diff options
| author | Byron Jones <bjones@mozilla.com> | 2011-05-10 13:47:46 +0800 |
|---|---|---|
| committer | Byron Jones <bjones@mozilla.com> | 2011-05-10 13:47:46 +0800 |
| commit | 804336689c430040f478520ea6655260cbd6735d (patch) | |
| tree | 7331f2df14035ff6e59de1200f8cb0b0b49fb303 /Bugzilla | |
| parent | 12a41578a29208f7e2ef32129ae1a9f4ae7a4f83 (diff) | |
| download | bugs-804336689c430040f478520ea6655260cbd6735d.tar bugs-804336689c430040f478520ea6655260cbd6735d.tar.gz bugs-804336689c430040f478520ea6655260cbd6735d.tar.bz2 bugs-804336689c430040f478520ea6655260cbd6735d.tar.xz bugs-804336689c430040f478520ea6655260cbd6735d.zip | |
Bug 28849: Block users from CCing other users if they do not have editbugs privs
r=LpSolit, a=LpSolit
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Bug.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index f3d635344..4f5c0f236 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -2658,6 +2658,10 @@ sub remove_cc { my ($self, $user_or_name) = @_; my $user = ref $user_or_name ? $user_or_name : Bugzilla::User->check($user_or_name); + my $currentUser = Bugzilla->user; + if (!$self->user->{'canedit'} && $user->id != $currentUser->id) { + ThrowUserError('cc_remove_denied'); + } my $cc_users = $self->cc_users; @$cc_users = grep { $_->id != $user->id } @$cc_users; } |