From 84ebedc167cbfad54b2b7d01f1adba161e1f0650 Mon Sep 17 00:00:00 2001
From: "bugreport%peshkin.net" <bugreport%peshkin.net>
Date: Sat, 10 Jul 2004 07:39:56 +0000
Subject: [PATCH] Bug 233486: Only process groups user is supposed to be able
 to bless in editgroups.cgi r=justdave a=justdave

---
 webtools/bugzilla/editusers.cgi | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/webtools/bugzilla/editusers.cgi b/webtools/bugzilla/editusers.cgi
index 9dfc672d9bd..ed8f974e276 100755
--- a/webtools/bugzilla/editusers.cgi
+++ b/webtools/bugzilla/editusers.cgi
@@ -155,7 +155,7 @@ sub EmitFormElements ($$$$)
             print "<TD COLSPAN=2 ALIGN=LEFT><B>User is a member of these groups</B></TD>\n";
             while (MoreSQLData()) {
                 my ($groupid, $name, $description, $checked, $isderived, $isregexp) = FetchSQLData();
-                next if (!$editall && !UserCanBlessGroup($name));
+                next unless ($editall || UserCanBlessGroup($name));
                 PushGlobalSQLState();
                 SendSQL("SELECT user_id " .
                         "FROM user_group_map " .
@@ -762,6 +762,7 @@ if ($action eq 'update') {
     my $chggrp = 0;
     SendSQL("SELECT id, name FROM groups");
     while (my ($groupid, $name) = FetchSQLData()) {
+        next unless ($editall || UserCanBlessGroup($name));
         if ($::FORM{"oldgroup_$groupid"} != ($::FORM{"group_$groupid"} ? 1 : 0)) {
             # group membership changed
             PushGlobalSQLState();