From c9afb70f4b0dc03fc602fd6718698f6e03ea3ae7 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 23:35:28 +0000
Subject: [PATCH] r539: Added permission checking to construct_pcv_select()

---
 includes/functions_product.php | 7 ++++++-
 newreport.php                  | 2 +-
 search.php                     | 2 +-
 showreport.php                 | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/includes/functions_product.php b/includes/functions_product.php
index f4b643b..73aa002 100644
--- a/includes/functions_product.php
+++ b/includes/functions_product.php
@@ -13,7 +13,7 @@
 // #################### Start construct_pcv_select ###################
 // constructs a product/component/version select with one go :-)
 // NB: need to make sure we have the option to turn off just p/c selection without v
-function construct_pcv_select($select = '', $prefix = '--')
+function construct_pcv_select($action = 'canviewbugs', $select = '', $prefix = '--')
 {
 	global $bugsys;
 	static $HTML;
@@ -43,6 +43,11 @@ function construct_pcv_select($select = '', $prefix = '--')
 	
 	foreach ($products AS $product)
 	{
+		if (!can_perform($action, $product['productid']) OR !can_perform('canviewbugs', $product['productid']))
+		{
+			continue;
+		}
+		
 		// prefix
 		$valuepfx = "p$product[productid]";
 		
diff --git a/newreport.php b/newreport.php
index 91dde63..9c377f6 100755
--- a/newreport.php
+++ b/newreport.php
@@ -172,7 +172,7 @@ if ($_REQUEST['do'] == 'add')
 		}
 	}
 	
-	$pcv_select = construct_pcv_select();
+	$pcv_select = construct_pcv_select('cansubmitbugs');
 	
 	eval('$template->flush("' . $template->fetch('newreport') . '");');
 }
diff --git a/search.php b/search.php
index 027434c..4808447 100644
--- a/search.php
+++ b/search.php
@@ -304,7 +304,7 @@ if ($_REQUEST['do'] == 'search')
 	
 	if ($newsearch)
 	{
-		$pcv_select = construct_pcv_select('radio', '--');
+		$pcv_select = construct_pcv_select();
 		
 		// -------------------------------------------------------------------
 		// custom fields
diff --git a/showreport.php b/showreport.php
index eb15cb0..60d4ec5 100644
--- a/showreport.php
+++ b/showreport.php
@@ -126,7 +126,7 @@ if ($show['edit'])
 		}
 	}
 	
-	$pcv_select = construct_pcv_select("p$bug[productid]c$bug[componentid]v$bug[versionid]");
+	$pcv_select = construct_pcv_select('canviewbugs', "p$bug[productid]c$bug[componentid]v$bug[versionid]");
 	
 	$firstcomment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "comment WHERE bugid = $bug[bugid] ORDER BY dateline ASC LIMIT 1");
 		
-- 
2.22.5