2 # This Source Code Form is subject to the terms of the Mozilla Public
3 # License, v. 2.0. If a copy of the MPL was not distributed with this
4 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 # This Source Code Form is "Incompatible With Secondary Licenses", as
7 # defined by the Mozilla Public License, v. 2.0.
16 use Bugzilla
::Constants
;
17 use Bugzilla
::Config
qw(:admin);
21 use Bugzilla
::Product
;
25 my $cgi = Bugzilla
->cgi;
26 my $dbh = Bugzilla
->dbh;
27 my $template = Bugzilla
->template;
30 my $user = Bugzilla
->login(LOGIN_REQUIRED
);
34 $user->in_group('creategroups')
35 || ThrowUserError
("auth_failure",
36 {group
=> "creategroups", action
=> "edit", object
=> "groups"});
38 my $action = trim
($cgi->param('action') || '');
39 my $token = $cgi->param('token');
41 # CheckGroupID checks that a positive integer is given and is
42 # actually a valid group ID. If all tests are successful, the
43 # trimmed group ID is returned.
47 $group_id = trim
($group_id || 0);
48 ThrowUserError
("group_not_specified") unless $group_id;
50 detaint_natural
($group_id) && Bugzilla
->dbh->selectrow_array(
51 "SELECT id FROM groups WHERE id = ?",
54 ) || ThrowUserError
("invalid_group_ID");
58 # CheckGroupRegexp checks that the regular expression is valid
59 # (the regular expression being optional, the test is successful
60 # if none is given, as expected). The trimmed regular expression
63 sub CheckGroupRegexp
{
65 $regexp = trim
($regexp || '');
67 ThrowUserError
("invalid_regexp") unless (eval {qr/$regexp/});
71 # A helper for displaying the edit.html.tmpl template.
72 sub get_current_and_available
{
73 my ($group, $vars) = @_;
75 my @all_groups = Bugzilla
::Group
->get_all;
76 my @members_current = @
{$group->grant_direct(GROUP_MEMBERSHIP
)};
77 my @member_of_current = @
{$group->granted_by_direct(GROUP_MEMBERSHIP
)};
78 my @bless_from_current = @
{$group->grant_direct(GROUP_BLESS
)};
79 my @bless_to_current = @
{$group->granted_by_direct(GROUP_BLESS
)};
80 my (@visible_from_current, @visible_to_me_current);
81 if (Bugzilla
->params->{'usevisibilitygroups'}) {
82 @visible_from_current = @
{$group->grant_direct(GROUP_VISIBLE
)};
83 @visible_to_me_current = @
{$group->granted_by_direct(GROUP_VISIBLE
)};
86 # Figure out what groups are not currently a member of this group,
87 # and what groups this group is not currently a member of.
89 @members_available, @member_of_available, @bless_from_available,
90 @bless_to_available, @visible_from_available, @visible_to_me_available
92 foreach my $group_option (@all_groups) {
93 if (Bugzilla
->params->{'usevisibilitygroups'}) {
94 push(@visible_from_available, $group_option)
95 if !grep($_->id == $group_option->id, @visible_from_current);
96 push(@visible_to_me_available, $group_option)
97 if !grep($_->id == $group_option->id, @visible_to_me_current);
100 push(@bless_from_available, $group_option)
101 if !grep($_->id == $group_option->id, @bless_from_current);
103 # The group itself should never show up in the membership lists,
104 # and should show up in only one of the bless lists (otherwise
105 # you can try to allow it to bless itself twice, leading to a
106 # database unique constraint error).
107 next if $group_option->id == $group->id;
109 push(@members_available, $group_option)
110 if !grep($_->id == $group_option->id, @members_current);
111 push(@member_of_available, $group_option)
112 if !grep($_->id == $group_option->id, @member_of_current);
113 push(@bless_to_available, $group_option)
114 if !grep($_->id == $group_option->id, @bless_to_current);
117 $vars->{'members_current'} = \
@members_current;
118 $vars->{'members_available'} = \
@members_available;
119 $vars->{'member_of_current'} = \
@member_of_current;
120 $vars->{'member_of_available'} = \
@member_of_available;
122 $vars->{'bless_from_current'} = \
@bless_from_current;
123 $vars->{'bless_from_available'} = \
@bless_from_available;
124 $vars->{'bless_to_current'} = \
@bless_to_current;
125 $vars->{'bless_to_available'} = \
@bless_to_available;
127 if (Bugzilla
->params->{'usevisibilitygroups'}) {
128 $vars->{'visible_from_current'} = \
@visible_from_current;
129 $vars->{'visible_from_available'} = \
@visible_from_available;
130 $vars->{'visible_to_me_current'} = \
@visible_to_me_current;
131 $vars->{'visible_to_me_available'} = \
@visible_to_me_available;
135 # If no action is specified, get a list of all groups available.
138 my @groups = Bugzilla
::Group
->get_all;
139 $vars->{'groups'} = \
@groups;
141 $template->process("admin/groups/list.html.tmpl", $vars)
142 || ThrowTemplateError
($template->error());
147 # action='changeform' -> present form for altering an existing group
149 # (next action will be 'postchanges')
152 if ($action eq 'changeform') {
154 # Check that an existing group ID is given
155 my $group_id = CheckGroupID
($cgi->param('group'));
156 my $group = new Bugzilla
::Group
($group_id);
158 get_current_and_available
($group, $vars);
159 $vars->{'group'} = $group;
160 $vars->{'token'} = issue_session_token
('edit_group');
162 $template->process("admin/groups/edit.html.tmpl", $vars)
163 || ThrowTemplateError
($template->error());
168 # action='add' -> present form for parameters for new group
170 # (next action will be 'new')
173 if ($action eq 'add') {
174 $vars->{'token'} = issue_session_token
('add_group');
176 $template->process("admin/groups/create.html.tmpl", $vars)
177 || ThrowTemplateError
($template->error());
183 # action='new' -> add group entered in the 'action=add' screen
186 if ($action eq 'new') {
187 check_token_data
($token, 'add_group');
188 my $group = Bugzilla
::Group
->create({
189 name
=> scalar $cgi->param('name'),
190 description
=> scalar $cgi->param('desc'),
191 userregexp
=> scalar $cgi->param('regexp'),
192 isactive
=> scalar $cgi->param('isactive'),
193 icon_url
=> scalar $cgi->param('icon_url'),
195 use_in_all_products
=> scalar $cgi->param('insertnew'),
198 delete_token
($token);
200 $vars->{'message'} = 'group_created';
201 $vars->{'group'} = $group;
202 get_current_and_available
($group, $vars);
203 $vars->{'token'} = issue_session_token
('edit_group');
205 $template->process("admin/groups/edit.html.tmpl", $vars)
206 || ThrowTemplateError
($template->error());
211 # action='del' -> ask if user really wants to delete
213 # (next action would be 'delete')
216 if ($action eq 'del') {
218 # Check that an existing group ID is given
219 my $group = Bugzilla
::Group
->check({id
=> scalar $cgi->param('group')});
220 $group->check_remove({test_only
=> 1});
221 $vars->{'shared_queries'} = $dbh->selectrow_array(
223 FROM namedquery_group_map
224 WHERE group_id = ?', undef, $group->id
227 $vars->{'group'} = $group;
228 $vars->{'token'} = issue_session_token
('delete_group');
230 $template->process("admin/groups/delete.html.tmpl", $vars)
231 || ThrowTemplateError
($template->error());
236 # action='delete' -> really delete the group
239 if ($action eq 'delete') {
240 check_token_data
($token, 'delete_group');
242 # Check that an existing group ID is given
243 my $group = Bugzilla
::Group
->check({id
=> scalar $cgi->param('group')});
244 $vars->{'name'} = $group->name;
245 $group->remove_from_db({
246 remove_from_users
=> scalar $cgi->param('removeusers'),
247 remove_from_bugs
=> scalar $cgi->param('removebugs'),
248 remove_from_flags
=> scalar $cgi->param('removeflags'),
249 remove_from_products
=> scalar $cgi->param('unbind'),
251 delete_token
($token);
253 $vars->{'message'} = 'group_deleted';
254 $vars->{'groups'} = [Bugzilla
::Group
->get_all];
256 $template->process("admin/groups/list.html.tmpl", $vars)
257 || ThrowTemplateError
($template->error());
262 # action='postchanges' -> update the groups
265 if ($action eq 'postchanges') {
266 check_token_data
($token, 'edit_group');
267 my $changes = doGroupChanges
();
268 delete_token
($token);
270 my $group = new Bugzilla
::Group
($cgi->param('group_id'));
271 get_current_and_available
($group, $vars);
272 $vars->{'message'} = 'group_updated';
273 $vars->{'group'} = $group;
274 $vars->{'changes'} = $changes;
275 $vars->{'token'} = issue_session_token
('edit_group');
277 $template->process("admin/groups/edit.html.tmpl", $vars)
278 || ThrowTemplateError
($template->error());
282 if ($action eq 'confirm_remove') {
283 my $group = new Bugzilla
::Group
(CheckGroupID
($cgi->param('group_id')));
284 $vars->{'group'} = $group;
285 $vars->{'regexp'} = CheckGroupRegexp
($cgi->param('regexp'));
286 $vars->{'token'} = issue_session_token
('remove_group_members');
288 $template->process('admin/groups/confirm-remove.html.tmpl', $vars)
289 || ThrowTemplateError
($template->error());
293 if ($action eq 'remove_regexp') {
294 check_token_data
($token, 'remove_group_members');
296 # remove all explicit users from the group with
297 # gid = $cgi->param('group') that match the regular expression
298 # stored in the DB for that group or all of them period
300 my $group = new Bugzilla
::Group
(CheckGroupID
($cgi->param('group_id')));
301 my $regexp = CheckGroupRegexp
($cgi->param('regexp'));
303 $dbh->bz_start_transaction();
305 my $users = $group->members_direct();
306 my $sth_delete = $dbh->prepare(
307 "DELETE FROM user_group_map
308 WHERE user_id = ? AND isbless = 0 AND group_id = ?"
312 foreach my $member (@
$users) {
313 if ($regexp eq '' || $member->login =~ m/$regexp/i) {
314 $sth_delete->execute($member->id, $group->id);
315 push(@deleted, $member);
318 $dbh->bz_commit_transaction();
320 $vars->{'users'} = \
@deleted;
321 $vars->{'regexp'} = $regexp;
322 delete_token
($token);
324 $vars->{'message'} = 'group_membership_removed';
325 $vars->{'group'} = $group->name;
326 $vars->{'groups'} = [Bugzilla
::Group
->get_all];
328 $template->process("admin/groups/list.html.tmpl", $vars)
329 || ThrowTemplateError
($template->error());
333 # No valid action found
334 ThrowUserError
('unknown_action', {action
=> $action});
336 # Helper sub to handle the making of changes to a group
338 my $cgi = Bugzilla
->cgi;
339 my $dbh = Bugzilla
->dbh;
341 $dbh->bz_start_transaction();
343 # Check that the given group ID is valid and make a Group.
344 my $group = new Bugzilla
::Group
(CheckGroupID
($cgi->param('group_id')));
346 if (defined $cgi->param('regexp')) {
347 $group->set_user_regexp($cgi->param('regexp'));
350 if ($group->is_bug_group) {
351 if (defined $cgi->param('name')) {
352 $group->set_name($cgi->param('name'));
354 if (defined $cgi->param('desc')) {
355 $group->set_description($cgi->param('desc'));
358 # Only set isactive if we came from the right form.
359 if (defined $cgi->param('regexp')) {
360 $group->set_is_active($cgi->param('isactive'));
364 if (defined $cgi->param('icon_url')) {
365 $group->set_icon_url($cgi->param('icon_url'));
368 my $changes = $group->update();
370 my $sth_insert = $dbh->prepare(
371 'INSERT INTO group_group_map
372 (member_id, grantor_id, grant_type)
376 my $sth_delete = $dbh->prepare(
377 'DELETE FROM group_group_map
383 # First item is the type, second is whether or not it's "reverse"
384 # (granted_by) (see _do_add for more explanation).
386 members
=> [GROUP_MEMBERSHIP
, 0],
387 bless_from
=> [GROUP_BLESS
, 0],
388 visible_from
=> [GROUP_VISIBLE
, 0],
389 member_of
=> [GROUP_MEMBERSHIP
, 1],
390 bless_to
=> [GROUP_BLESS
, 1],
391 visible_to_me
=> [GROUP_VISIBLE
, 1]
393 while (my ($field, $data) = each %fields) {
394 _do_add
($group, $changes, $sth_insert, "${field}_add", $data->[0], $data->[1]);
395 _do_remove
($group, $changes, $sth_delete, "${field}_remove", $data->[0],
399 $dbh->bz_commit_transaction();
404 my ($group, $changes, $sth_insert, $field, $type, $reverse) = @_;
405 my $cgi = Bugzilla
->cgi;
409 # $reverse means we're doing a granted_by--that is, somebody else
410 # is granting us something.
412 $current = $group->granted_by_direct($type);
415 $current = $group->grant_direct($type);
418 my $add_items = Bugzilla
::Group
->new_from_list([$cgi->param($field)]);
420 foreach my $add (@
$add_items) {
421 next if grep($_->id == $add->id, @
$current);
423 $changes->{$field} ||= [];
424 push(@
{$changes->{$field}}, $add->name);
426 # They go this direction for a normal "This group is granting
428 my @ids = ($add->id, $group->id);
430 # But they get reversed for "This group is being granted something
432 @ids = reverse @ids if $reverse;
433 $sth_insert->execute(@ids, $type);
438 my ($group, $changes, $sth_delete, $field, $type, $reverse) = @_;
439 my $cgi = Bugzilla
->cgi;
440 my $remove_items = Bugzilla
::Group
->new_from_list([$cgi->param($field)]);
442 foreach my $remove (@
$remove_items) {
443 my @ids = ($remove->id, $group->id);
445 # See _do_add for an explanation of $reverse
446 @ids = reverse @ids if $reverse;
448 # Deletions always succeed and are harmless if they fail, so we
449 # don't need to do any checks.
450 $sth_delete->execute(@ids, $type);
451 $changes->{$field} ||= [];
452 push(@
{$changes->{$field}}, $remove->name);