Bug 405788: $bug->add_comment incorrectly calls check_can_change_field() - Patch...

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 0a45daf1439e4c99e042773ddfe16ec04325db14..7c0cc191f9dcd331fe0bd18a9150a0948a255b30 100755 (executable)
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1565,10 +1565,6 @@ sub add_comment {
     my ($self, $comment, $params) = @_;
 
     $comment = $self->_check_comment($comment);
-    # XXX At some point we need to refactor check_can_change_field
-    # so that custom installs can use PrivilegesRequired here.
-    $self->check_can_change_field('longdesc')
-        || ThrowUserError('illegal_change', { field => 'longdesc' });
 
     $params ||= {};
     if (exists $params->{work_time}) {
@@ -1589,6 +1585,11 @@ sub add_comment {
         return;
     }
 
+    # So we really want to comment. Make sure we are allowed to do so.
+    my $privs;
+    $self->check_can_change_field('longdesc', 0, 1, \$privs)
+        || ThrowUserError('illegal_change', { field => 'longdesc', privs => $privs });
+
     $self->{added_comments} ||= [];
     my $add_comment = dclone($params);
     $add_comment->{thetext} = $comment;