Bug 121576: fields should not be editable when viewing a bug if the user is not logged in

Patch by Olav Vitters <olav@bkor.dhs.org> r=LpSolit a=justdave

Bug 121576: fields should not be editable when viewing a bug if the user is not logged in
c33b4eb3 · olav%bkor.dhs.org · e58ccfd7 · c33b4eb3 · c33b4eb3 · c33b4eb3
Commit c33b4eb3 authored Oct 23, 2006 by olav%bkor.dhs.org
Show whitespace changes
Inline Side-by-side

Showing with 34 additions and 20 deletions

Bug.pm Bugzilla/Bug.pm +1 -8

edit.html.tmpl template/en/default/bug/edit.html.tmpl +31 -11

filterexceptions.pl template/en/default/filterexceptions.pl +2 -1

No files found.
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1192,14 +1192,7 @@ sub user {
    my $user = Bugzilla->user;
    my $canmove = Bugzilla->params->{'move-enabled'} && $user->is_mover;
-    # In the below, if the person hasn't logged in, then we treat them
+    my $unknown_privileges = $user->in_group("editbugs");
-    # as if they can do anything.  That's because we don't know why they
-    # haven't logged in; it may just be because they don't use cookies.
-    # Display everything as if they have all the permissions in the
-    # world; their permissions will get checked when they log in and
-    # actually try to make the change.
-    my $unknown_privileges = !$user->id
-                             || $user->in_group("editbugs");
    my $canedit = $unknown_privileges
                  || $user->id == $self->{assigned_to_id}
                  || (Bugzilla->params->{'useqacontact'}

--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -20,6 +20,7 @@
  #                 Vaskin Kissoyan <vkissoyan@yahoo.com>
  #                 Max Kanat-Alexander <mkanat@bugzilla.org>
  #                 Frédéric Buclin <LpSolit@gmail.com>
+  #                 Olav Vitters <olav@bkor.dhs.org>
  #%]
 [% PROCESS global/variables.none.tmpl %]
@@ -215,7 +216,7 @@
              [% FOREACH field = fields %]
                <tr>
                  [% PROCESS bug/field.html.tmpl value=bug.${field.name}
-                                                 editable = bug.check_can_change_field(field.name, 0, 1) || !user.id
+                                                 editable = bug.check_can_change_field(field.name, 0, 1)
                                                 value_span = 2 %]
                </tr>
              [% END %]
@@ -262,11 +263,23 @@
          <table cellspacing="1" cellpadding="1">
            <tr>
              <td colspan="2" valign="top">
+                [% IF user.id %]
                  [% IF bug.flag_types.size > 0 %]
                    [% PROCESS "flag/list.html.tmpl" flag_no_header = 1
                                                     flag_types = bug.flag_types
                                                     any_flags_requesteeble = bug.any_flags_requesteeble %]
                  [% END %]
+                [% ELSE %]
+                  [% FOREACH type = bug.flag_types %]
+                    [% FOREACH flag = type.flags %]
+                        [% flag.setter.nick FILTER html %]:
+                        [%+ type.name FILTER html FILTER no_break %][% flag.status %]
+                        [%+ IF flag.requestee %]
+                          ([% flag.requestee.nick FILTER html %])
+                        [% END %]<br>
+                    [% END %]
+                  [% END %]
+                [% END %]
              </td>
            </tr>
          </table>
@@ -362,6 +375,7 @@
  <br>
  <table cellpadding="1" cellspacing="1">
    <tr>
+      [% IF user.id %]
        <td>
          <label for="comment" accesskey="c"><b>Additional <u>C</u>omments</b></label>:
          [% IF Param("insidergroup") && user.in_group(Param("insidergroup")) %]
@@ -396,6 +410,7 @@
            <label for="addselfcc">Add [% user.identity FILTER html %] to CC list</label>
          [% END %]
        </td>
+      [% END %]
      <td valign="top">
        <fieldset>
@@ -491,7 +506,7 @@
    [% END %]
  [% END %]
-[% PROCESS bug/knob.html.tmpl %]
+[% PROCESS bug/knob.html.tmpl IF user.id %]
 [%# *** Additional Comments *** %]
@@ -500,7 +515,7 @@
 <div id="comments">
 [% PROCESS bug/comments.html.tmpl
   comments = bug.longdescs
-   mode = "edit"
+   mode = user.id ? "edit" : "show"
 %]
 </div>
@@ -658,7 +673,7 @@
        <label for="qa_contact" accesskey="q"><b><u>Q</u>A Contact</b></label>:
      </td>
      <td colspan="7">
-        [% IF bug.check_can_change_field("qa_contact", 0, 1) || !user.id %]
+        [% IF bug.check_can_change_field("qa_contact", 0, 1) %]
          [% INCLUDE global/userselect.html.tmpl
              id => "qa_contact"
              name => "qa_contact"
@@ -667,7 +682,7 @@
              emptyok => 1
          %]
        [% ELSE %]
-          <input type="hidden" name="qa_contact"
+          <input type="hidden" name="qa_contact" id="qa_contact"
                 value="[% bug.qa_contact.login FILTER html %]">
          <a href="mailto:[% bug.qa_contact.email FILTER html %]">
            [% IF bug.qa_contact.login && bug.qa_contact.login.length > 30 %]
@@ -683,6 +698,7 @@
    </tr>
    [% END %]
+    [% IF user.id %]
      <tr>
        <td align="right" valign="top">
          <label for="newcc" accesskey="a"><b><u>A</u>dd&nbsp;CC</b></label>:
@@ -697,6 +713,7 @@
            %]
        </td>
      </tr>
+    [% END %]
    <tr>
      [% IF bug.cc %]
@@ -704,15 +721,18 @@
          <label for="cc"><b>CC</b></label>:
        </td>
        <td valign="top">
-          <select id="cc" name="cc" multiple="multiple" size="5">
+          <select id="cc" name="cc" multiple="multiple" size="5"
+                  [%- " disabled=\"disabled\"" IF !user.id %]>
          [% FOREACH c = bug.cc %]
            <option value="[% c FILTER html %]">[% c FILTER html %]</option>
          [% END %]
          </select>
+          [% IF user.id %]
            <br>
            <input type="checkbox" id="removecc" name="removecc">
            [%%]<label for="removecc">Remove selected CCs</label>
            <br>
+          [% END %]
        </td>
      [% ELSE %]
        <td colspan="2"><input type="hidden" name="cc" value=""></td>
@@ -736,11 +756,11 @@
  [% END %]
  </td>
  <td>
-    [% IF bug.check_can_change_field(dep.fieldname, 0, 1) || !user.id %]
+    [% IF bug.check_can_change_field(dep.fieldname, 0, 1) %]
      <input name="[% dep.fieldname %]" id="[% dep.fieldname %]"
             value="[% bug.${dep.fieldname}.join(', ') %]">
    [% ELSE %]
-      <input type="hidden" name="[% dep.fieldname %]"
+      <input type="hidden" id="[% dep.fieldname %]" name="[% dep.fieldname %]"
             value="[% bug.${dep.fieldname}.join(', ') %]">
    [% END %]
  </td>
@@ -753,7 +773,7 @@
 [% BLOCK select %]
  <td>
-    [% IF bug.check_can_change_field(selname, 0, 1) || !user.id %]
+    [% IF bug.check_can_change_field(selname, 0, 1) %]
      <select id="[% selname %]" name="[% selname %]">
        [% FOREACH x = bug.choices.${selname} %]
          <option value="[% x FILTER html %]"
@@ -762,7 +782,7 @@
        [% END %]
      </select>
    [% ELSE %]
-      <input type="hidden" name="[% selname %]" value="[% bug.${selname} FILTER html %]">
+      <input type="hidden" id="[% selname %]" name="[% selname %]" value="[% bug.${selname} FILTER html %]">
      [% bug.${selname} FILTER html %]
    [% END %]
  </td>
@@ -775,7 +795,7 @@
 [% BLOCK input %]
  <td[% " colspan=\"$colspan\"" IF colspan %]>
    [% val = value ? value : bug.$inputname %]
-    [% IF bug.check_can_change_field(inputname, 0, 1) || !user.id %]
+    [% IF bug.check_can_change_field(inputname, 0, 1) %]
       <input id="[% inputname %]" name="[% inputname %]"
              value="[% val FILTER html %]"[% " size=\"$size\"" IF size %]
              [% " maxlength=\"$maxlength\"" IF maxlength %]>

--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -319,7 +319,8 @@
  'inputname',
  '" colspan=\"$colspan\"" IF colspan',
  '" size=\"$size\"" IF size',
-  '" maxlength=\"$maxlength\"" IF maxlength'
+  '" maxlength=\"$maxlength\"" IF maxlength',
+  'flag.status',
 ],
 'bug/knob.html.tmpl' => [