Bug 830330: Make flags honour bug_check_can_change_field

r=dkl, a=LpSolit

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 8cdbb19291da3e195c947bff593000b1f1fd0b7f..497ca0991614d9037f492605c99daf0484d1512b 100644 (file)
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -4057,8 +4057,8 @@ sub check_can_change_field {
         return 1;
     }
 
-    # Allow anyone to change comments.
-    if ($field =~ /^longdesc/) {
+    # Allow anyone to change comments, or set flags
+    if ($field =~ /^longdesc/ || $field eq 'flagtypes.name') {
         return 1;
     }
 

diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index b7cf7cc6787e0411308f248d2b7e69e4beaf3964..a1b8c2c23b36740741b7fc812e43e6b54df72709 100644 (file)
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -296,6 +296,12 @@ sub set_flag {
         ThrowCodeError('flag_unexpected_object', { 'caller' => ref $obj });
     }
 
+    # Make sure the user can change flags
+    my $privs;
+    $bug->check_can_change_field('flagtypes.name', 0, 1, \$privs)
+        || ThrowUserError('illegal_change',
+                          { field => 'flagtypes.name', privs => $privs });
+
     # Update (or delete) an existing flag.
     if ($params->{id}) {
         my $flag = $class->check({ id => $params->{id} });

diff --git a/template/en/default/flag/list.html.tmpl b/template/en/default/flag/list.html.tmpl
index 88486c7f67f943fa5b49356cbd86dd40e0a09054..7a3f88fc5d1b02cd00806cf5c73098e6ea067fbf 100644 (file)
--- a/template/en/default/flag/list.html.tmpl
+++ b/template/en/default/flag/list.html.tmpl
@@ -6,7 +6,7 @@
   # defined by the Mozilla Public License, v. 2.0.
   #%]
 
-[% IF user.id AND !read_only_flags %]
+[% IF user.id && !read_only_flags && bug.check_can_change_field('flagtypes.name', 0, 1) %]
 
 [%# We list flags by looping twice over the flag types relevant for the bug.
   # In the first loop, we display existing flags and then, for active types,