From 551988ff8847b89b4b3aeba0eb907048baaa684c Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 22:24:47 +0000
Subject: [PATCH] r533: - Permission check cleanup - Splt caneditinfo into two
 permissions: caneditotherreply and caneditownreply for comment editing

---
 admin/permission.php             |  5 +++--
 admin/usergroup.php              |  5 +++--
 editcomment.php                  |  2 +-
 editreport.php                   |  6 +++---
 includes/init.php                |  9 +++++----
 showreport.php                   | 15 +++++++++++++--
 templates/showreport_comment.tpl |  2 +-
 7 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/admin/permission.php b/admin/permission.php
index 9847f8f..de844d7 100755
--- a/admin/permission.php
+++ b/admin/permission.php
@@ -39,8 +39,9 @@ $permissions = array(
 	
 	$lang->string('Moderation/Managment Permissions') => array(
 		'caneditown' => $lang->string('Can Edit Own Bugs'),
-		'caneditothers' => $lang->string('Can Edit Others\' Bugs'),
-		'caneditinfo' => $lang->string('Can Edit Bug Information'),
+		'caneditother' => $lang->string('Can Edit Others\' Bugs'),
+		'caneditownreply' => $lang->string('Can Edit Own Comments'),
+		'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
 		'canassign' => $lang->string('Can Assign Bugs'),
 		'canchangestatus' => $lang->string('Can Change Status')
 	)
diff --git a/admin/usergroup.php b/admin/usergroup.php
index d73569f..edb4658 100755
--- a/admin/usergroup.php
+++ b/admin/usergroup.php
@@ -41,8 +41,9 @@ $permissions = array(
 	
 	$lang->string('Moderation/Managment Permissions') => array(
 		'caneditown' => $lang->string('Can Edit Own Bugs'),
-		'caneditothers' => $lang->string('Can Edit Others\' Bugs'),
-		'caneditinfo' => $lang->string('Can Edit Bug Information'),
+		'caneditother' => $lang->string('Can Edit Others\' Bugs'),
+		'caneditownreply' => $lang->string('Can Edit Own Comments'),
+		'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
 		'canassign' => $lang->string('Can Assign Bugs'),
 		'canchangestatus' => $lang->string('Can Change Status')
 	),
diff --git a/editcomment.php b/editcomment.php
index 2d7540f..990298c 100644
--- a/editcomment.php
+++ b/editcomment.php
@@ -35,7 +35,7 @@ if (!$comment)
 
 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
 
-if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])))
+if (!((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
 {
 	$message->error_permission();
 }
diff --git a/editreport.php b/editreport.php
index eb2b7d9..edd85e7 100644
--- a/editreport.php
+++ b/editreport.php
@@ -26,7 +26,7 @@ $bug = $db->query_first("
 	WHERE bug.bugid = " . intval($bugsys->in['bugid'])
 );
 
-if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) AND !can_perform('canpostcomments', $bug['productid']))
+if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid'])) AND !can_perform('canpostcomments', $bug['productid']))
 {
 	$message->error_permission();
 }
@@ -52,7 +52,7 @@ if ($_POST['do'] == 'update')
 {
 	// -------------------------------------------------------------------
 	// process comment stuff
-	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
+	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
 	{
 		$hascomment = (!empty($bugsys->in['comment'])) ? true : false;
 		
@@ -105,7 +105,7 @@ if ($_POST['do'] == 'update')
 		}
 	}
 	
-	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
+	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
 	{
 		$message->redirect($lang->string('Your reply has been added to the comment list.'), "showreport.php?bugid=$bug[bugid]");
 	}
diff --git a/includes/init.php b/includes/init.php
index 6209d1e..2a02d45 100755
--- a/includes/init.php
+++ b/includes/init.php
@@ -143,9 +143,9 @@ $_PERMISSION = array(
 	'canpostcomments'	=> 32, // can post new comments
 	'cangetattach'		=> 64, // can dl attachments
 	'canputattach'		=> 128, // can ul attachments
-	'caneditown'		=> 256, // can edit own comments
-	'caneditothers'		=> 512, // can edit others' comments
-	'caneditinfo'		=> 1024, // can edit bug info -- works in conjunction with canedit(own|others)
+	'caneditown'		=> 256, // can edit own bugs
+	'caneditother'		=> 512, // can edit others' bugs
+	'caneditownreply'	=> 1024, // can edit own comments
 	'canassign'			=> 2048, // can assign bug
 	'canchangestatus'	=> 4096, // can change bug status
 	'canadminpanel'		=> 8192, // can view admin panel
@@ -157,7 +157,8 @@ $_PERMISSION = array(
 	'canadminfields'	=> 524288, // can admin custom bug fields
 	'canbeassignedto'	=> 1048576, // can be assigned bugs,
 	'caneditattach'		=> 2097152, // can edit attachments
-	'canviewhidden'		=> 4194304 // can see hidden bugs
+	'canviewhidden'		=> 4194304, // can see hidden bugs
+	'caneditotherreply'	=> 8388608 // can edit other peoples' comments
 );
 
 foreach ($_PERMISSION AS $name => $maskvalue)
diff --git a/showreport.php b/showreport.php
index 5678e93..f930c9a 100644
--- a/showreport.php
+++ b/showreport.php
@@ -67,7 +67,7 @@ if (!can_perform('canviewbugs', $bug['productid']))
 	$message->error_permission();
 }
 
-$show['edit'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) ? true : false;
+$show['edit'] = ((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid']));
 
 if (!is_array($bug))
 {
@@ -104,6 +104,13 @@ if ($show['edit'])
 		$select['status'] = construct_datastore_select('status', 'status', 'statusid', $bug['status']);
 		$select['resolution'] = construct_datastore_select('resolution', 'resolution', 'resolutionid', $bug['resolution']);		
 	}
+	else
+	{
+		$bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status'];
+		$bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'];
+		$bug['severity'] = $bugsys->datastore['severity']["$bug[severity]"]['severity'];
+		$bug['priority'] = $bugsys->datastore['priority']["$bug[priority]"]['priority'];
+	}
 	
 	$show['assign'] = ((can_perform('canassign', $bug['productid'])) ? true : false);
 	if (can_perform('canassign', $bug['productid']))
@@ -285,7 +292,11 @@ while ($comment = $db->fetch_array($comments_fetch))
 {
 	$comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
 	$comment['postby'] = construct_user_display($comment);
-	$show['editcomment'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) ? true : false);
+	$show['editcomment'] = ((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+	
+	$bugsys->debug((int)(can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']));
+	$bugsys->debug((int)(can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+	$bugsys->debug($show['editcomment']);
 	
 	if (is_array($hilight))
 	{
diff --git a/templates/showreport_comment.tpl b/templates/showreport_comment.tpl
index 7604d38..8b5080a 100644
--- a/templates/showreport_comment.tpl
+++ b/templates/showreport_comment.tpl
@@ -10,7 +10,7 @@
 		$comment[comment_parsed]
 	</div>
 	
-	<if condition="$show['edit']">
+	<if condition="$show['editcomment']">
 	<div class="box-foot">
 		<span style="float: right">
 			[<a href="editcomment.php?commentid=$comment[commentid]">{@"Edit Comment"}</a>]
-- 
2.22.5