Bug 364177: On attachment and bug creation, if *one* requestee cannot see the bug, *all* requests are cancelled - Patch by Fr��d��ric Buclin <LpSolit@gmail.com> r/a=mkanat

This commit is contained in:
lpsolit%gmail.com 2007-02-04 15:36:47 +00:00
Родитель b1b70d7782
Коммит 5520a1c5ca
3 изменённых файлов: 37 добавлений и 13 удалений

Просмотреть файл

@ -865,7 +865,7 @@ sub insert_attachment_for_bug {
my $error_mode_cache = Bugzilla->error_mode; my $error_mode_cache = Bugzilla->error_mode;
Bugzilla->error_mode(ERROR_MODE_DIE); Bugzilla->error_mode(ERROR_MODE_DIE);
eval { eval {
Bugzilla::Flag::validate($cgi, $bug->bug_id, -1); Bugzilla::Flag::validate($cgi, $bug->bug_id, -1, SKIP_REQUESTEE_ON_ERROR);
Bugzilla::Flag::process($bug, $attachment, $timestamp, $cgi); Bugzilla::Flag::process($bug, $attachment, $timestamp, $cgi);
}; };
Bugzilla->error_mode($error_mode_cache); Bugzilla->error_mode($error_mode_cache);

Просмотреть файл

@ -61,7 +61,8 @@ use Bugzilla::Mailer;
use Bugzilla::Constants; use Bugzilla::Constants;
use Bugzilla::Field; use Bugzilla::Field;
use base qw(Bugzilla::Object); use base qw(Bugzilla::Object Exporter);
@Bugzilla::Flag::EXPORT = qw(SKIP_REQUESTEE_ON_ERROR);
############################### ###############################
#### Initialization #### #### Initialization ####
@ -80,6 +81,8 @@ use constant DB_COLUMNS => qw(
use constant DB_TABLE => 'flags'; use constant DB_TABLE => 'flags';
use constant LIST_ORDER => 'id'; use constant LIST_ORDER => 'id';
use constant SKIP_REQUESTEE_ON_ERROR => 1;
############################### ###############################
#### Accessors ###### #### Accessors ######
############################### ###############################
@ -245,7 +248,7 @@ sub count {
=over =over
=item C<validate($cgi, $bug_id, $attach_id)> =item C<validate($cgi, $bug_id, $attach_id, $skip_requestee_on_error)>
Validates fields containing flag modifications. Validates fields containing flag modifications.
@ -257,7 +260,7 @@ to -1 to force its check anyway.
=cut =cut
sub validate { sub validate {
my ($cgi, $bug_id, $attach_id) = @_; my ($cgi, $bug_id, $attach_id, $skip_requestee_on_error) = @_;
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
@ -324,7 +327,7 @@ sub validate {
} }
_validate(undef, $flag_type, $status, undef, \@requestees, $private_attachment, _validate(undef, $flag_type, $status, undef, \@requestees, $private_attachment,
$bug_id, $attach_id); $bug_id, $attach_id, $skip_requestee_on_error);
} }
# Validate existing flags. # Validate existing flags.
@ -337,13 +340,14 @@ sub validate {
my $flag = new Bugzilla::Flag($id); my $flag = new Bugzilla::Flag($id);
$flag || ThrowCodeError("flag_nonexistent", { id => $id }); $flag || ThrowCodeError("flag_nonexistent", { id => $id });
_validate($flag, $flag->type, $status, undef, \@requestees, $private_attachment); _validate($flag, $flag->type, $status, undef, \@requestees, $private_attachment,
undef, undef, $skip_requestee_on_error);
} }
} }
sub _validate { sub _validate {
my ($flag, $flag_type, $status, $setter, $requestees, $private_attachment, my ($flag, $flag_type, $status, $setter, $requestees, $private_attachment,
$bug_id, $attach_id) = @_; $bug_id, $attach_id, $skip_requestee_on_error) = @_;
# By default, the flag setter (or requester) is the current user. # By default, the flag setter (or requester) is the current user.
$setter ||= Bugzilla->user; $setter ||= Bugzilla->user;
@ -398,8 +402,14 @@ sub _validate {
if ($status eq '?' && $flag_type->is_requesteeble) { if ($status eq '?' && $flag_type->is_requesteeble) {
my $old_requestee = ($flag && $flag->requestee) ? my $old_requestee = ($flag && $flag->requestee) ?
$flag->requestee->login : ''; $flag->requestee->login : '';
my @legal_requestees;
foreach my $login (@$requestees) { foreach my $login (@$requestees) {
next if $login eq $old_requestee; if ($login eq $old_requestee) {
# This requestee was already set. Leave him alone.
push(@legal_requestees, $login);
next;
}
# We know the requestee exists because we ran # We know the requestee exists because we ran
# Bugzilla::User::match_field before getting here. # Bugzilla::User::match_field before getting here.
@ -409,6 +419,7 @@ sub _validate {
# Note that if permissions on this bug are changed, # Note that if permissions on this bug are changed,
# can_see_bug() will refer to old settings. # can_see_bug() will refer to old settings.
if (!$requestee->can_see_bug($bug_id)) { if (!$requestee->can_see_bug($bug_id)) {
next if $skip_requestee_on_error;
ThrowUserError('flag_requestee_unauthorized', ThrowUserError('flag_requestee_unauthorized',
{ flag_type => $flag_type, { flag_type => $flag_type,
requestee => $requestee, requestee => $requestee,
@ -423,6 +434,7 @@ sub _validate {
&& Bugzilla->params->{'insidergroup'} && Bugzilla->params->{'insidergroup'}
&& !$requestee->in_group(Bugzilla->params->{'insidergroup'})) && !$requestee->in_group(Bugzilla->params->{'insidergroup'}))
{ {
next if $skip_requestee_on_error;
ThrowUserError('flag_requestee_unauthorized_attachment', ThrowUserError('flag_requestee_unauthorized_attachment',
{ flag_type => $flag_type, { flag_type => $flag_type,
requestee => $requestee, requestee => $requestee,
@ -431,10 +443,22 @@ sub _validate {
} }
# Throw an error if the user won't be allowed to set the flag. # Throw an error if the user won't be allowed to set the flag.
$requestee->can_set_flag($flag_type) if (!$requestee->can_set_flag($flag_type)) {
|| ThrowUserError('flag_requestee_needs_privs', next if $skip_requestee_on_error;
{'requestee' => $requestee, ThrowUserError('flag_requestee_needs_privs',
'flagtype' => $flag_type}); {'requestee' => $requestee,
'flagtype' => $flag_type});
}
# This requestee can be set.
push(@legal_requestees, $login);
}
# Update the requestee list for this flag.
if (scalar(@legal_requestees) < scalar(@$requestees)) {
my $field_name = 'requestee_type-' . $flag_type->id;
Bugzilla->cgi->delete($field_name);
Bugzilla->cgi->param(-name => $field_name, -value => \@legal_requestees);
} }
} }

Просмотреть файл

@ -223,7 +223,7 @@ if (defined($cgi->upload('data')) || $cgi->param('attachurl')) {
my $error_mode_cache = Bugzilla->error_mode; my $error_mode_cache = Bugzilla->error_mode;
Bugzilla->error_mode(ERROR_MODE_DIE); Bugzilla->error_mode(ERROR_MODE_DIE);
eval { eval {
Bugzilla::Flag::validate($cgi, $id); Bugzilla::Flag::validate($cgi, $id, undef, SKIP_REQUESTEE_ON_ERROR);
Bugzilla::Flag::process($bug, undef, $timestamp, $cgi); Bugzilla::Flag::process($bug, undef, $timestamp, $cgi);
}; };
Bugzilla->error_mode($error_mode_cache); Bugzilla->error_mode($error_mode_cache);