From: mkanat%bugzilla.org <> Date: Tue, 21 Jul 2009 16:08:39 +0000 (+0000) Subject: Bug 505390: Make Bugzilla (and thus the WebService) throw an error when you try to... X-Git-Tag: bugzilla-3.4~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51e7bae16405d016918c172d72c240490c80348e;p=thirdparty%2Fbugzilla.git Bug 505390: Make Bugzilla (and thus the WebService) throw an error when you try to add a private comment but aren't an insider. Patch by Max Kanat-Alexander r=LpSolit, a=LpSolit --- diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 8b140e92f6..9b0bac1e19 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -1192,9 +1192,10 @@ sub _check_comment { sub _check_commentprivacy { my ($invocant, $comment_privacy) = @_; - my $insider_group = Bugzilla->params->{"insidergroup"}; - return ($insider_group && Bugzilla->user->in_group($insider_group) - && $comment_privacy) ? 1 : 0; + if ($comment_privacy && !Bugzilla->user->is_insider) { + ThrowUserError('user_not_insider'); + } + return $comment_privacy ? 1 : 0; } sub _check_comment_type { diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm old mode 100755 new mode 100644 index 1f26d1288d..29af9f71d8 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -1390,6 +1390,10 @@ The id you specified doesn't exist in the database. You did not have the necessary rights to edit the bug. +=item 113 (Can't Make Private Comments) + +You tried to add a private comment, but don't have the necessary rights. + =back =item B @@ -1400,6 +1404,9 @@ You did not have the necessary rights to edit the bug. =item Modified to return the new comment's id in Bugzilla B<3.4> +=item Modified to throw an error if you try to add a private comment +but can't, in Bugzilla B<3.4>. + =back =back diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm old mode 100755 new mode 100644 index 172d757efb..2267c923db --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -87,6 +87,8 @@ use constant WS_ERROR_CODE => { # See Also errors bug_url_invalid => 112, bug_url_too_long => 112, + # Insidergroup Errors + user_not_insider => 113, # Authentication errors are usually 300-400. invalid_username_or_password => 300, diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 73b7010677..20bda228e4 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1150,9 +1150,11 @@ [% ELSIF error == "no_bugs_in_list" %] [% title = "Delete Tag?" %] This will remove all [% terms.bugs %] from the - [% tag FILTER html %] tag. This will delete the tag completely. Click + [% name FILTER html %] tag. This will delete the tag completely. Click here if you really want to delete it. + [%- name FILTER url_quote %]&token= + [%- issue_hash_token([query_id, name]) FILTER url_quote %]">here + if you really want to delete it. [% ELSIF error == "no_bugs_to_remove" %] [% title = "No Tag Selected" %] @@ -1613,6 +1615,11 @@ [% name FILTER html %] does not exist or you are not allowed to see that user. + [% ELSIF error == "user_not_insider" %] + [% title = "User Not In Insidergroup" %] + Sorry, but you are not allowed to (un)mark comments or attachments + as private. + [% ELSIF error == "votes_must_be_nonnegative" %] [% title = "Votes Must Be Non-negative" %] [% admindocslinks = {'voting.html' => 'Setting up the voting feature'} %]