Bug 286003: Direct access to summarize-time.cgi when time tracking is off generates...

diff --git a/summarize_time.cgi b/summarize_time.cgi
index 6ea31fceb0e16cddc3f25db5b2308171bbf88090..077678c2e6f6e5528c2d39ffb422ef3adcb892e2 100755 (executable)
--- a/summarize_time.cgi
+++ b/summarize_time.cgi
@@ -360,8 +360,10 @@ my $cgi = Bugzilla->cgi;
 
 Bugzilla->switch_to_shadow_db();
 
-ThrowUserError("timetracking_access_denied") unless 
-    UserInGroup(Param("timetrackinggroup"));
+UserInGroup(Param("timetrackinggroup"))
+    || ThrowUserError("auth_failure", {group  => "time-tracking",
+                                       action => "access",
+                                       object => "timetracking_summaries"});
 
 my @ids = split(",", $cgi->param('id'));
 map { ValidateBugID($_) } @ids;

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 0821fbcd37f533804611441b8d8c41b0000e5522..92bc52990397c673922c815924c68648c906d523 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -160,6 +160,8 @@
       whine reports
     [% ELSIF object == "sanity_check" %]
       a sanity check
+    [% ELSIF object == "timetracking_summaries" %]
+      time-tracking summary reports
     [% ELSIF object == "user" %]
       the user you specified
     [% ELSIF object == "users" %]