diff options
author | Byron Jones <glob@mozilla.com> | 2015-05-08 13:30:38 +0800 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-05-08 13:30:38 +0800 |
commit | ae30ea26d562de1ca994029df8de4b1f3eef4756 (patch) | |
tree | 640b4bd5bf83187cedaa3fe6e33e53350d0f4dd3 /Bugzilla | |
parent | fff3c761ed014f88865a12eac78e1f8cf0e09e5d (diff) | |
download | bugs-ae30ea26d562de1ca994029df8de4b1f3eef4756.tar bugs-ae30ea26d562de1ca994029df8de4b1f3eef4756.tar.gz bugs-ae30ea26d562de1ca994029df8de4b1f3eef4756.tar.bz2 bugs-ae30ea26d562de1ca994029df8de4b1f3eef4756.tar.xz bugs-ae30ea26d562de1ca994029df8de4b1f3eef4756.zip |
Bug 1149055: flag requestees are unable to set an attachment flag via a the update_attachment webservice if they do not have editbugs
r=dkl,a=glob
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index c07ef707e..127ea40bb 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -872,8 +872,6 @@ sub update_attachment { || ThrowUserError("invalid_attach_id", { attach_id => $id }); my $bug = $attachment->bug; $attachment->_check_bug; - $attachment->validate_can_edit - || ThrowUserError("illegal_attachment_edit", { attach_id => $id }); push @attachments, $attachment; $bugs{$bug->id} = $bug; @@ -884,10 +882,33 @@ sub update_attachment { # Update the values foreach my $attachment (@attachments) { - $attachment->set_all($params); - if ($flags) { - my ($old_flags, $new_flags) = extract_flags($flags, $attachment->bug, $attachment); - $attachment->set_flags($old_flags, $new_flags); + my ($update_flags, $new_flags) = $flags + ? extract_flags($flags, $attachment->bug, $attachment) + : ([], []); + if ($attachment->validate_can_edit) { + $attachment->set_all($params); + $attachment->set_flags($update_flags, $new_flags) if $flags; + } + elsif (scalar @$update_flags && !scalar(@$new_flags) && !scalar keys %$params) { + # Requestees can set flags targetted to them, even if they cannot + # edit the attachment. Flag setters can edit their own flags too. + my %flag_list = map { $_->{id} => $_ } @$update_flags; + my $flag_objs = Bugzilla::Flag->new_from_list([ keys %flag_list ]); + my @editable_flags; + foreach my $flag_obj (@$flag_objs) { + if ($flag_obj->setter_id == $user->id + || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id)) + { + push(@editable_flags, $flag_list{$flag_obj->id}); + } + } + if (!scalar @editable_flags) { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); + } + $attachment->set_flags(\@editable_flags, []); + } + else { + ThrowUserError("illegal_attachment_edit", { attach_id => $attachment->id }); } } |