351 lines
13 KiB
Perl
Executable File
351 lines
13 KiB
Perl
Executable File
#!/usr/bin/perl -wT
|
|
# The contents of this file are subject to the Mozilla Public
|
|
# License Version 1.1 (the "License"); you may not use this file
|
|
# except in compliance with the License. You may obtain a copy of
|
|
# the License at http://www.mozilla.org/MPL/
|
|
#
|
|
# Software distributed under the License is distributed on an "AS
|
|
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
# implied. See the License for the specific language governing
|
|
# rights and limitations under the License.
|
|
#
|
|
# The Original Code is the Bugzilla Bug Tracking System.
|
|
#
|
|
# The Initial Developer of the Original Code is Netscape Communications
|
|
# Corporation. Portions created by Netscape are
|
|
# Copyright (C) 1998 Netscape Communications Corporation. All
|
|
# Rights Reserved.
|
|
#
|
|
# Contributor(s): Myk Melez <myk@mozilla.org>
|
|
# Frédéric Buclin <LpSolit@gmail.com>
|
|
|
|
use strict;
|
|
|
|
use lib qw(. lib);
|
|
|
|
use Bugzilla;
|
|
use Bugzilla::Util;
|
|
use Bugzilla::Error;
|
|
use Bugzilla::Flag;
|
|
use Bugzilla::FlagType;
|
|
use Bugzilla::User;
|
|
use Bugzilla::Product;
|
|
use Bugzilla::Component;
|
|
|
|
# Make sure the user is logged in.
|
|
my $user = Bugzilla->login();
|
|
my $ARGS = Bugzilla->input_params;
|
|
# Force the script to run against the shadow DB. We already validated credentials.
|
|
Bugzilla->switch_to_shadow_db;
|
|
my $template = Bugzilla->template;
|
|
my $action = $ARGS->{action} || '';
|
|
|
|
my $fields;
|
|
$fields->{requester}->{type} = 'single';
|
|
# If the user doesn't restrict his search to requests from the wind
|
|
# (requestee ne '-'), include the requestee for completion.
|
|
unless (defined $ARGS->{requestee} && $ARGS->{requestee} eq '-')
|
|
{
|
|
$fields->{requestee}->{type} = 'single';
|
|
}
|
|
|
|
Bugzilla::User::match_field($fields);
|
|
|
|
if ($action eq 'queue')
|
|
{
|
|
queue();
|
|
}
|
|
else
|
|
{
|
|
my $flagtypes = get_flag_types();
|
|
my @types = ('all', @$flagtypes);
|
|
my $vars = {};
|
|
$vars->{types} = \@types;
|
|
$vars->{requests} = {};
|
|
my %components;
|
|
foreach my $prod (@{$user->get_selectable_products})
|
|
{
|
|
foreach my $comp (@{$prod->components})
|
|
{
|
|
$components{$comp->name} = 1;
|
|
}
|
|
}
|
|
$vars->{components} = [ sort { $a cmp $b } keys %components ];
|
|
$template->process('request/queue.html.tmpl', $vars)
|
|
|| ThrowTemplateError($template->error());
|
|
}
|
|
exit;
|
|
|
|
################################################################################
|
|
# Functions
|
|
################################################################################
|
|
|
|
sub queue
|
|
{
|
|
my $ARGS = Bugzilla->input_params;
|
|
my $dbh = Bugzilla->dbh;
|
|
my $template = Bugzilla->template;
|
|
my $user = Bugzilla->user;
|
|
my $userid = $user->id;
|
|
my $vars = {};
|
|
|
|
my $status = validateStatus($ARGS->{status});
|
|
my $form_group = validateGroup($ARGS->{group});
|
|
|
|
# Select columns describing each flag, the bug/attachment on which
|
|
# it has been set, who set it, and of whom they are requesting it.
|
|
my $query = " SELECT flags.id, flagtypes.name, flags.status,".
|
|
" flags.bug_id, bugs.short_desc, products.name, components.name,".
|
|
" flags.attach_id, attachments.description, requesters.realname,".
|
|
" requesters.login_name, requestees.realname, requestees.login_name,".
|
|
$dbh->sql_date_format('flags.modification_date', '%Y.%m.%d %H:%i').
|
|
# Use the flags and flagtypes tables for information about the flags,
|
|
# the bugs and attachments tables for target info, the profiles tables
|
|
# for setter and requestee info, the products/components tables
|
|
# so we can display product and component names, and the bug_group_map
|
|
# table to help us weed out secure bugs to which the user should not have
|
|
# access.
|
|
" FROM flags".
|
|
" LEFT JOIN attachments ON flags.attach_id = attachments.attach_id".
|
|
" INNER JOIN flagtypes ON flags.type_id = flagtypes.id".
|
|
" INNER JOIN profiles AS requesters ON flags.setter_id = requesters.userid".
|
|
" LEFT JOIN profiles AS requestees ON flags.requestee_id = requestees.userid".
|
|
" INNER JOIN bugs ON flags.bug_id = bugs.bug_id".
|
|
" INNER JOIN products ON bugs.product_id = products.id".
|
|
" INNER JOIN components ON bugs.component_id = components.id".
|
|
" LEFT JOIN bug_group_map AS bgmap ON bgmap.bug_id = bugs.bug_id".
|
|
" AND bgmap.group_id NOT IN (" . $user->groups_as_string . ")".
|
|
" LEFT JOIN cc AS ccmap ON ccmap.who = $userid AND ccmap.bug_id = bugs.bug_id".
|
|
# Weed out bugs the user does not have access to
|
|
" WHERE (bgmap.group_id IS NULL OR (ccmap.who IS NOT NULL AND cclist_accessible=1)".
|
|
" OR (bugs.reporter = $userid AND bugs.reporter_accessible=1)".
|
|
" OR (bugs.assigned_to = $userid) ".
|
|
(Bugzilla->get_field('qa_contact')->enabled ? " OR (bugs.qa_contact=$userid))" : ")");
|
|
|
|
unless ($user->is_insider)
|
|
{
|
|
$query .= " AND (attachments.attach_id IS NULL".
|
|
" OR attachments.isprivate=0 OR attachments.submitter_id=$userid)";
|
|
}
|
|
|
|
# Limit query to pending requests.
|
|
$query .= " AND flags.status = '?'" unless $status;
|
|
|
|
# The set of criteria by which we filter records to display in the queue.
|
|
my @criteria = ();
|
|
|
|
# A list of columns to exclude from the report because the report conditions
|
|
# limit the data being displayed to exact matches for those columns.
|
|
# In other words, if we are only displaying "pending" , we don't
|
|
# need to display a "status" column in the report because the value for that
|
|
# column will always be the same.
|
|
my @excluded_columns = ();
|
|
|
|
# Filter requests by status: "pending", "granted", "denied", "all"
|
|
# (which means any), or "fulfilled" (which means "granted" or "denied").
|
|
if ($status)
|
|
{
|
|
if ($status eq "+-")
|
|
{
|
|
push @criteria, "flags.status IN ('+', '-')";
|
|
push @excluded_columns, 'status' unless $ARGS->{do_union};
|
|
}
|
|
elsif ($status ne "all")
|
|
{
|
|
push @criteria, "flags.status = '$status'";
|
|
push @excluded_columns, 'status' unless $ARGS->{do_union};
|
|
}
|
|
}
|
|
|
|
# Filter results by exact email address of requester or requestee.
|
|
if (defined $ARGS->{requester} && $ARGS->{requester} ne "")
|
|
{
|
|
my $requester = $dbh->quote($ARGS->{requester});
|
|
trick_taint($requester); # Quoted above
|
|
push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
|
|
push(@excluded_columns, 'requester') unless $ARGS->{do_union};
|
|
}
|
|
if (defined $ARGS->{requestee} && $ARGS->{requestee} ne "")
|
|
{
|
|
if ($ARGS->{requestee} ne "-")
|
|
{
|
|
my $requestee = $dbh->quote($ARGS->{requestee});
|
|
trick_taint($requestee); # Quoted above
|
|
push @criteria, $dbh->sql_istrcmp('requestees.login_name', $requestee);
|
|
}
|
|
else
|
|
{
|
|
push @criteria, "flags.requestee_id IS NULL";
|
|
}
|
|
push @excluded_columns, 'requestee' unless $ARGS->{do_union};
|
|
}
|
|
|
|
# Filter results by exact product or component.
|
|
if (defined $ARGS->{product} && $ARGS->{product} ne "")
|
|
{
|
|
my $product = Bugzilla::Product->check($ARGS->{product});
|
|
push @criteria, "bugs.product_id = " . $product->id;
|
|
push @excluded_columns, 'product' unless $ARGS->{do_union};
|
|
if (defined $ARGS->{component} && $ARGS->{component} ne "")
|
|
{
|
|
my $component = Bugzilla::Component->check({
|
|
product => $product, name => $ARGS->{component}
|
|
});
|
|
push @criteria, "bugs.component_id = " . $component->id;
|
|
push @excluded_columns, 'component' unless $ARGS->{do_union};
|
|
}
|
|
}
|
|
|
|
# Filter results by flag types.
|
|
my $form_type = $ARGS->{type};
|
|
if (defined $form_type && !grep($form_type eq $_, ("", "all")))
|
|
{
|
|
# Check if any matching types are for attachments. If not, don't show
|
|
# the attachment column in the report.
|
|
my $has_attachment_type = Bugzilla::FlagType::count({
|
|
name => $form_type, target_type => 'attachment'
|
|
});
|
|
if (!$has_attachment_type)
|
|
{
|
|
push @excluded_columns, 'attachment';
|
|
}
|
|
my $quoted_form_type = $dbh->quote($form_type);
|
|
trick_taint($quoted_form_type); # Already SQL quoted
|
|
push @criteria, "flagtypes.name = " . $quoted_form_type;
|
|
push @excluded_columns, 'type' unless $ARGS->{do_union};
|
|
}
|
|
|
|
# Add the criteria to the query. We do an intersection by default
|
|
# but do a union if the "do_union" URL parameter (for which there is no UI
|
|
# because it's an advanced feature that people won't usually want) is true.
|
|
my $and_or = $ARGS->{do_union} ? " OR " : " AND ";
|
|
$query .= " AND (" . join($and_or, @criteria) . ") " if scalar @criteria;
|
|
|
|
# Group the records by flag ID so we don't get multiple rows of data
|
|
# for each flag. This is only necessary because of the code that
|
|
# removes flags on bugs the user is unauthorized to access.
|
|
$query .= ' GROUP BY flags.id, flagtypes.name, flags.status, flags.bug_id,'.
|
|
' bugs.short_desc, products.name, components.name, flags.attach_id,'.
|
|
' attachments.description, requesters.realname,'.
|
|
' requesters.login_name, requestees.realname,'.
|
|
' requestees.login_name, flags.modification_date,'.
|
|
' cclist_accessible, bugs.reporter, bugs.reporter_accessible,'.
|
|
' bugs.assigned_to';
|
|
|
|
# Group the records, in other words order them by the group column
|
|
# so the loop in the display template can break them up into separate
|
|
# tables every time the value in the group column changes.
|
|
|
|
$form_group ||= "requestee";
|
|
if ($form_group eq "requester")
|
|
{
|
|
$query .= " ORDER BY requesters.realname, requesters.login_name";
|
|
}
|
|
elsif ($form_group eq "requestee")
|
|
{
|
|
$query .= " ORDER BY requestees.realname, requestees.login_name";
|
|
}
|
|
elsif ($form_group eq "category")
|
|
{
|
|
$query .= " ORDER BY products.name, components.name";
|
|
}
|
|
elsif ($form_group eq "type")
|
|
{
|
|
$query .= " ORDER BY flagtypes.name";
|
|
}
|
|
|
|
# Order the records (within each group).
|
|
$query .= " , flags.modification_date";
|
|
|
|
# Pass the query to the template for use when debugging this script.
|
|
$vars->{query} = $query;
|
|
$vars->{debug} = $ARGS->{debug} ? 1 : 0;
|
|
|
|
my $results = $dbh->selectall_arrayref($query);
|
|
my @requests = ();
|
|
foreach my $result (@$results)
|
|
{
|
|
my @data = @$result;
|
|
my $request = {
|
|
id => $data[0],
|
|
type => $data[1],
|
|
status => $data[2],
|
|
bug_id => $data[3],
|
|
bug_summary => $data[4],
|
|
category => "$data[5]: $data[6]",
|
|
attach_id => $data[7],
|
|
attach_summary => $data[8],
|
|
requester => ($data[9] ? "$data[9] <$data[10]>" : $data[10]),
|
|
requestee => ($data[11] ? "$data[11] <$data[12]>" : $data[12]),
|
|
created => $data[13],
|
|
};
|
|
push @requests, $request;
|
|
}
|
|
|
|
# Get a list of request type names to use in the filter form.
|
|
my @types = ("all");
|
|
my $flagtypes = get_flag_types();
|
|
push @types, @$flagtypes;
|
|
|
|
$vars->{excluded_columns} = \@excluded_columns;
|
|
$vars->{group_field} = $form_group;
|
|
$vars->{requests} = \@requests;
|
|
$vars->{types} = \@types;
|
|
$vars->{selected_requester} = $ARGS->{requester};
|
|
$vars->{selected_product} = $ARGS->{product};
|
|
$vars->{selected_component} = $ARGS->{component};
|
|
$vars->{selected_type} = $ARGS->{type};
|
|
$vars->{selected_status} = $ARGS->{status};
|
|
$vars->{selected_group} = $ARGS->{group};
|
|
|
|
my %components;
|
|
foreach my $prod (@{$user->get_selectable_products})
|
|
{
|
|
foreach my $comp (@{$prod->components})
|
|
{
|
|
$components{$comp->name} = 1;
|
|
}
|
|
}
|
|
$vars->{components} = [ sort { $a cmp $b } keys %components ];
|
|
|
|
# Generate and return the UI (HTML page) from the appropriate template.
|
|
$template->process("request/queue.html.tmpl", $vars)
|
|
|| ThrowTemplateError($template->error());
|
|
}
|
|
|
|
################################################################################
|
|
# Data Validation / Security Authorization
|
|
################################################################################
|
|
|
|
sub validateStatus
|
|
{
|
|
my $status = shift;
|
|
return if !defined $status;
|
|
grep($status eq $_, qw(? +- + - all))
|
|
|| ThrowCodeError("flag_status_invalid", { status => $status });
|
|
trick_taint($status);
|
|
return $status;
|
|
}
|
|
|
|
sub validateGroup
|
|
{
|
|
my $group = shift;
|
|
return if !defined $group;
|
|
grep($group eq $_, qw(requester requestee category type))
|
|
|| ThrowCodeError("request_queue_group_invalid", { group => $group });
|
|
trick_taint($group);
|
|
return $group;
|
|
}
|
|
|
|
# Returns all flag types which have at least one flag of this type.
|
|
# If a flag type is inactive but still has flags, we want it.
|
|
sub get_flag_types
|
|
{
|
|
my $dbh = Bugzilla->dbh;
|
|
my $flag_types = $dbh->selectcol_arrayref(
|
|
'SELECT DISTINCT name FROM flagtypes'.
|
|
' WHERE flagtypes.id IN (SELECT DISTINCT type_id FROM flags) ORDER BY name'
|
|
);
|
|
return $flag_types;
|
|
}
|