diff options
| author |   Simon Green <simon@simongreen.net> | 2015-04-13 21:35:28 +0100 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2015-04-13 21:35:28 +0100 |
| commit | d445f63df2a2ce24523429130cbe62c4c084f8f0 (patch) | |
| tree | 21100c8ad34d01c083e6a022f39dac2278af108d | |
| parent | Bug 1137669: 003safesys.t doesn't test any file due to a missing -T argument (diff) | |
| download | bugzilla-d445f63df2a2ce24523429130cbe62c4c084f8f0.tar.gz bugzilla-d445f63df2a2ce24523429130cbe62c4c084f8f0.tar.bz2 bugzilla-d445f63df2a2ce24523429130cbe62c4c084f8f0.zip | |
Bug 1151290: It is possible to tell if someone made a private comment on a bug even if you are not an 'insider'
r=dkl,a=glob
| -rw-r--r-- | Bugzilla/Search.pm | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index acf458e8b..d67df03dd 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -2401,11 +2401,17 @@ sub _user_nonchanged { sub _long_desc_changedby { my ($self, $args) = @_; my ($chart_id, $joins, $value) = @$args{qw(chart_id joins value)}; - + my $table = "longdescs_$chart_id"; push(@$joins, { table => 'longdescs', as => $table }); my $user_id = $self->_get_user_id($value); $args->{term} = "$table.who = $user_id"; + + # If the user is not part of the insiders group, they cannot see + # private comments + if (!$self->_user->is_insider) { + $args->{term} .= " AND $table.isprivate = 0"; + } } sub _long_desc_changedbefore_after { @@ -2413,7 +2419,7 @@ sub _long_desc_changedbefore_after { my ($chart_id, $operator, $value, $joins) = @$args{qw(chart_id operator value joins)}; my $dbh = Bugzilla->dbh; - + my $sql_operator = ($operator =~ /before/) ? '<=' : '>='; my $table = "longdescs_$chart_id"; my $sql_date = $dbh->quote(SqlifyDate($value)); |