#!/usr/bin/perl -wT # The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Original Code is the Bugzilla Bug Tracking System. # # The Initial Developer of the Original Code is Netscape Communications # Corporation. Portions created by Netscape are # Copyright (C) 1998 Netscape Communications Corporation. All # Rights Reserved. # # Contributor(s): Dave Miller # Joel Peshkin # Jacob Steenhagen # Vlad Dascalu # Frédéric Buclin use strict; use lib qw(. lib); use Bugzilla; use Bugzilla::Hook; use Bugzilla::Constants; use Bugzilla::Config qw(:admin); use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Group; use Bugzilla::Product; use Bugzilla::User; use Bugzilla::Token; use Bugzilla::Views; use constant SPECIAL_GROUPS => ('chartgroup', 'insidergroup', 'timetrackinggroup', 'querysharegroup'); my $ARGS = Bugzilla->input_params; my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; my $user = Bugzilla->login(LOGIN_REQUIRED); my $action = trim($ARGS->{action} || ''); my $token = $ARGS->{token}; # CheckGroupRegexp checks that the regular expression is valid # (the regular expression being optional, the test is successful # if none is given, as expected). The trimmed regular expression # is returned. sub CheckGroupRegexp { my ($regexp) = @_; $regexp = trim($regexp || ''); trick_taint($regexp); ThrowUserError("invalid_regexp") unless (eval {qr/$regexp/}); return $regexp; } # A helper for displaying the edit.html.tmpl template. sub get_current_and_available { my ($group, $vars) = @_; my @all_groups = Bugzilla::Group->get_all; my $members_current = { map { $_->id => $_ } @{$group->grant_direct(GROUP_MEMBERSHIP)} }; my $member_of_current = { map { $_->id => $_ } @{$group->granted_by_direct(GROUP_MEMBERSHIP)} }; my $bless_from_current = { map { $_->id => $_ } @{$group->grant_direct(GROUP_BLESS)} }; my $bless_to_current = { map { $_->id => $_ } @{$group->granted_by_direct(GROUP_BLESS)} }; my ($visible_from_current, $visible_to_me_current); if (Bugzilla->params->{usevisibilitygroups}) { $visible_from_current = { map { $_->id => $_ } @{$group->grant_direct(GROUP_VISIBLE)} }; $visible_to_me_current = { map { $_->id => $_ } @{$group->granted_by_direct(GROUP_VISIBLE)} }; } # Figure out what groups are not currently a member of this group, # and what groups this group is not currently a member of. my (@members_available, @member_of_available, @bless_from_available, @bless_to_available, @visible_from_available, @visible_to_me_available); foreach my $group_option (@all_groups) { if (Bugzilla->params->{usevisibilitygroups}) { push @visible_from_available, $group_option if !$visible_from_current->{$group_option->id}; push @visible_to_me_available, $group_option if !$visible_to_me_current->{$group_option->id}; } push @bless_from_available, $group_option if !$bless_from_current->{$group_option->id}; # The group itself should never show up in the membership lists, # and should show up in only one of the bless lists (otherwise # you can try to allow it to bless itself twice, leading to a # database unique constraint error). next if $group_option->id == $group->id; push @members_available, $group_option if !$members_current->{$group_option->id}; push @member_of_available, $group_option if !$member_of_current->{$group_option->id}; push @bless_to_available, $group_option if !$bless_to_current->{$group_option->id}; } $vars->{members_current} = [ sort { $a->name cmp $b->name } values %$members_current ]; $vars->{members_available} = [ sort { $a->name cmp $b->name } @members_available ]; $vars->{member_of_current} = [ sort { $a->name cmp $b->name } values %$member_of_current ]; $vars->{member_of_available} = [ sort { $a->name cmp $b->name } @member_of_available ]; $vars->{bless_from_current} = [ sort { $a->name cmp $b->name } values %$bless_from_current ]; $vars->{bless_from_available} = [ sort { $a->name cmp $b->name } @bless_from_available ]; $vars->{bless_to_current} = [ sort { $a->name cmp $b->name } values %$bless_to_current ]; $vars->{bless_to_available} = [ sort { $a->name cmp $b->name } @bless_to_available ]; if (Bugzilla->params->{usevisibilitygroups}) { $vars->{visible_from_current} = [ sort { $a->name cmp $b->name } values %$visible_from_current ]; $vars->{visible_from_available} = [ sort { $a->name cmp $b->name } @visible_from_available ]; $vars->{visible_to_me_current} = [ sort { $a->name cmp $b->name } values %$visible_to_me_current ]; $vars->{visible_to_me_available} = [ sort { $a->name cmp $b->name } @visible_to_me_available ]; } } # If no action is specified, get a list of groups the current user can bless # so he can enter 'editusersingroup' for them, or the list of all groups # available if he has 'creategroups' permissions. $vars->{allow_edit} = $user->in_group('creategroups'); unless ($action) { ListGroups($vars); exit; } # All other actions are protected by the 'creategroups' permission. $vars->{allow_edit} || ThrowUserError("auth_failure", { group => "creategroups", action => "edit", object => "groups", }); # # action='changeform' -> present form for altering an existing group # # (next action will be 'postchanges') # if ($action eq 'changeform') { # Check that an existing group ID is given my $group = Bugzilla::Group->check({ id => $ARGS->{group} }); get_current_and_available($group, $vars); $vars->{group} = $group; $vars->{token} = issue_session_token('edit_group'); $template->process("admin/groups/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } # # action='add' -> present form for parameters for new group # # (next action will be 'new') # if ($action eq 'add') { $vars->{token} = issue_session_token('add_group'); $template->process("admin/groups/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } # # action='new' -> add group entered in the 'action=add' screen # if ($action eq 'new') { check_token_data($token, 'add_group'); my $group = Bugzilla::Group->create({ name => $ARGS->{name}, description => $ARGS->{desc}, userregexp => $ARGS->{regexp}, isactive => $ARGS->{isactive}, icon_url => $ARGS->{icon_url}, isbuggroup => 1, }); # Permit all existing products to use the new group. if ($ARGS->{insertnew}) { $dbh->do( 'INSERT INTO group_control_map (group_id, product_id, membercontrol, othercontrol)'. ' SELECT ?, products.id, ?, ? FROM products', undef, $group->id, CONTROLMAPSHOWN, CONTROLMAPNA ); } Bugzilla::Hook::process('editgroups-post_create', { group => $group }); delete_token($token); $vars->{message} = 'group_created'; $vars->{group} = $group; get_current_and_available($group, $vars); $vars->{token} = issue_session_token('edit_group'); $template->process("admin/groups/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } # # action='del' -> ask if user really wants to delete # # (next action would be 'delete') # if ($action eq 'del') { # Check that an existing group ID is given my $group = Bugzilla::Group->check({ id => $ARGS->{group} }); $group->check_remove({ test_only => 1 }); $vars->{shared_queries} = $dbh->selectrow_array( 'SELECT COUNT(*) FROM namedquery_group_map WHERE group_id = ?', undef, $group->id ); $vars->{group} = $group; $vars->{token} = issue_session_token('delete_group'); $template->process("admin/groups/delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } # # action='delete' -> really delete the group # if ($action eq 'delete') { check_token_data($token, 'delete_group'); # Check that an existing group ID is given my $group = Bugzilla::Group->check({ id => $ARGS->{group} }); $vars->{name} = $group->name; $group->remove_from_db({ remove_from_users => $ARGS->{removeusers}, remove_from_bugs => $ARGS->{removebugs}, remove_from_flags => $ARGS->{removeflags}, remove_from_products => $ARGS->{unbind}, }); delete_token($token); Bugzilla::Hook::process('editgroups-post_delete', { group => $group }); Bugzilla::Views::refresh_some_views(); # Refresh fieldvaluecontrol cache Bugzilla->get_field('delta_ts')->touch; $vars->{message} = 'group_deleted'; ListGroups($vars); exit; } # # action='postchanges' -> update the groups # if ($action eq 'postchanges') { check_token_data($token, 'edit_group'); my $changes = doGroupChanges(); Bugzilla::Hook::process('editgroups-post_edit', {}); Bugzilla::Views::refresh_some_views(); # Refresh fieldvaluecontrol cache Bugzilla->get_field('delta_ts')->touch; delete_token($token); my $group = Bugzilla::Group->check({ id => $ARGS->{group_id} }); get_current_and_available($group, $vars); $vars->{message} = 'group_updated'; $vars->{group} = $group; $vars->{changes} = $changes; $vars->{token} = issue_session_token('edit_group'); $template->process("admin/groups/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } if ($action eq 'confirm_remove') { my $group = Bugzilla::Group->check({ id => $ARGS->{group_id} }); $vars->{group} = $group; $vars->{regexp} = CheckGroupRegexp($ARGS->{regexp}); $vars->{token} = issue_session_token('remove_group_members'); $template->process('admin/groups/confirm-remove.html.tmpl', $vars) || ThrowTemplateError($template->error()); exit; } if ($action eq 'remove_regexp') { check_token_data($token, 'remove_group_members'); # remove all explicit users from the group with # gid = $ARGS->{group} that match the regular expression # stored in the DB for that group or all of them period my $group = Bugzilla::Group->check({ id => $ARGS->{group_id} }); my $regexp = CheckGroupRegexp($ARGS->{regexp}); $dbh->bz_start_transaction(); my $del = [ grep { $_->login =~ m/$regexp/is } @{ $group->members_direct } ]; $group->remove_users($del, 0); $dbh->bz_commit_transaction(); $vars->{users} = $del; $vars->{regexp} = $regexp; Bugzilla::Hook::process('editgroups-post_remove_regexp', { deleted => $del }); Bugzilla::Views::refresh_some_views(); # Refresh fieldvaluecontrol cache Bugzilla->get_field('delta_ts')->touch; delete_token($token); $vars->{message} = 'group_membership_removed'; $vars->{group} = $group->name; ListGroups($vars); exit; } # # No valid action found # ThrowCodeError("action_unrecognized", $vars); # Helper sub to handle the making of changes to a group sub doGroupChanges { my $ARGS = Bugzilla->input_params; my $dbh = Bugzilla->dbh; $dbh->bz_start_transaction(); # Check that the given group ID is valid and make a Group. my $group = Bugzilla::Group->check({ id => $ARGS->{group_id} }); if (defined $ARGS->{regexp}) { $group->set_user_regexp($ARGS->{regexp}); } if ($group->is_bug_group) { if (defined $ARGS->{name}) { $group->set_name($ARGS->{name}); } if (defined $ARGS->{desc}) { $group->set_description($ARGS->{desc}); } # Only set isactive if we came from the right form. if (defined $ARGS->{regexp}) { $group->set_is_active($ARGS->{isactive}); } } if (defined $ARGS->{icon_url}) { $group->set_icon_url($ARGS->{icon_url}); } my $changes = $group->update(); my $sth_insert = $dbh->prepare( 'INSERT INTO group_group_map (member_id, grantor_id, grant_type) VALUES (?, ?, ?)' ); my $sth_delete = $dbh->prepare( 'DELETE FROM group_group_map WHERE member_id = ? AND grantor_id = ? AND grant_type = ?' ); # First item is the type, second is whether or not it's "reverse" # (granted_by) (see _do_add for more explanation). my %fields = ( members => [GROUP_MEMBERSHIP, 0], bless_from => [GROUP_BLESS, 0], visible_from => [GROUP_VISIBLE, 0], member_of => [GROUP_MEMBERSHIP, 1], bless_to => [GROUP_BLESS, 1], visible_to_me => [GROUP_VISIBLE, 1] ); while (my ($field, $data) = each %fields) { _do_add($group, $changes, $sth_insert, "${field}_add", $data->[0], $data->[1]); _do_remove($group, $changes, $sth_delete, "${field}_remove", $data->[0], $data->[1]); } $dbh->bz_commit_transaction(); return $changes; } sub _do_add { my ($group, $changes, $sth_insert, $field, $type, $reverse) = @_; my $current; # $reverse means we're doing a granted_by--that is, somebody else # is granting us something. if ($reverse) { $current = $group->granted_by_direct($type); } else { $current = $group->grant_direct($type); } my $add_items = Bugzilla::Group->new_from_list([ list(Bugzilla->input_params->{$field}) ]); foreach my $add (@$add_items) { next if grep($_->id == $add->id, @$current); $changes->{$field} ||= []; push @{$changes->{$field}}, $add->name; # They go this direction for a normal "This group is granting # $add something." my @ids = ($add->id, $group->id); # But they get reversed for "This group is being granted something # by $add." @ids = reverse @ids if $reverse; $sth_insert->execute(@ids, $type); } } sub _do_remove { my ($group, $changes, $sth_delete, $field, $type, $reverse) = @_; my $remove_items = Bugzilla::Group->new_from_list([ list(Bugzilla->input_params->{$field}) ]); foreach my $remove (@$remove_items) { my @ids = ($remove->id, $group->id); # See _do_add for an explanation of $reverse @ids = reverse @ids if $reverse; # Deletions always succeed and are harmless if they fail, so we # don't need to do any checks. $sth_delete->execute(@ids, $type); $changes->{$field} ||= []; push @{$changes->{$field}}, $remove->name; } } sub ListGroups { my ($vars) = @_; my $groups = $vars->{allow_edit} ? [ Bugzilla::Group->get_all ] : Bugzilla->user->bless_groups; $vars->{all_groups} = $groups; $vars->{pergroup} = Bugzilla::Group->get_per_group_permissions; Bugzilla->template->process("admin/groups/list.html.tmpl", $vars) || ThrowTemplateError(Bugzilla->template->error()); exit; }