From: lpsolit%gmail.com <>
Date: Wed, 20 Jun 2007 18:48:21 +0000 (+0000)
Subject: Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi... 
X-Git-Tag: bugzilla-3.0.1~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12505c02c3141abc3b85ba2cdacb2660f603a561;p=thirdparty%2Fbugzilla.git

Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi appear editable by users with no privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
---

diff --git a/process_bug.cgi b/process_bug.cgi
index 0658b7e3bf..1ae3d42f60 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -923,17 +923,17 @@ if (defined $cgi->param('id')) {
         q{SELECT group_id FROM bug_group_map WHERE bug_id = ?},
         undef, $cgi->param('id'));
     if ( $havegroup ) {
-        DoComma();
-        $cgi->param('reporter_accessible',
-                    $cgi->param('reporter_accessible') ? '1' : '0');
-        $::query .= "reporter_accessible = ?";
-        push(@values, $cgi->param('reporter_accessible'));
-
-        DoComma();
-        $cgi->param('cclist_accessible',
-                    $cgi->param('cclist_accessible') ? '1' : '0');
-        $::query .= "cclist_accessible = ?";
-        push(@values, $cgi->param('cclist_accessible'));
+        foreach my $field ('reporter_accessible', 'cclist_accessible') {
+            if ($bug->check_can_change_field($field, 0, 1, \$PrivilegesRequired)) {
+                DoComma();
+                $cgi->param($field, $cgi->param($field) ? '1' : '0');
+                $::query .= " $field = ?";
+                push(@values, $cgi->param($field));
+            }
+            else {
+                $cgi->delete($field);
+            }
+        }
     }
 }
 
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
index 5389af666a..a607e830ec 100644
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -517,11 +517,13 @@
       <p>
         <input type="checkbox" value="1"
                name="reporter_accessible" id="reporter_accessible"
-               [% " checked" IF bug.reporter_accessible %]>
+               [% " checked" IF bug.reporter_accessible %]
+               [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("reporter_accessible", 0, 1) %]>
         <label for="reporter_accessible">Reporter</label>
         <input type="checkbox" value="1"
                name="cclist_accessible" id="cclist_accessible"
-               [% " checked" IF bug.cclist_accessible %]>
+               [% " checked" IF bug.cclist_accessible %]
+               [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("cclist_accessible", 0, 1) %]>
         <label for="cclist_accessible">CC List</label>
       </p>
     [% END %]