Add "forbid_open_products" setting
parent
7c13c5e36e
commit
d31c230159
|
@ -109,6 +109,12 @@ sub get_param_list
|
|||
type => 'b',
|
||||
default => 0
|
||||
},
|
||||
|
||||
{
|
||||
name => 'forbid_open_products',
|
||||
type => 'b',
|
||||
default => 0
|
||||
},
|
||||
);
|
||||
return @param_list;
|
||||
}
|
||||
|
|
|
@ -168,8 +168,11 @@ sub update
|
|||
my $self = shift;
|
||||
my $dbh = Bugzilla->dbh;
|
||||
|
||||
my $is_new = !$self->id;
|
||||
|
||||
# Don't update the DB if something goes wrong below -> transaction.
|
||||
$dbh->bz_start_transaction();
|
||||
|
||||
# Bugzilla::Field::Choice is not a threat as we don't have 'value' field
|
||||
# Yet do not call its update() for the future
|
||||
my ($changes, $old_self) = Bugzilla::Object::update($self, @_);
|
||||
|
@ -266,14 +269,40 @@ sub update
|
|||
}
|
||||
|
||||
# Also update group settings.
|
||||
if ($self->{check_group_controls})
|
||||
if ($is_new || $self->{check_group_controls})
|
||||
{
|
||||
require Bugzilla::Bug;
|
||||
|
||||
my $old_settings = $old_self->group_controls;
|
||||
my $old_settings = !$is_new ? $old_self->group_controls : {};
|
||||
my $new_settings = $self->group_controls;
|
||||
my $timestamp = $dbh->selectrow_array('SELECT NOW()');
|
||||
|
||||
if (Bugzilla->config->{forbid_open_products})
|
||||
{
|
||||
my $has_mandatory = 0;
|
||||
my $has_entry = 0;
|
||||
foreach my $gid (keys %$new_settings)
|
||||
{
|
||||
if ($new_settings->{$gid}->{entry})
|
||||
{
|
||||
$has_entry = 1;
|
||||
}
|
||||
if ($new_settings->{$gid}->{membercontrol} == CONTROLMAPMANDATORY &&
|
||||
$new_settings->{$gid}->{othercontrol} == CONTROLMAPMANDATORY)
|
||||
{
|
||||
$has_mandatory = 1;
|
||||
}
|
||||
}
|
||||
if (!$has_mandatory)
|
||||
{
|
||||
ThrowUserError('product_mandatory_group_required');
|
||||
}
|
||||
if (!$has_entry)
|
||||
{
|
||||
ThrowUserError('product_entry_group_required');
|
||||
}
|
||||
}
|
||||
|
||||
foreach my $gid (keys %$new_settings)
|
||||
{
|
||||
my $old_setting = $old_settings->{$gid} || {};
|
||||
|
|
|
@ -374,8 +374,9 @@ if ($action eq 'updategroupcontrols')
|
|||
my $product = $user->check_can_admin_product($product_name);
|
||||
check_token_data($token, 'edit_group_controls');
|
||||
|
||||
my @now_na = ();
|
||||
my @now_mandatory = ();
|
||||
my @now_na;
|
||||
my @now_mandatory;
|
||||
my @now_entry;
|
||||
my %membercontrol_g;
|
||||
my %othercontrol_g;
|
||||
foreach my $f (keys %$ARGS)
|
||||
|
|
|
@ -31,32 +31,37 @@
|
|||
"If this is on, $terms.Bugzilla will by default associate newly created groups"
|
||||
_ " with each product in the database. Generally only useful for small databases.",
|
||||
|
||||
chartgroup => "The name of the group of users who can use the 'New Charts' " _
|
||||
"feature. Administrators should ensure that the public categories " _
|
||||
"and series definitions do not divulge confidential information " _
|
||||
"before enabling this for an untrusted population. If left blank, " _
|
||||
"no users will be able to use New Charts.",
|
||||
chartgroup =>
|
||||
"The name of the group of users who can use the 'New Charts' "
|
||||
_ "feature. Administrators should ensure that the public categories "
|
||||
_ "and series definitions do not divulge confidential information "
|
||||
_ "before enabling this for an untrusted population. If left blank, "
|
||||
_ "no users will be able to use New Charts.",
|
||||
|
||||
insidergroup => "The name of the group of users who can see/change private " _
|
||||
"comments and attachments.",
|
||||
insidergroup =>
|
||||
"The name of the group of users who can see/change private "
|
||||
_ "comments and attachments.",
|
||||
|
||||
timetrackinggroup => "The name of the group of users who can see/change time tracking " _
|
||||
"information.",
|
||||
timetrackinggroup =>
|
||||
"The name of the group of users who can see/change time tracking information.",
|
||||
|
||||
querysharegroup => "The name of the group of users who can share their " _
|
||||
"saved searches with others.",
|
||||
querysharegroup =>
|
||||
"The name of the group of users who can share their saved searches with others.",
|
||||
|
||||
usevisibilitygroups =>
|
||||
"<p>Do you wish to restrict visibility of users to members of specific groups,"
|
||||
_ " based on the configuration specified in group settings?</p>"
|
||||
_ "<p>If yes, each group can be allowed to see members of selected other groups.</p>",
|
||||
|
||||
strict_isolation => "Don't allow users to be assigned to, " _
|
||||
"be qa-contacts on, " _
|
||||
"be added to CC list, " _
|
||||
"or make or remove dependencies " _
|
||||
"involving any bug that is in a product on which that " _
|
||||
"user is forbidden to edit.",
|
||||
strict_isolation =>
|
||||
"Don't allow users to be assigned to, be qa-contacts on, "
|
||||
_ "be added to CC list, or make or remove dependencies "
|
||||
_ "involving any bug that is in a product on which that "
|
||||
_ "user is forbidden to edit.",
|
||||
|
||||
forbid_open_products =>
|
||||
"Don't allow 'open' products, i.e. force everyone to set at least"
|
||||
_ " one MANDATORY/MANDATORY and one ENTRY group for each product."
|
||||
_ " This is checked for new products and for products whose group controls are being modified.",
|
||||
}
|
||||
%]
|
||||
|
|
|
@ -1602,6 +1602,19 @@
|
|||
"[% suggested | html %]"?
|
||||
[% END %]
|
||||
|
||||
[% BLOCK error_product_mandatory_group_required %]
|
||||
Bugzilla group security policy requires that all products have at least
|
||||
one group which is set as MANDATORY/MANDATORY, which means that only users of
|
||||
this group or users explicitly added as CC/Assignee/QA may access bugs in
|
||||
the corresponding product.
|
||||
[% END %]
|
||||
|
||||
[% BLOCK error_product_entry_group_required %]
|
||||
[% terms.Bugzilla %] group security policy requires that all products have at least
|
||||
one group which is set as ENTRY, which means that only users of
|
||||
this group may file new bugs in the corresponding product.
|
||||
[% END %]
|
||||
|
||||
[% BLOCK error_product_name_already_in_use %]
|
||||
[% title = "Product name already exists" %]
|
||||
[% admindocslinks = {'products.html' => 'Administering products'} %]
|
||||
|
|
Loading…
Reference in New Issue