From: bugreport%peshkin.net <> Date: Sat, 22 Oct 2005 20:07:05 +0000 (+0000) Subject: Bug 312787 When strict_isolation is set, do not permit users to alter deps on bugs... X-Git-Tag: bugzilla-2.22rc1~205 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0042bb7c9340ef4dd80b3abe3b2f45ed4bf862b;p=thirdparty%2Fbugzilla.git Bug 312787 When strict_isolation is set, do not permit users to alter deps on bugs unless they can edit both bugs Patch by Joel Peshkin r=kiko, a=justdave --- diff --git a/process_bug.cgi b/process_bug.cgi index adb6a3deda..dc119179cf 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -165,6 +165,13 @@ foreach my $field ("dependson", "blocked") { $vars->{'field'} = $field; ThrowUserError("illegal_change", $vars); } + if (Param("strict_isolation")) { + my $deltabug = new Bugzilla::Bug($id, $user); + if (!$user->can_edit_product($deltabug->{'product_id'})) { + $vars->{'field'} = $field; + ThrowUserError("illegal_change_deps", $vars); + } + } } } else { # Bugzilla does not support mass-change of dependencies so they diff --git a/template/en/default/admin/params/groupsecurity.html.tmpl b/template/en/default/admin/params/groupsecurity.html.tmpl index d4e219a88b..9016a7038c 100644 --- a/template/en/default/admin/params/groupsecurity.html.tmpl +++ b/template/en/default/admin/params/groupsecurity.html.tmpl @@ -49,6 +49,12 @@ usevisibilitygroups => "Do you wish to restrict visibility of users to members of " _ "specific groups?", - strict_isolation => "Don't allow users to assign, be qa-contacts or add to CC list " _ - "any user that do not have permission to edit the bug." } + strict_isolation => "Don't allow users to be assigned to, " _ + "be qa-contacts on, " _ + "be added to CC list, " _ + "or make or remove dependencies " _ + "involving any bug that is in a product on which that " _ + "user is forbidden to edit.", + + } %] diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 334f1c54e8..f0c8288880 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -547,6 +547,13 @@ [% END %] a sufficiently empowered user may change that field. + [% ELSIF error == "illegal_change_deps" %] + [% title = "Not allowed" %] + You tried to change the + [% field_descs.$field FILTER html %] field + but only a user empowered to edit + both involved [% terms.bugs %] may change that field. + [% ELSIF error == "illegal_changed_in_last_x_days" %] [% title = "Your Search Makes No Sense" %] The Changed in last ___ days field must be a simple number.