Bug 504461: Allow everyone to make bugs security-sensitive retroactively

globau · globau · commit 5929fb98320a · 2014-05-20T13:16:59.000+08:00
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
@@ -2915,11 +2915,11 @@ sub add_group {
     # If the bug is already in this group, then there is nothing to do.
     return if $self->in_group($group);
 
-
     # BMO : allow bugs to be always placed into some groups by the bug's
-    # reporter
-    if ($self->{reporter_id} != Bugzilla->user->id
-        || !$self->product_obj->group_always_settable($group))
+    # reporter, or by users with editbugs
+    my $user = Bugzilla->user;
+    if (!$self->product_obj->group_always_settable($group)
+        || ($self->{reporter_id} != $user->id && !$user->in_group('editbugs')))
     {
         # Make sure that bugs in this product can actually be restricted
         # to this group by the current user.
@@ -2928,7 +2928,7 @@ sub add_group {
 
         # OtherControl people can add groups only during a product change,
         # and only when the group is not NA for them.
-        if (!Bugzilla->user->in_group($group->name)) {
+        if (!$user->in_group($group->name)) {
             my $controls = $self->product_obj->group_controls->{$group->id};
             if (!$self->{_old_product_name}
                 || $controls->{othercontrol} == CONTROLMAPNA)
diff --git a/extensions/BMO/template/en/default/hook/bug/edit-before_restrict_visibility.html.tmpl b/extensions/BMO/template/en/default/hook/bug/edit-before_restrict_visibility.html.tmpl
@@ -0,0 +1,25 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% RETURN IF
+  bug.in_group(bug.product_obj.default_security_group_obj)
+  || user.in_group(bug.product_obj.default_security_group)
+  || (user.id != bug.reporter.id && !user.in_group('editbugs'))
+  %]
+
+<div class="bz_group_visibility_section">
+  <input type="checkbox" name="groups"
+         value="[% bug.product_obj.default_security_group FILTER none %]"
+         id="group_[% bug.product_obj.default_security_group_obj.id FILTER html %]"
+         onchange="if (this.checked) document.getElementById('addselfcc').checked = true"
+  >
+  <label for="group_[% bug.product_obj.default_security_group_obj.id FILTER html %]"
+    title="This [% terms.bug %] is security sensitive and should be hidden from the public until it is resolved">
+    Restrict access to this [% terms.bug %]
+  </label>
+</div><br>
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
@@ -200,6 +200,8 @@
     [% END %]
   </td>
   <td>
+    [%# BMO hook for adding custom group visibility %]
+    [% Hook.process('before_restrict_visibility', 'bug/edit.html.tmpl') %]
     [% PROCESS section_restrict_visibility %]
   </td>
   </tr></table>
