diff options
author | mkanat%bugzilla.org <> | 2008-10-03 06:53:06 +0000 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2008-10-03 06:53:06 +0000 |
commit | 4b781a339951b8a4e60e3615bf879b339e4574fd (patch) | |
tree | 10ad4f08408e8435fc7025c73527f2ded518bb91 | |
parent | 79cd8e829cd0821368bc7163cba647b8c97fa800 (diff) | |
download | bugs-4b781a339951b8a4e60e3615bf879b339e4574fd.tar bugs-4b781a339951b8a4e60e3615bf879b339e4574fd.tar.gz bugs-4b781a339951b8a4e60e3615bf879b339e4574fd.tar.bz2 bugs-4b781a339951b8a4e60e3615bf879b339e4574fd.tar.xz bugs-4b781a339951b8a4e60e3615bf879b339e4574fd.zip |
Bug 452896: A user with no privs who reported a bug couldn't move it to another product if the target milestone was set
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
-rw-r--r-- | Bugzilla/Bug.pm | 19 | ||||
-rw-r--r-- | template/en/default/bug/process/verify-new-product.html.tmpl | 13 |
2 files changed, 27 insertions, 5 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index d3aa1eeec..3bf5a1906 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -1870,7 +1870,15 @@ sub set_product { Bugzilla->error_mode(ERROR_MODE_DIE); my $component_ok = eval { $self->set_component($comp_name); 1; }; my $version_ok = eval { $self->set_version($vers_name); 1; }; - my $milestone_ok = eval { $self->set_target_milestone($tm_name); 1; }; + my $milestone_ok = 1; + # Reporters can move bugs between products but not set the TM. + if ($self->check_can_change_field('target_milestone', 0, 1)) { + $milestone_ok = eval { $self->set_target_milestone($tm_name); 1; }; + } + else { + # Have to set this directly to bypass the validators. + $self->{target_milestone} = $product->default_milestone; + } # If there were any errors thrown, make sure we don't mess up any # other part of Bugzilla that checks $@. undef $@; @@ -1918,6 +1926,7 @@ sub set_product { if (%vars) { $vars{product} = $product; + $vars{bug} = $self; my $template = Bugzilla->template; $template->process("bug/process/verify-new-product.html.tmpl", \%vars) || ThrowTemplateError($template->error()); @@ -1929,7 +1938,13 @@ sub set_product { # just die if any of these are invalid. $self->set_component($comp_name); $self->set_version($vers_name); - $self->set_target_milestone($tm_name); + if ($self->check_can_change_field('target_milestone', 0, 1)) { + $self->set_target_milestone($tm_name); + } + else { + # Have to set this directly to bypass the validators. + $self->{target_milestone} = $product->default_milestone; + } } if ($product_changed) { diff --git a/template/en/default/bug/process/verify-new-product.html.tmpl b/template/en/default/bug/process/verify-new-product.html.tmpl index 7b5b58a18..2eeb9277e 100644 --- a/template/en/default/bug/process/verify-new-product.html.tmpl +++ b/template/en/default/bug/process/verify-new-product.html.tmpl @@ -49,10 +49,15 @@ <input type="hidden" name="confirm_product_change" value="1"> [%# Verify the version, component, and target milestone fields. %] -<h3>Verify Version, Component[% ", Target Milestone" IF Param("usetargetmilestone") %]</h3> +<h3>Verify Version, Component + [%- ", Target Milestone" + IF Param("usetargetmilestone") + && bug.check_can_change_field('target_milestone', 0, 1) %]</h3> <p> -[% IF Param("usetargetmilestone") %] +[% IF Param("usetargetmilestone") + && bug.check_can_change_field('target_milestone', 0, 1) +%] You are moving the [% terms.bug %](s) to the product <b>[% product.name FILTER html %]</b>, and the version, component, and/or target milestone fields are no longer @@ -93,7 +98,9 @@ default=default_component size=10 %] </td> - [% IF Param("usetargetmilestone") %] + [% IF Param("usetargetmilestone") + && bug.check_can_change_field('target_milestone', 0, 1) + %] <td> <b>Target Milestone:</b><br> [% PROCESS "global/select-menu.html.tmpl" |