From 4b781a339951b8a4e60e3615bf879b339e4574fd Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Fri, 3 Oct 2008 06:53:06 +0000
Subject: [PATCH] Bug 452896: A user with no privs who reported a bug couldn't
 move it to another product if the target milestone was set Patch By Max
 Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat

---
 Bugzilla/Bug.pm                               | 19 +++++++++++++++++--
 .../bug/process/verify-new-product.html.tmpl  | 13 ++++++++++---
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index d3aa1eeec4..3bf5a1906e 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1870,7 +1870,15 @@ sub set_product {
         Bugzilla->error_mode(ERROR_MODE_DIE);
         my $component_ok = eval { $self->set_component($comp_name);      1; };
         my $version_ok   = eval { $self->set_version($vers_name);        1; };
-        my $milestone_ok = eval { $self->set_target_milestone($tm_name); 1; };
+        my $milestone_ok = 1;
+        # Reporters can move bugs between products but not set the TM.
+        if ($self->check_can_change_field('target_milestone', 0, 1)) {
+            $milestone_ok = eval { $self->set_target_milestone($tm_name); 1; };
+        }
+        else {
+            # Have to set this directly to bypass the validators.
+            $self->{target_milestone} = $product->default_milestone;
+        }
         # If there were any errors thrown, make sure we don't mess up any
         # other part of Bugzilla that checks $@.
         undef $@;
@@ -1918,6 +1926,7 @@ sub set_product {
         
         if (%vars) {
             $vars{product} = $product;
+            $vars{bug} = $self;
             my $template = Bugzilla->template;
             $template->process("bug/process/verify-new-product.html.tmpl",
                 \%vars) || ThrowTemplateError($template->error());
@@ -1929,7 +1938,13 @@ sub set_product {
         # just die if any of these are invalid.
         $self->set_component($comp_name);
         $self->set_version($vers_name);
-        $self->set_target_milestone($tm_name);
+        if ($self->check_can_change_field('target_milestone', 0, 1)) {
+            $self->set_target_milestone($tm_name);
+        }
+        else {
+            # Have to set this directly to bypass the validators.
+            $self->{target_milestone} = $product->default_milestone;
+        }
     }
     
     if ($product_changed) {
diff --git a/template/en/default/bug/process/verify-new-product.html.tmpl b/template/en/default/bug/process/verify-new-product.html.tmpl
index 7b5b58a185..2eeb9277e3 100644
--- a/template/en/default/bug/process/verify-new-product.html.tmpl
+++ b/template/en/default/bug/process/verify-new-product.html.tmpl
@@ -49,10 +49,15 @@
 <input type="hidden" name="confirm_product_change" value="1">
     
 [%# Verify the version, component, and target milestone fields. %]
-<h3>Verify Version, Component[% ", Target Milestone" IF Param("usetargetmilestone") %]</h3>
+<h3>Verify Version, Component
+  [%- ", Target Milestone" 
+      IF Param("usetargetmilestone")
+         && bug.check_can_change_field('target_milestone', 0, 1) %]</h3>
 
 <p>
-[% IF Param("usetargetmilestone") %]
+[% IF Param("usetargetmilestone") 
+   && bug.check_can_change_field('target_milestone', 0, 1) 
+%]
   You are moving the [% terms.bug %](s) to the product 
   <b>[% product.name FILTER html %]</b>,
   and the version, component, and/or target milestone fields are no longer
@@ -93,7 +98,9 @@
                  default=default_component
                  size=10 %]
     </td>
-    [% IF Param("usetargetmilestone") %]
+    [% IF Param("usetargetmilestone") 
+          && bug.check_can_change_field('target_milestone', 0, 1) 
+    %]
       <td>
         <b>Target Milestone:</b><br>
       [% PROCESS "global/select-menu.html.tmpl"
-- 
2.47.3