return $self;
}
+sub check_for_edit {
+ my $class = shift;
+ my $bug = $class->check(@_);
+
+ Bugzilla->user->can_edit_product($bug->product_id)
+ || ThrowUserError("product_edit_denied", { product => $bug->product });
+
+ return $bug;
+}
+
sub check_is_visible {
my $self = shift;
my $user = Bugzilla->user;
}
my $ref_bug_id = $uri->query_param('id');
- my $ref_bug = Bugzilla::Bug->check($ref_bug_id);
+ my $ref_bug = Bugzilla::Bug->check_for_edit($ref_bug_id);
my $self_bug_id = $params->{bug_id};
$params->{ref_bug} = $ref_bug;
ThrowUserError('see_also_self_reference');
}
- my $product = $ref_bug->product_obj;
- if (!Bugzilla->user->can_edit_product($product->id)) {
- ThrowUserError("product_edit_denied",
- { product => $product->name });
- }
-
return $uri;
}
my $ids = delete $params->{ids};
defined $ids || ThrowCodeError('param_required', { param => 'ids' });
- my @bugs = map { Bugzilla::Bug->check($_) } @$ids;
+ my @bugs = map { Bugzilla::Bug->check_for_edit($_) } @$ids;
my %values = %$params;
$values{other_bugs} = \@bugs;
delete $values{flags};
foreach my $bug (@bugs) {
- if (!$user->can_edit_product($bug->product_obj->id) ) {
- ThrowUserError("product_edit_denied",
- { product => $bug->product });
- }
-
$bug->set_all(\%values);
}
defined $params->{data}
|| ThrowCodeError('param_required', { param => 'data' });
- my @bugs = map { Bugzilla::Bug->check($_) } @{ $params->{ids} };
- foreach my $bug (@bugs) {
- Bugzilla->user->can_edit_product($bug->product_id)
- || ThrowUserError("product_edit_denied", {product => $bug->product});
- }
+ my @bugs = map { Bugzilla::Bug->check_for_edit($_) } @{ $params->{ids} };
my @created;
$dbh->bz_start_transaction();
(defined $comment && trim($comment) ne '')
|| ThrowCodeError('param_required', { param => 'comment' });
- my $bug = Bugzilla::Bug->check($params->{id});
+ my $bug = Bugzilla::Bug->check_for_edit($params->{id});
- $user->can_edit_product($bug->product_id)
- || ThrowUserError("product_edit_denied", {product => $bug->product});
-
# Backwards-compatibility for versions before 3.6
if (defined $params->{private}) {
$params->{is_private} = delete $params->{private};
my @bugs;
foreach my $id (@{ $params->{ids} }) {
- my $bug = Bugzilla::Bug->check($id);
- $user->can_edit_product($bug->product_id)
- || ThrowUserError("product_edit_denied",
- { product => $bug->product });
+ my $bug = Bugzilla::Bug->check_for_edit($id);
push(@bugs, $bug);
if ($remove) {
$bug->remove_see_also($_) foreach @$remove;
# Create a list of objects for all bugs being modified in this request.
my @bug_objects;
if (defined $cgi->param('id')) {
- my $bug = Bugzilla::Bug->check(scalar $cgi->param('id'));
+ my $bug = Bugzilla::Bug->check_for_edit(scalar $cgi->param('id'));
$cgi->param('id', $bug->id);
push(@bug_objects, $bug);
} else {
foreach my $i ($cgi->param()) {
if ($i =~ /^id_([1-9][0-9]*)/) {
my $id = $1;
- push(@bug_objects, Bugzilla::Bug->check($id));
+ push(@bug_objects, Bugzilla::Bug->check_for_edit($id));
}
}
}
$action = 'nothing';
}
-# For each bug, we have to check if the user can edit the bug the product
-# is currently in, before we allow them to change anything.
-foreach my $bug (@bug_objects) {
- if (!$user->can_edit_product($bug->product_obj->id)) {
- ThrowUserError("product_edit_denied",
- { product => $bug->product });
- }
-}
-
# Component, target_milestone, and version are in here just in case
# the 'product' field wasn't defined in the CGI. It doesn't hurt to set
# them twice.
projects / thirdparty / bugzilla.git / commitdiff
