vitalif
/
bugzilla-4intranet
mirror of https://github.com/vitalif/bugzilla-4intranet
1
0
Fork 0
Code Issues Releases Wiki Activity

Add "forbid_open_products" setting

beta
Vitaliy Filippov 2018-12-21 18:12:41 +03:00
parent 7c13c5e36e
commit d31c230159
5 changed files with 75 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Bugzilla/Config/GroupSecurity.pm
View File

@ -109,6 +109,12 @@ sub get_param_list
type => 'b',
default => 0
},
{
name => 'forbid_open_products',
type => 'b',
default => 0
},
);
return @param_list;
}

33
Bugzilla/Product.pm
View File

@ -168,8 +168,11 @@ sub update
my $self = shift;
my $dbh = Bugzilla->dbh;
my $is_new = !$self->id;
# Don't update the DB if something goes wrong below -> transaction.
$dbh->bz_start_transaction();
# Bugzilla::Field::Choice is not a threat as we don't have 'value' field
# Yet do not call its update() for the future
my ($changes, $old_self) = Bugzilla::Object::update($self, @_);
@ -266,14 +269,40 @@ sub update
}
# Also update group settings.
if ($self->{check_group_controls})
if ($is_new || $self->{check_group_controls})
{
require Bugzilla::Bug;
my $old_settings = $old_self->group_controls;
my $old_settings = !$is_new ? $old_self->group_controls : {};
my $new_settings = $self->group_controls;
my $timestamp = $dbh->selectrow_array('SELECT NOW()');
if (Bugzilla->config->{forbid_open_products})
{
my $has_mandatory = 0;
my $has_entry = 0;
foreach my $gid (keys %$new_settings)
{
if ($new_settings->{$gid}->{entry})
{
$has_entry = 1;
}
if ($new_settings->{$gid}->{membercontrol} == CONTROLMAPMANDATORY &&
$new_settings->{$gid}->{othercontrol} == CONTROLMAPMANDATORY)
{
$has_mandatory = 1;
}
}
if (!$has_mandatory)
{
ThrowUserError('product_mandatory_group_required');
}
if (!$has_entry)
{
ThrowUserError('product_entry_group_required');
}
}
foreach my $gid (keys %$new_settings)
{
my $old_setting = $old_settings->{$gid} || {};

5
editproducts.cgi
View File

@ -374,8 +374,9 @@ if ($action eq 'updategroupcontrols')
my $product = $user->check_can_admin_product($product_name);
check_token_data($token, 'edit_group_controls');
my @now_na = ();
my @now_mandatory = ();
my @now_na;
my @now_mandatory;
my @now_entry;
my %membercontrol_g;
my %othercontrol_g;
foreach my $f (keys %$ARGS)

39
template/en/default/admin/params/groupsecurity.html.tmpl
View File

@ -31,32 +31,37 @@
"If this is on, $terms.Bugzilla will by default associate newly created groups"
_ " with each product in the database. Generally only useful for small databases.",
chartgroup => "The name of the group of users who can use the 'New Charts' " _
"feature. Administrators should ensure that the public categories " _
"and series definitions do not divulge confidential information " _
"before enabling this for an untrusted population. If left blank, " _
"no users will be able to use New Charts.",
chartgroup =>
"The name of the group of users who can use the 'New Charts' "
_ "feature. Administrators should ensure that the public categories "
_ "and series definitions do not divulge confidential information "
_ "before enabling this for an untrusted population. If left blank, "
_ "no users will be able to use New Charts.",
insidergroup => "The name of the group of users who can see/change private " _
"comments and attachments.",
insidergroup =>
"The name of the group of users who can see/change private "
_ "comments and attachments.",
timetrackinggroup => "The name of the group of users who can see/change time tracking " _
"information.",
timetrackinggroup =>
"The name of the group of users who can see/change time tracking information.",
querysharegroup => "The name of the group of users who can share their " _
"saved searches with others.",
querysharegroup =>
"The name of the group of users who can share their saved searches with others.",
usevisibilitygroups =>
"<p>Do you wish to restrict visibility of users to members of specific groups,"
_ " based on the configuration specified in group settings?</p>"
_ "<p>If yes, each group can be allowed to see members of selected other groups.</p>",
strict_isolation => "Don't allow users to be assigned to, " _
"be qa-contacts on, " _
"be added to CC list, " _
"or make or remove dependencies " _
"involving any bug that is in a product on which that " _
"user is forbidden to edit.",
strict_isolation =>
"Don't allow users to be assigned to, be qa-contacts on, "
_ "be added to CC list, or make or remove dependencies "
_ "involving any bug that is in a product on which that "
_ "user is forbidden to edit.",
forbid_open_products =>
"Don't allow 'open' products, i.e. force everyone to set at least"
_ " one MANDATORY/MANDATORY and one ENTRY group for each product."
_ " This is checked for new products and for products whose group controls are being modified.",
}
%]

13
template/en/default/global/user-error.html.tmpl
View File

@ -1602,6 +1602,19 @@
"[% suggested | html %]"?
[% END %]
[% BLOCK error_product_mandatory_group_required %]
Bugzilla group security policy requires that all products have at least
one group which is set as MANDATORY/MANDATORY, which means that only users of
this group or users explicitly added as CC/Assignee/QA may access bugs in
the corresponding product.
[% END %]
[% BLOCK error_product_entry_group_required %]
[% terms.Bugzilla %] group security policy requires that all products have at least
one group which is set as ENTRY, which means that only users of
this group may file new bugs in the corresponding product.
[% END %]
[% BLOCK error_product_name_already_in_use %]
[% title = "Product name already exists" %]
[% admindocslinks = {'products.html' => 'Administering products'} %]