Bug 952284 - Tags set to private comments should not be disclosed to everybody in the bug activity table

r=LpSolit,a=sgreen git-svn-id: svn://10.0.0.236/trunk@265164 18797224-902f-48f8-a5cc-f745e15eee43
2014-01-02 23:30:43 +00:00 · 2014-01-02 23:30:43 +00:00 · 5d17c6384f
commit 5d17c6384f
parent fb1d54cbe5
2 changed files with 12 additions and 1 deletions
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@ -1 +1 @@
-8848
+8849
--- a/mozilla/webtools/bugzilla/Bugzilla/Bug.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/Bug.pm
@ -3872,6 +3872,15 @@ sub get_activity {
        && $include_comment_tags
        && !$attach_id)
    {
+        # Only includes comment tag activity for comments the user is allowed to see.
+        $suppjoins = "";
+        $suppwhere = "";
+        if (!Bugzilla->user->is_insider) {
+            $suppjoins = "INNER JOIN longdescs
+                          ON longdescs.comment_id = longdescs_tags_activity.comment_id";
+            $suppwhere = "AND longdescs.isprivate = 0";
+        }
+
        $query .= "
            UNION ALL
            SELECT 'comment_tag' AS name,
@ -3883,8 +3892,10 @@ sub get_activity {
                   longdescs_tags_activity.comment_id as comment_id
              FROM longdescs_tags_activity
                   INNER JOIN profiles ON profiles.userid = longdescs_tags_activity.who
+                   $suppjoins
             WHERE longdescs_tags_activity.bug_id = ?
                   $datepart
+                   $suppwhere
        ";
        push @args, $self->id;
        push @args, $starttime if defined $starttime;