -736,11 +756,11 @@ ...@@ -736,11 +756,11 @@
[% END %] [% END %]
</td> </td>
<td> <td>
[% IF bug.check_can_change_field(dep.fieldname, 0, 1) || !user.id %] [% IF bug.check_can_change_field(dep.fieldname, 0, 1) %]
<input name="[% dep.fieldname %]" id="[% dep.fieldname %]" <input name="[% dep.fieldname %]" id="[% dep.fieldname %]"
value="[% bug.${dep.fieldname}.join(', ') %]"> value="[% bug.${dep.fieldname}.join(', ') %]">
[% ELSE %] [% ELSE %]
<input type="hidden" name="[% dep.fieldname %]" <input type="hidden" id="[% dep.fieldname %]" name="[% dep.fieldname %]"
value="[% bug.${dep.fieldname}.join(', ') %]"> value="[% bug.${dep.fieldname}.join(', ') %]">
[% END %] [% END %]
</td> </td>
...@@ -753,7 +773,7 @@ ...@@ -753,7 +773,7 @@
[% BLOCK select %] [% BLOCK select %]
<td> <td>
[% IF bug.check_can_change_field(selname, 0, 1) || !user.id %] [% IF bug.check_can_change_field(selname, 0, 1) %]
<select id="[% selname %]" name="[% selname %]"> <select id="[% selname %]" name="[% selname %]">
[% FOREACH x = bug.choices.${selname} %] [% FOREACH x = bug.choices.${selname} %]
<option value="[% x FILTER html %]" <option value="[% x FILTER html %]"
...@@ -762,7 +782,7 @@ ...@@ -762,7 +782,7 @@
[% END %] [% END %]
</select> </select>
[% ELSE %] [% ELSE %]
<input type="hidden" name="[% selname %]" value="[% bug.${selname} FILTER html %]"> <input type="hidden" id="[% selname %]" name="[% selname %]" value="[% bug.${selname} FILTER html %]">
[% bug.${selname} FILTER html %] [% bug.${selname} FILTER html %]
[% END %] [% END %]
</td> </td>
...@@ -775,7 +795,7 @@ ...@@ -775,7 +795,7 @@
[% BLOCK input %] [% BLOCK input %]
<td[% " colspan=\"$colspan\"" IF colspan %]> <td[% " colspan=\"$colspan\"" IF colspan %]>
[% val = value ? value : bug.$inputname %] [% val = value ? value : bug.$inputname %]
[% IF bug.check_can_change_field(inputname, 0, 1) || !user.id %] [% IF bug.check_can_change_field(inputname, 0, 1) %]
<input id="[% inputname %]" name="[% inputname %]" <input id="[% inputname %]" name="[% inputname %]"
value="[% val FILTER html %]"[% " size=\"$size\"" IF size %] value="[% val FILTER html %]"[% " size=\"$size\"" IF size %]
[% " maxlength=\"$maxlength\"" IF maxlength %]> [% " maxlength=\"$maxlength\"" IF maxlength %]>
......
template/en/default/filterexceptions.pl
View file @ c33b4eb3
...@@ -319,7 +319,8 @@ ...@@ -319,7 +319,8 @@
'inputname', 'inputname',
'" colspan=\"$colspan\"" IF colspan', '" colspan=\"$colspan\"" IF colspan',
'" size=\"$size\"" IF size', '" size=\"$size\"" IF size',
'" maxlength=\"$maxlength\"" IF maxlength' '" maxlength=\"$maxlength\"" IF maxlength',
'flag.status',
], ],
'bug/knob.html.tmpl' => [ 'bug/knob.html.tmpl' => [
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment