aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-08-10 16:57:23 -0400
committerDave Lawrence <dlawrence@mozilla.com>2012-08-10 16:57:23 -0400
commita05220de2e69d4b6ef212d1f3556fa848b6e1508 (patch)
tree7383fb335d3db6290f46a81a3397b15c45bcdb70 /extensions
parentBackout bug 679224 (diff)
downloadbugzilla-a05220de2e69d4b6ef212d1f3556fa848b6e1508.tar.gz
bugzilla-a05220de2e69d4b6ef212d1f3556fa848b6e1508.tar.bz2
bugzilla-a05220de2e69d4b6ef212d1f3556fa848b6e1508.zip
Bug 779088 - Allow extensions to whitelist PATH_INFO
r/a=LpSolit
Diffstat (limited to 'extensions')
-rw-r--r--extensions/Example/Extension.pm110
1 files changed, 58 insertions, 52 deletions
diff --git a/extensions/Example/Extension.pm b/extensions/Example/Extension.pm
index 62fb345d9..f3efcb2a8 100644
--- a/extensions/Example/Extension.pm
+++ b/extensions/Example/Extension.pm
@@ -29,6 +29,20 @@ use constant REL_EXAMPLE => -127;
our $VERSION = '1.0';
+sub admin_editusers_action {
+ my ($self, $args) = @_;
+ my ($vars, $action, $user) = @$args{qw(vars action user)};
+ my $template = Bugzilla->template;
+
+ if ($action eq 'my_action') {
+ # Allow to restrict the search to any group the user is allowed to bless.
+ $vars->{'restrictablegroups'} = $user->bless_groups();
+ $template->process('admin/users/search.html.tmpl', $vars)
+ || ThrowTemplateError($template->error());
+ exit;
+ }
+}
+
sub attachment_process_data {
my ($self, $args) = @_;
my $type = $args->{attributes}->{mimetype};
@@ -65,6 +79,44 @@ sub auth_verify_methods {
}
}
+sub bug_check_can_change_field {
+ my ($self, $args) = @_;
+
+ my ($bug, $field, $new_value, $old_value, $priv_results)
+ = @$args{qw(bug field new_value old_value priv_results)};
+
+ my $user = Bugzilla->user;
+
+ # Disallow a bug from being reopened if currently closed unless user
+ # is in 'admin' group
+ if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') {
+ if (!is_open_state($old_value) && is_open_state($new_value)
+ && !$user->in_group('admin'))
+ {
+ push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED);
+ return;
+ }
+ }
+
+ # Disallow a bug's keywords from being edited unless user is the
+ # reporter of the bug
+ if ($field eq 'keywords' && $bug->product_obj->name eq 'Example'
+ && $user->login ne $bug->reporter->login)
+ {
+ push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER);
+ return;
+ }
+
+ # Allow updating of priority even if user cannot normally edit the bug
+ # and they are in group 'engineering'
+ if ($field eq 'priority' && $bug->product_obj->name eq 'Example'
+ && $user->in_group('engineering'))
+ {
+ push(@$priv_results, PRIVILEGES_REQUIRED_NONE);
+ return;
+ }
+}
+
sub bug_columns {
my ($self, $args) = @_;
my $columns = $args->{'columns'};
@@ -676,6 +728,12 @@ sub page_before_template {
}
}
+sub path_info_whitelist {
+ my ($self, $args) = @_;
+ my $whitelist = $args->{whitelist};
+ push(@$whitelist, "page.cgi");
+}
+
sub post_bug_after_creation {
my ($self, $args) = @_;
@@ -804,58 +862,6 @@ sub template_before_process {
}
}
-sub bug_check_can_change_field {
- my ($self, $args) = @_;
-
- my ($bug, $field, $new_value, $old_value, $priv_results)
- = @$args{qw(bug field new_value old_value priv_results)};
-
- my $user = Bugzilla->user;
-
- # Disallow a bug from being reopened if currently closed unless user
- # is in 'admin' group
- if ($field eq 'bug_status' && $bug->product_obj->name eq 'Example') {
- if (!is_open_state($old_value) && is_open_state($new_value)
- && !$user->in_group('admin'))
- {
- push(@$priv_results, PRIVILEGES_REQUIRED_EMPOWERED);
- return;
- }
- }
-
- # Disallow a bug's keywords from being edited unless user is the
- # reporter of the bug
- if ($field eq 'keywords' && $bug->product_obj->name eq 'Example'
- && $user->login ne $bug->reporter->login)
- {
- push(@$priv_results, PRIVILEGES_REQUIRED_REPORTER);
- return;
- }
-
- # Allow updating of priority even if user cannot normally edit the bug
- # and they are in group 'engineering'
- if ($field eq 'priority' && $bug->product_obj->name eq 'Example'
- && $user->in_group('engineering'))
- {
- push(@$priv_results, PRIVILEGES_REQUIRED_NONE);
- return;
- }
-}
-
-sub admin_editusers_action {
- my ($self, $args) = @_;
- my ($vars, $action, $user) = @$args{qw(vars action user)};
- my $template = Bugzilla->template;
-
- if ($action eq 'my_action') {
- # Allow to restrict the search to any group the user is allowed to bless.
- $vars->{'restrictablegroups'} = $user->bless_groups();
- $template->process('admin/users/search.html.tmpl', $vars)
- || ThrowTemplateError($template->error());
- exit;
- }
-}
-
sub user_preferences {
my ($self, $args) = @_;
my $tab = $args->{current_tab};