);
}
+// ###################################################################
+/**
+* Does an exhaustive permissions check on the bug. It checks for hidden
+* bug status and ability to view hidden bugs. This normally was done
+* at the top of each page, but it got so big, it was moved to a function.
+*
+* @access public
+*
+* @param array Bug array
+* @param array Alternate user array
+*
+* @return bool Does the user have permission
+*/
+function check_bug_permissions($bug, $userinfo = null)
+{
+ global $bugsys;
+ if ($userinfo == null)
+ {
+ $userinfo = $bugsys->userinfo;
+ }
+
+ if
+ (
+ !can_perform('canviewbugs', $bug['product'], $userinfo)
+ OR
+ !(
+ (
+ $bug['hidden']
+ AND
+ (
+ ($userinfo['userid'] == $bug['userid'] AND can_perform('canviewownhidden', $bug['productid'], $userinfo))
+ OR
+ can_perform('canviewhidden', $bug['productid'], $userinfo)
+ )
+ )
+ OR
+ !$bug['hidden']
+ )
+ )
+ {
+ return false;
+ }
+
+ return true;
+}
+
/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
$message->error($lang->getlex('error_invalid_id'));
}
-if (!(($bug['hidden'] AND can_perform('canviewhidden', $bug['product'])) OR ($bug['hidden'] AND $bugsys->userinfo['userid'] == $bug['userid'] AND can_perform('canviewownhidden', $bug['productid']))) AND can_perform('canviewbugs', $bug['product']))
+if (!check_bug_permissions($bug))
{
$message->error_permission();
}