360 lines
7.5 KiB
HTML
360 lines
7.5 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Customizing Who Can Change What</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
|
|
REL="HOME"
|
|
TITLE="The Bugzilla Guide - 3.6.1
|
|
Release"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Customizing Bugzilla"
|
|
HREF="customization.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Template Customization"
|
|
HREF="cust-templates.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Integrating Bugzilla with Third-Party Tools"
|
|
HREF="integration.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>The Bugzilla Guide - 3.6.1
|
|
Release</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="cust-templates.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 6. Customizing Bugzilla</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="integration.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="cust-change-permissions"
|
|
>6.4. Customizing Who Can Change What</A
|
|
></H1
|
|
><DIV
|
|
CLASS="warning"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="warning"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/warning.gif"
|
|
HSPACE="5"
|
|
ALT="Warning"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> This feature should be considered experimental; the Bugzilla code you
|
|
will be changing is not stable, and could change or move between
|
|
versions. Be aware that if you make modifications as outlined here,
|
|
you may have
|
|
to re-make them or port them if Bugzilla changes internally between
|
|
versions, and you upgrade.
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
> Companies often have rules about which employees, or classes of employees,
|
|
are allowed to change certain things in the bug system. For example,
|
|
only the bug's designated QA Contact may be allowed to VERIFY the bug.
|
|
Bugzilla has been
|
|
designed to make it easy for you to write your own custom rules to define
|
|
who is allowed to make what sorts of value transition.
|
|
</P
|
|
><P
|
|
> By default, assignees, QA owners and users
|
|
with <EM
|
|
>editbugs</EM
|
|
> privileges can edit all fields of bugs,
|
|
except group restrictions (unless they are members of the groups they
|
|
are trying to change). Bug reporters also have the ability to edit some
|
|
fields, but in a more restrictive manner. Other users, without
|
|
<EM
|
|
>editbugs</EM
|
|
> privileges, can not edit
|
|
bugs, except to comment and add themselves to the CC list.
|
|
</P
|
|
><P
|
|
> For maximum flexibility, customizing this means editing Bugzilla's Perl
|
|
code. This gives the administrator complete control over exactly who is
|
|
allowed to do what. The relevant method is called
|
|
<TT
|
|
CLASS="filename"
|
|
>check_can_change_field()</TT
|
|
>,
|
|
and is found in <TT
|
|
CLASS="filename"
|
|
>Bug.pm</TT
|
|
> in your
|
|
Bugzilla/ directory. If you open that file and search for
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"sub check_can_change_field"</SPAN
|
|
>, you'll find it.
|
|
</P
|
|
><P
|
|
> This function has been carefully commented to allow you to see exactly
|
|
how it works, and give you an idea of how to make changes to it.
|
|
Certain marked sections should not be changed - these are
|
|
the <SPAN
|
|
CLASS="QUOTE"
|
|
>"plumbing"</SPAN
|
|
> which makes the rest of the function work.
|
|
In between those sections, you'll find snippets of code like:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> # Allow the assignee to change anything.
|
|
if ($ownerid eq $whoid) {
|
|
return 1;
|
|
}</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
It's fairly obvious what this piece of code does.
|
|
</P
|
|
><P
|
|
> So, how does one go about changing this function? Well, simple changes
|
|
can be made just by removing pieces - for example, if you wanted to
|
|
prevent any user adding a comment to a bug, just remove the lines marked
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"Allow anyone to change comments."</SPAN
|
|
> If you don't want the
|
|
Reporter to have any special rights on bugs they have filed, just
|
|
remove the entire section that deals with the Reporter.
|
|
</P
|
|
><P
|
|
> More complex customizations are not much harder. Basically, you add
|
|
a check in the right place in the function, i.e. after all the variables
|
|
you are using have been set up. So, don't look at $ownerid before
|
|
$ownerid has been obtained from the database. You can either add a
|
|
positive check, which returns 1 (allow) if certain conditions are true,
|
|
or a negative check, which returns 0 (deny.) E.g.:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> if ($field eq "qacontact") {
|
|
if (Bugzilla->user->in_group("quality_assurance")) {
|
|
return 1;
|
|
}
|
|
else {
|
|
return 0;
|
|
}
|
|
}</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
This says that only users in the group "quality_assurance" can change
|
|
the QA Contact field of a bug.
|
|
</P
|
|
><P
|
|
> Getting more weird:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> if (($field eq "priority") &&
|
|
(Bugzilla->user->email =~ /.*\@example\.com$/))
|
|
{
|
|
if ($oldvalue eq "P1") {
|
|
return 1;
|
|
}
|
|
else {
|
|
return 0;
|
|
}
|
|
}</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
This says that if the user is trying to change the priority field,
|
|
and their email address is @example.com, they can only do so if the
|
|
old value of the field was "P1". Not very useful, but illustrative.
|
|
</P
|
|
><DIV
|
|
CLASS="warning"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="warning"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/warning.gif"
|
|
HSPACE="5"
|
|
ALT="Warning"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> If you are modifying <TT
|
|
CLASS="filename"
|
|
>process_bug.cgi</TT
|
|
> in any
|
|
way, do not change the code that is bounded by DO_NOT_CHANGE blocks.
|
|
Doing so could compromise security, or cause your installation to
|
|
stop working entirely.
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
> For a list of possible field names, look at the bugs table in the
|
|
database. If you need help writing custom rules for your organization,
|
|
ask in the newsgroup.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="cust-templates.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="integration.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Template Customization</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="customization.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Integrating Bugzilla with Third-Party Tools</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |