Bug 233486: Only process groups user is supposed to be able to bless in editgroups.cgi

r=justdave a=justdave

Bug 233486: Only process groups user is supposed to be able to bless in editgroups.cgi
0066e681 · bugreport%peshkin.net · dbce51e8 · 0066e681
Commit 0066e681 authored Jul 10, 2004 by bugreport%peshkin.net
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

editusers.cgi editusers.cgi +2 -1

No files found.
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -155,7 +155,7 @@ sub EmitFormElements ($$$$)
            print "<TD COLSPAN=2 ALIGN=LEFT><B>User is a member of these groups</B></TD>\n";
            while (MoreSQLData()) {
                my ($groupid, $name, $description, $checked, $isderived, $isregexp) = FetchSQLData();
-                next if (!$editall && !UserCanBlessGroup($name));
+                next unless ($editall || UserCanBlessGroup($name));
                PushGlobalSQLState();
                SendSQL("SELECT user_id " .
                        "FROM user_group_map " .
@@ -762,6 +762,7 @@ if ($action eq 'update') {
    my $chggrp = 0;
    SendSQL("SELECT id, name FROM groups");
    while (my ($groupid, $name) = FetchSQLData()) {
+        next unless ($editall || UserCanBlessGroup($name));
        if ($::FORM{"oldgroup_$groupid"} != ($::FORM{"group_$groupid"} ? 1 : 0)) {
            # group membership changed
            PushGlobalSQLState();