#####################################################################
-# create a new empty bug
-#
sub new {
- my $type = shift();
- my %bug;
-
- # create a ref to an empty hash and bless it
- #
- my $self = {%bug};
- bless $self, $type;
-
- # construct from a hash containing a bug's info
- #
- if ($#_ == 1) {
- $self->initBug(@_);
- } else {
- confess("invalid number of arguments \($#_\)($_)");
- }
-
- # bless as a Bug
- #
+ my $invocant = shift;
+ my $class = ref($invocant) || $invocant;
+ my $self = {};
+ bless $self, $class;
+ $self->_init(@_);
return $self;
}
-# dump info about bug into hash unless user doesn't have permission
-# user_id 0 is used when person is not logged in.
-#
-sub initBug {
+sub _init {
my $self = shift();
- my ($bug_id, $user_id) = (@_);
+ my ($bug_id) = (@_);
my $dbh = Bugzilla->dbh;
$bug_id = trim($bug_id || 0);
# If the bug ID isn't numeric, it might be an alias, so try to convert it.
$bug_id = bug_alias_to_id($bug_id) if $bug_id !~ /^0*[1-9][0-9]*$/;
- # If the user is not logged in, sets $user_id to 0.
- # Else gets $user_id from the user login name if this
- # argument is not numeric.
- my $stored_user_id = $user_id;
- if (!defined $user_id) {
- $user_id = 0;
- } elsif (!detaint_natural($user_id)) {
- $user_id = login_to_id($stored_user_id);
- }
-
- $self->{'who'} = new Bugzilla::User($user_id);
-
unless ($bug_id && detaint_natural($bug_id)) {
# no bug number given or the alias didn't match a bug
$self->{'bug_id'} = $old_bug_id;
$bug_sth->execute($bug_id);
my @row;
- if ((@row = $bug_sth->fetchrow_array())
- && $self->{'who'}->can_see_bug($bug_id)) {
+ if (@row = $bug_sth->fetchrow_array) {
my $count = 0;
my %fields;
foreach my $field ("bug_id", "alias", "classification_id", "classification",
}
$count++;
}
- } elsif (@row) {
- $self->{'bug_id'} = $bug_id;
- $self->{'error'} = "NotPermitted";
- return $self;
} else {
$self->{'bug_id'} = $bug_id;
$self->{'error'} = "NotFound";
sub check_can_change_field {
my $self = shift;
my ($field, $oldvalue, $newvalue, $PrivilegesRequired, $data) = (@_);
- my $user = $self->{'who'};
+ my $user = Bugzilla->user;
$oldvalue = defined($oldvalue) ? $oldvalue : '';
$newvalue = defined($newvalue) ? $newvalue : '';
ValidateComment(scalar $cgi->param('comment'));
my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()");
- my $bug = new Bugzilla::Bug($bugid, $user->id);
+ my $bug = new Bugzilla::Bug($bugid);
my $attachid =
Bugzilla::Attachment->insert_attachment_for_bug(THROW_ERROR, $bug, $user,
$timestamp, \$vars);
Bugzilla::Flag::validate($cgi, $bugid, $attach_id);
Bugzilla::FlagType::validate($cgi, $bugid, $attach_id);
- my $bug = new Bugzilla::Bug($bugid, $userid);
+ my $bug = new Bugzilla::Bug($bugid);
# Lock database tables in preparation for updating the attachment.
$dbh->bz_lock_tables('attachments WRITE', 'flags WRITE' ,
'flagtypes READ', 'fielddefs READ', 'bugs_activity WRITE',
if ($component->bug_count) {
if (Bugzilla->params->{"allowbugdeletion"}) {
foreach my $bug_id (@{$component->bug_ids}) {
- my $bug = new Bugzilla::Bug($bug_id, $whoid);
+ # Note: We allow admins to delete bugs even if they can't
+ # see them, as long as they can see the product.
+ my $bug = new Bugzilla::Bug($bug_id);
$bug->remove_from_db();
}
} else {
undef, $id);
foreach my $flag (@$flags) {
my ($flag_id, $bug_id, $attach_id) = @$flag;
- my $bug = new Bugzilla::Bug($bug_id, $user->id);
+ my $bug = new Bugzilla::Bug($bug_id);
my $attachment = $attach_id ? Bugzilla::Attachment->get($attach_id) : undef;
Bugzilla::Flag::clear($flag_id, $bug, $attachment);
}
undef, $id);
foreach my $flag (@$flags) {
my ($flag_id, $bug_id, $attach_id) = @$flag;
- my $bug = new Bugzilla::Bug($bug_id, $user->id);
+ my $bug = new Bugzilla::Bug($bug_id);
my $attachment = $attach_id ? Bugzilla::Attachment->get($attach_id) : undef;
Bugzilla::Flag::clear($flag_id, $bug, $attachment);
}
|| ($_->request_group && $_->request_group->id == $gid)} @$flag_types;
return \@flag_types;
-}
\ No newline at end of file
+}
if ($product->bug_count) {
if (Bugzilla->params->{"allowbugdeletion"}) {
foreach my $bug_id (@{$product->bug_ids}) {
- my $bug = new Bugzilla::Bug($bug_id, $whoid);
+ # Note that we allow the user to delete bugs he can't see,
+ # which is okay, because he's deleting the whole Product.
+ my $bug = new Bugzilla::Bug($bug_id);
$bug->remove_from_db();
}
}
if ($cloned_bug_id) {
ValidateBugID($cloned_bug_id);
- $cloned_bug = new Bugzilla::Bug($cloned_bug_id, $user->id);
+ $cloned_bug = new Bugzilla::Bug($cloned_bug_id);
}
if (scalar(@{$product->components}) == 1) {
} );
}
else {
- my $bug = new Bugzilla::Bug( $bugid, $exporterid );
+ my $bug = new Bugzilla::Bug($bugid);
$flag_types = $bug->flag_types;
}
unless ($flag_types){
$dbh->bz_unlock_tables();
-my $bug = new Bugzilla::Bug($id, $user->id);
+my $bug = new Bugzilla::Bug($id);
+# We don't have to check if the user can see the bug, because a user filing
+# a bug can always see it. You can't change reporter_accessible until
+# after the bug is filed.
# Add an attachment if requested.
if (defined($cgi->upload('data')) || $cgi->param('attachurl')) {
# Build a bug object using $cgi->param('id') as ID.
# If there are more than one bug changed at once, the bug object will be
# empty, which doesn't matter.
-my $bug = new Bugzilla::Bug(scalar $cgi->param('id'), $whoid);
+my $bug = new Bugzilla::Bug(scalar $cgi->param('id'));
# Make sure form param 'dontchange' is defined so it can be compared to easily.
$cgi->param('dontchange','') unless defined $cgi->param('dontchange');
# throw an error if any of the changed bugs are not visible.
ValidateBugID($id);
if (Bugzilla->params->{"strict_isolation"}) {
- my $deltabug = new Bugzilla::Bug($id, $user->id);
+ my $deltabug = new Bugzilla::Bug($id);
if (!$user->can_edit_product($deltabug->{'product_id'})) {
$vars->{'field'} = $field;
ThrowUserError("illegal_change_deps", $vars);
my @bugs;
# First update all moved bugs.
foreach my $id (@idlist) {
- my $bug = new Bugzilla::Bug($id, $whoid);
+ my $bug = new Bugzilla::Bug($id);
push(@bugs, $bug);
$sth->execute($timestamp, $id);
foreach my $id (@idlist) {
my $query = $basequery;
my @bug_values = @values;
- my $old_bug_obj = new Bugzilla::Bug($id, $whoid);
+ my $old_bug_obj = new Bugzilla::Bug($id);
if ($cgi->param('knob') eq 'reassignbycomponent') {
# We have to check whether the bug is moved to another product
# and then generate any necessary bug activity entries by seeing
# what has changed since before we wrote out the new values.
#
- my $new_bug_obj = new Bugzilla::Bug($id, $whoid);
+ my $new_bug_obj = new Bugzilla::Bug($id);
my @newvalues = SnapShotBug($id);
my %newhash;
$i = 0;
}
if ($next_bug) {
if (detaint_natural($next_bug) && Bugzilla->user->can_see_bug($next_bug)) {
- my $bug = new Bugzilla::Bug($next_bug, $whoid);
+ my $bug = new Bugzilla::Bug($next_bug);
ThrowCodeError("bug_error", { bug => $bug }) if $bug->error;
$vars->{'bugs'} = [$bug];
}
} elsif ($action eq 'same_bug') {
if (Bugzilla->user->can_see_bug($cgi->param('id'))) {
- my $bug = new Bugzilla::Bug($cgi->param('id'), $whoid);
+ my $bug = new Bugzilla::Bug($cgi->param('id'));
ThrowCodeError("bug_error", { bug => $bug }) if $bug->error;
$vars->{'bugs'} = [$bug];
my $template = Bugzilla->template;
my $vars = {};
-Bugzilla->login();
+my $user = Bugzilla->login();
# Editable, 'single' HTML bugs are treated slightly specially in a few places
my $single = !$cgi->param('format')
# Its a bit silly to do the validation twice - that functionality should
# probably move into Bug.pm at some point
ValidateBugID($id);
- push @bugs, new Bugzilla::Bug($id, Bugzilla->user->id);
+ push @bugs, new Bugzilla::Bug($id);
if (defined $cgi->param('mark')) {
foreach my $range (split ',', $cgi->param('mark')) {
if ($range =~ /^(\d+)-(\d+)$/) {
# Be kind enough and accept URLs of the form: id=1,2,3.
my @ids = split(/,/, $id);
foreach (@ids) {
- my $bug = new Bugzilla::Bug($_, Bugzilla->user->id);
+ my $bug = new Bugzilla::Bug($_);
+ # This is basically a backwards-compatibility hack from when
+ # Bugzilla::Bug->new used to set 'NotPermitted' if you couldn't
+ # see the bug.
+ if (!$bug->{error} && !$user->can_see_bug($bug->bug_id)) {
+ $bug->{error} = 'NotPermitted';
+ }
push(@bugs, $bug);
}
}
# bug that the user is authorized to access.
my $id = $cgi->param('id');
ValidateBugID($id);
-my $current_bug = new Bugzilla::Bug($id, $user->id);
+my $current_bug = new Bugzilla::Bug($id);
my $hide_resolved = $cgi->param('hide_resolved') ? 1 : 0;
# its sub-tree if we haven't already done so (which happens
# when bugs appear in dependency trees multiple times).
if (!$bugs->{$dep_id}) {
- $bugs->{$dep_id} = new Bugzilla::Bug($dep_id, $user->id);
+ $bugs->{$dep_id} = new Bugzilla::Bug($dep_id);
GenerateTree($dep_id, $relationship, $depth+1, $bugs, $ids);
}
# wants the tree to go, and if the dependency isn't resolved
# (if we're ignoring resolved dependencies).
if (!$bugs->{$dep_id}->{'error'}
+ && Bugzilla->user->can_see_bug($dep_id)
&& (!$maxdepth || $depth <= $maxdepth)
&& ($bugs->{$dep_id}->{'isopened'} || !$hide_resolved))
{
<h1>
[% terms.Bug %]
<a href="show_bug.cgi?id=[% bug.bug_id %]">[% bug.bug_id %]</a>
- [% IF Param("usebugaliases") AND bug.alias %]
+ [% IF Param("usebugaliases") AND bug.alias AND NOT bug.error %]
([% bug.alias FILTER html %])
[% END %]
</h1>
my %products;
# XXX - We really need a $bug->product() method.
foreach my $bug_id (@buglist) {
- my $bug = new Bugzilla::Bug($bug_id, $who);
+ my $bug = new Bugzilla::Bug($bug_id);
my $prod = $bug->{'product'};
$products{$prod} ||= new Bugzilla::Product({name => $prod});
$prodcount{$prod} ||= 0;
projects / thirdparty / bugzilla.git / commitdiff
