vitalif
/
bugzilla-4intranet
mirror of https://github.com/vitalif/bugzilla-4intranet
1
0
Fork 0
Code Issues Releases Wiki Activity

Check saved search runner permissions correctly in _in_search()

i18n
Vitaliy Filippov 2016-06-01 14:45:16 +03:00
parent e63bc93fec
commit 1db3507cbf
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Bugzilla/Search.pm
View File

@ -3295,6 +3295,7 @@ sub _in_search_results
my $query = Bugzilla::Search::Saved->$m({
name => trim($v),
user => $sharer,
runner => $self->{user},
});
if (!$query)
{

7
Bugzilla/Search/Saved.pm
View File

@ -102,10 +102,11 @@ sub new
sub check
{
my $class = shift;
my $search = $class->SUPER::check(@_);
my $user = Bugzilla->user;
my ($param) = @_;
my $search = $class->SUPER::check($param);
my $user = $param->{runner} || Bugzilla->user;
return $search if $search->user->id == $user->id;
if (!Bugzilla->user->in_group('admin') &&
if (!$user->in_group('admin') &&
(!$search->shared_with_group || !$user->in_group($search->shared_with_group)))
{
ThrowUserError('missing_query', {