[bugzilla-gnome-org-upstream/4.4] Bug 1151290: It is possible to tell if someone made a private comment on a bug even if you are not a
- From: Andrea Veri <av src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [bugzilla-gnome-org-upstream/4.4] Bug 1151290: It is possible to tell if someone made a private comment on a bug even if you are not a
- Date: Tue, 21 Apr 2015 12:46:24 +0000 (UTC)
commit d445f63df2a2ce24523429130cbe62c4c084f8f0
Author: Simon Green <simon simongreen net>
Date: Mon Apr 13 21:35:28 2015 +0100
Bug 1151290: It is possible to tell if someone made a private comment on a bug even if you are not an
'insider'
r=dkl,a=glob
Bugzilla/Search.pm | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
---
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index acf458e..d67df03 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -2401,11 +2401,17 @@ sub _user_nonchanged {
sub _long_desc_changedby {
my ($self, $args) = @_;
my ($chart_id, $joins, $value) = @$args{qw(chart_id joins value)};
-
+
my $table = "longdescs_$chart_id";
push(@$joins, { table => 'longdescs', as => $table });
my $user_id = $self->_get_user_id($value);
$args->{term} = "$table.who = $user_id";
+
+ # If the user is not part of the insiders group, they cannot see
+ # private comments
+ if (!$self->_user->is_insider) {
+ $args->{term} .= " AND $table.isprivate = 0";
+ }
}
sub _long_desc_changedbefore_after {
@@ -2413,7 +2419,7 @@ sub _long_desc_changedbefore_after {
my ($chart_id, $operator, $value, $joins) =
@$args{qw(chart_id operator value joins)};
my $dbh = Bugzilla->dbh;
-
+
my $sql_operator = ($operator =~ /before/) ? '<=' : '>=';
my $table = "longdescs_$chart_id";
my $sql_date = $dbh->quote(SqlifyDate($value));
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]