From e511fa0b64c9a853087135f1be9adc41c69a333d Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <lpsolit%gmail.com>
Date: Thu, 29 Nov 2007 19:54:25 +0000
Subject: [PATCH] =?UTF-8?q?Bug=20405788:=20$bug->add=5Fcomment=20incorrect?=
 =?UTF-8?q?ly=20calls=20check=5Fcan=5Fchange=5Ffield()=20-=20Patch=20by=20?=
 =?UTF-8?q?Fr=EF=BF=BD=EF=BF=BDd=EF=BF=BD=EF=BF=BDric=20Buclin=20<LpSolit@?=
 =?UTF-8?q?gmail.com>=20r/a=3Dmkanat?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 webtools/bugzilla/Bugzilla/Bug.pm | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/webtools/bugzilla/Bugzilla/Bug.pm b/webtools/bugzilla/Bugzilla/Bug.pm
index 0a45daf1439..7c0cc191f9d 100644
--- a/webtools/bugzilla/Bugzilla/Bug.pm
+++ b/webtools/bugzilla/Bugzilla/Bug.pm
@@ -1565,10 +1565,6 @@ sub add_comment {
     my ($self, $comment, $params) = @_;
 
     $comment = $self->_check_comment($comment);
-    # XXX At some point we need to refactor check_can_change_field
-    # so that custom installs can use PrivilegesRequired here.
-    $self->check_can_change_field('longdesc')
-        || ThrowUserError('illegal_change', { field => 'longdesc' });
 
     $params ||= {};
     if (exists $params->{work_time}) {
@@ -1589,6 +1585,11 @@ sub add_comment {
         return;
     }
 
+    # So we really want to comment. Make sure we are allowed to do so.
+    my $privs;
+    $self->check_can_change_field('longdesc', 0, 1, \$privs)
+        || ThrowUserError('illegal_change', { field => 'longdesc', privs => $privs });
+
     $self->{added_comments} ||= [];
     my $add_comment = dclone($params);
     $add_comment->{thetext} = $comment;