ORDER BY is_open DESC, $target_field"
);
- return $dbh->selectcol_arrayref(
+ my $bug_ids = $dbh->selectcol_arrayref(
$cache->{"${target_field}_sth_$exclude_resolved"},
undef, $bug_id);
+
+ # List only bugs visible to the user
+ return Bugzilla->user->visible_bugs(\@$bug_ids);
}
# Creates a lot of bug objects in the same order as the input array.
# This routine assumes Bugzilla::Bug->check has been previously called.
sub GetBugActivity {
my ($bug_id, $attach_id, $starttime, $include_comment_activity) = @_;
- my $dbh = Bugzilla->dbh;
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
# Arguments passed to the SQL query.
my @args = ($bug_id);
# Only includes attachments the user is allowed to see.
my $suppjoins = "";
my $suppwhere = "";
- if (!Bugzilla->user->is_insider) {
+ if (!$user->is_insider) {
$suppjoins = "LEFT JOIN attachments
ON attachments.attach_id = bugs_activity.attach_id";
$suppwhere = "AND COALESCE(attachments.isprivate, 0) = 0";
# Only includes comment tag activity for comments the user is allowed to see.
$suppjoins = "";
$suppwhere = "";
- if (!Bugzilla->user->is_insider) {
+ if (!$user->is_insider) {
$suppjoins = "INNER JOIN longdescs
ON longdescs.comment_id = longdescs_tags_activity.comment_id";
$suppwhere = "AND longdescs.isprivate = 0";
|| $fieldname eq 'work_time'
|| $fieldname eq 'deadline')
{
- $activity_visible = Bugzilla->user->is_timetracker;
+ $activity_visible = $user->is_timetracker;
}
elsif ($fieldname eq 'longdescs.isprivate'
- && !Bugzilla->user->is_insider
+ && !$user->is_insider
&& $added)
{
$activity_visible = 0;
$added = _join_activity_entries($fieldname, $old_change->{'added'}, $added);
}
+ # List only bugs visible to the user
+ if ($fieldname =~ /^(?:dependson|blocked|regress(?:ed_by|es))$/) {
+ $removed = join(', ', @{$user->visible_bugs([split(/,\s*/, $removed)])});
+ $added = join(', ', @{$user->visible_bugs([split(/,\s*/, $added)])});
+ next if !$removed && !$added;
+ }
+
$operation->{'who'} = $who;
$operation->{'when'} = $when;
$operation->{'fieldname'} = $change{'fieldname'} = $fieldname;
}
sub bz_create_test_bugs {
- my ($self, $second_private) = @_;
+ my ($self, $second_private, $no_cc) = @_;
my $config = $self->bz_config;
my @whiteboard_strings = _string_array(3);
my @summary_strings = _string_array(3);
my $public_bug = create_bug_fields($config);
+ delete $public_bug->{cc} if $no_cc;
$public_bug->{alias} = random_string(40);
$public_bug->{whiteboard} = join(' ', @whiteboard_strings);
$public_bug->{summary} = join(' ', @summary_strings);
go_to_bug($sel, $bug1_id);
ok(!$sel->is_text_present("secret_qa_bug_$bug2_id"),
"The alias 'secret_qa_bug_$bug2_id' is not visible for unauthorized users");
-$sel->is_text_present_ok($bug2_id);
+ok(!$sel->is_text_present($bug2_id),
+ "Even the bug ID is not visible for unauthorized users");
logout($sel);
go_to_bug($sel, $bug1_id, 1);
ok(!$sel->is_text_present("secret_qa_bug_$bug2_id"),
"The alias 'secret_qa_bug_$bug2_id' is not visible for logged out users");
-$sel->is_text_present_ok($bug2_id);
+ok(!$sel->is_text_present($bug2_id),
+ "Even the bug ID is not visible for logged out users");
#######################################################################
# Security bug 472206.
use DateTime;
use QA::Util;
use QA::Tests qw(bug_tests PRIVATE_BUG_USER);
-use Test::More tests => 1036;
+use Test::More tests => 1009;
my ($config, @clients) = get_rpc_clients();
my $xmlrpc = $clients[0];
our $creation_time = DateTime->now();
-our ($public_bug, $private_bug) = $xmlrpc->bz_create_test_bugs('private');
+our ($public_bug, $private_bug) = $xmlrpc->bz_create_test_bugs('private', 'no_cc');
my $private_id = $private_bug->{id};
my $public_id = $public_bug->{id};
$private_bug->{cf_qa_status} = ['in progress', 'verified'];
$private_bug->{cf_single_select} = 'two';
-$public_bug->{depends_on} = [$private_id];
$public_bug->{dupe_of} = undef;
$public_bug->{resolution} = '';
$public_bug->{is_open} = 1;
is(scalar @{$call->result->{bugs}}, 1, "Got exactly one bug");
my $bug = $call->result->{bugs}->[0];
+ my $is_private_bug = $bug->{id} == $private_bug->{id};
+ my $is_private_user = $t->{user} && $t->{user} eq PRIVATE_BUG_USER;
if ($t->{user} && $t->{user} eq 'admin') {
ok(exists $bug->{estimated_time} && exists $bug->{remaining_time},
);
}
+ if (exists $bug->{depends_on}) {
+ is_deeply(
+ $bug->{depends_on},
+ $is_private_bug ? [] : $is_private_user ? [$private_id] : [],
+ $is_private_bug
+ ? 'depends_on value is correct'
+ : $is_private_user
+ ? 'Private bug ID in depends_on is returned to private bug user'
+ : 'Private bug ID in depends_on is not returned to non-private bug user (' . $t->{user} . ')'
+ );
+ }
+
if ($t->{user}) {
ok($bug->{update_token}, 'Update token returned for logged-in user');
}
'Update token not returned for logged-out users');
}
- my $expect = $bug->{id} == $private_bug->{id} ? $private_bug : $public_bug;
+ my $expect = $is_private_bug ? $private_bug : $public_bug;
my @fields = sort keys %$expect;
push(@fields, 'creation_time', 'last_change_time');
use DateTime;
use QA::Util;
use QA::Tests qw(bug_tests PRIVATE_BUG_USER);
-use Test::More tests => 1036;
+use Test::More tests => 1009;
my ($config, @clients) = get_rpc_clients();
my $xmlrpc = $clients[0];
our $creation_time = DateTime->now();
-our ($public_bug, $private_bug) = $xmlrpc->bz_create_test_bugs('private');
+our ($public_bug, $private_bug) = $xmlrpc->bz_create_test_bugs('private', 'no_cc');
my $private_id = $private_bug->{id};
my $public_id = $public_bug->{id};
$private_bug->{cf_qa_status} = ['in progress', 'verified'];
$private_bug->{cf_single_select} = 'two';
-$public_bug->{depends_on} = [$private_id];
$public_bug->{dupe_of} = undef;
$public_bug->{resolution} = '';
$public_bug->{is_open} = 1;
is(scalar @{$call->result->{bugs}}, 1, "Got exactly one bug");
my $bug = $call->result->{bugs}->[0];
+ my $is_private_bug = $bug->{id} == $private_bug->{id};
+ my $is_private_user = $t->{user} && $t->{user} eq PRIVATE_BUG_USER;
if ($t->{user} && $t->{user} eq 'admin') {
ok(
);
}
+ if (exists $bug->{depends_on}) {
+ is_deeply(
+ $bug->{depends_on},
+ $is_private_bug ? [] : $is_private_user ? [$private_id] : [],
+ $is_private_bug
+ ? 'depends_on value is correct'
+ : $is_private_user
+ ? 'Private bug ID in depends_on is returned to private bug user'
+ : 'Private bug ID in depends_on is not returned to non-private bug user (' . $t->{user} . ')'
+ );
+ }
+
if ($t->{user}) {
ok($bug->{update_token}, 'Update token returned for logged-in user');
}
'Update token not returned for logged-out users');
}
- my $expect = $bug->{id} == $private_bug->{id} ? $private_bug : $public_bug;
+ my $expect = $is_private_bug ? $private_bug : $public_bug;
my @fields = sort keys %$expect;
push(@fields, 'creation_time', 'last_change_time');
projects / thirdparty / bugzilla.git / commitdiff
