diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2012-08-10 16:57:23 -0400 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-08-10 16:57:23 -0400 |
commit | a05220de2e69d4b6ef212d1f3556fa848b6e1508 (patch) | |
tree | 7383fb335d3db6290f46a81a3397b15c45bcdb70 /extensions | |
parent | ecc6dfbcde8351fa37d7f7ed09b875d4eadb5027 (diff) | |
download | bugs-a05220de2e69d4b6ef212d1f3556fa848b6e1508.tar bugs-a05220de2e69d4b6ef212d1f3556fa848b6e1508.tar.gz bugs-a05220de2e69d4b6ef212d1f3556fa848b6e1508.tar.bz2 bugs-a05220de2e69d4b6ef212d1f3556fa848b6e1508.tar.xz bugs-a05220de2e69d4b6ef212d1f3556fa848b6e1508.zip |
Bug 779088 - Allow extensions to whitelist PATH_INFO
r/a=LpSolit
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/Example/Extension.pm | 110 |
1 files changed, 58 insertions, 52 deletions
diff --git a/extensions/Example/Extension.pm b/extensions/Example/Extension.pm index 62fb345d9..f3efcb2a8 100644 --- a/extensions/Example/Extension.pm +++ b/extensions/Example/Extension.pm @@ -29,6 +29,20 @@ use constant REL_EXAMPLE => -127; our $VERSION = '1.0'; +sub admin_editusers_action { + my ($self, $args) = @_; + my ($vars, $action, $user) = @$args{qw(vars action user)}; + my $template = Bugzilla->template; + + if ($action eq 'my_action') { + # Allow to restrict the search to any group the user is allowed to bless. + $vars->{'restrictablegroups'} = $user->bless_groups(); + $template->process('admin/users/search.html.tmpl', $vars) + || ThrowTemplateError($template->error()); + exit; + } +} + sub attachment_process_data { my ($self, $args) = @_; my $type = $args->{attributes}->{mimetype}; @@ -65,6 +79,44 @@ sub auth_verify_methods { } } +sub bug_check_can_change_field { + my ($self, $args) = @_; + + my ($bug, $field, $new_value, $old_value, $priv_results) + = @$args{qw(bug field new_value old_value priv_results)}; + + my $user = Bugzilla->user; + + # Disallow a bug from being reopened if currently closed unless user + # is in 'admin' group + if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') { + if (!is_open_state($old_value) && is_open_state($new_value) + && !$user->in_group('admin')) + { + push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED); + return; + } + } + + # Disallow a bug's keywords from being edited unless user is the + # reporter of the bug + if ($field eq 'keywords' && $bug->product_obj->name eq 'Example' + && $user->login ne $bug->reporter->login) + { + push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER); + return; + } + + # Allow updating of priority even if user cannot normally edit the bug + # and they are in group 'engineering' + if ($field eq 'priority' && $bug->product_obj->name eq 'Example' + && $user->in_group('engineering')) + { + push(@$priv_results, PRIVILEGES_REQUIRED_NONE); + return; + } +} + sub bug_columns { my ($self, $args) = @_; my $columns = $args->{'columns'}; @@ -676,6 +728,12 @@ sub page_before_template { } } +sub path_info_whitelist { + my ($self, $args) = @_; + my $whitelist = $args->{whitelist}; + push(@$whitelist, "page.cgi"); +} + sub post_bug_after_creation { my ($self, $args) = @_; @@ -804,58 +862,6 @@ sub template_before_process { } } -sub bug_check_can_change_field { - my ($self, $args) = @_; - - my ($bug, $field, $new_value, $old_value, $priv_results) - = @$args{qw(bug field new_value old_value priv_results)}; - - my $user = Bugzilla->user; - - # Disallow a bug from being reopened if currently closed unless user - # is in 'admin' group - if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') { - if (!is_open_state($old_value) && is_open_state($new_value) - && !$user->in_group('admin')) - { - push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED); - return; - } - } - - # Disallow a bug's keywords from being edited unless user is the - # reporter of the bug - if ($field eq 'keywords' && $bug->product_obj->name eq 'Example' - && $user->login ne $bug->reporter->login) - { - push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER); - return; - } - - # Allow updating of priority even if user cannot normally edit the bug - # and they are in group 'engineering' - if ($field eq 'priority' && $bug->product_obj->name eq 'Example' - && $user->in_group('engineering')) - { - push(@$priv_results, PRIVILEGES_REQUIRED_NONE); - return; - } -} - -sub admin_editusers_action { - my ($self, $args) = @_; - my ($vars, $action, $user) = @$args{qw(vars action user)}; - my $template = Bugzilla->template; - - if ($action eq 'my_action') { - # Allow to restrict the search to any group the user is allowed to bless. - $vars->{'restrictablegroups'} = $user->bless_groups(); - $template->process('admin/users/search.html.tmpl', $vars) - || ThrowTemplateError($template->error()); - exit; - } -} - sub user_preferences { my ($self, $args) = @_; my $tab = $args->{current_tab}; |