replace UserInGroup by $user->in_group() when checking user privs in edit*.cgi files

RESOLVED FIXED in Bugzilla 2.22

Status

()

Bugzilla
Bugzilla-General
--
enhancement
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: Frédéric Buclin, Assigned: Frédéric Buclin)

Tracking

2.21
Bugzilla 2.22
Bug Flags:
approval +

Details

Attachments

(1 attachment)

(Assignee)

Description

13 years ago
All edit*.cgi files use the following syntax to check user privs:

Bugzilla->login(LOGIN_REQUIRED);
UserInGroup("editcomponents")
  || ThrowUserError("auth_failure", {group  => "editcomponents",
                                     action => "edit",
                                     object => "flagtypes"});

Several of these files use Bugzilla::User for this check only. We could remove
this requirement by doing the following change:

my $user = Bugzilla->login(LOGIN_REQUIRED);
$user->in_group("editcomponents")
  || ThrowUserError("auth_failure", {group  => "editcomponents",
                                     action => "edit",
                                     object => "flagtypes"});

This is also a step towards removing 'use Bugzilla::User' from globals.pl.
(Assignee)

Updated

13 years ago
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.22
(Assignee)

Comment 1

13 years ago
Created attachment 194136 [details] [diff] [review]
patch, v1
Attachment #194136 - Flags: review?(mkanat)

Comment 2

13 years ago
Comment on attachment 194136 [details] [diff] [review]
patch, v1

r=mkanat by inspection
Attachment #194136 - Flags: review?(mkanat) → review+

Updated

13 years ago
Flags: approval?
Flags: approval? → approval+
(Assignee)

Comment 3

13 years ago
The patch bitrotted a bit. I fixed it on checkin.

Checking in doeditparams.cgi;
/cvsroot/mozilla/webtools/bugzilla/doeditparams.cgi,v  <--  doeditparams.cgi
new revision: 1.36; previous revision: 1.35
done
Checking in editcomponents.cgi;
/cvsroot/mozilla/webtools/bugzilla/editcomponents.cgi,v  <--  editcomponents.cgi
new revision: 1.61; previous revision: 1.60
done
Checking in editflagtypes.cgi;
/cvsroot/mozilla/webtools/bugzilla/editflagtypes.cgi,v  <--  editflagtypes.cgi
new revision: 1.27; previous revision: 1.26
done
Checking in editgroups.cgi;
/cvsroot/mozilla/webtools/bugzilla/editgroups.cgi,v  <--  editgroups.cgi
new revision: 1.61; previous revision: 1.60
done
Checking in editkeywords.cgi;
/cvsroot/mozilla/webtools/bugzilla/editkeywords.cgi,v  <--  editkeywords.cgi
new revision: 1.32; previous revision: 1.31
done
Checking in editmilestones.cgi;
/cvsroot/mozilla/webtools/bugzilla/editmilestones.cgi,v  <--  editmilestones.cgi
new revision: 1.43; previous revision: 1.42
done
Checking in editparams.cgi;
/cvsroot/mozilla/webtools/bugzilla/editparams.cgi,v  <--  editparams.cgi
new revision: 1.27; previous revision: 1.26
done
Checking in editproducts.cgi;
/cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v  <--  editproducts.cgi
new revision: 1.99; previous revision: 1.98
done
Checking in editsettings.cgi;
/cvsroot/mozilla/webtools/bugzilla/editsettings.cgi,v  <--  editsettings.cgi
new revision: 1.5; previous revision: 1.4
done
Checking in editusers.cgi;
/cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v  <--  editusers.cgi
new revision: 1.104; previous revision: 1.103
done
Checking in editversions.cgi;
/cvsroot/mozilla/webtools/bugzilla/editversions.cgi,v  <--  editversions.cgi
new revision: 1.37; previous revision: 1.36
done
Checking in editwhines.cgi;
/cvsroot/mozilla/webtools/bugzilla/editwhines.cgi,v  <--  editwhines.cgi
new revision: 1.11; previous revision: 1.10
done
Status: ASSIGNED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.