Bug 1200958: group owners should always be able to view group membership reports...

diff --git a/extensions/BMO/lib/Reports/Groups.pm b/extensions/BMO/lib/Reports/Groups.pm
index dfe90b78f249d178e470fb44de77999898a604f6..a4816f914811420b389bf1e2214e1dfc8c4c0002 100644 (file)
--- a/extensions/BMO/lib/Reports/Groups.pm
+++ b/extensions/BMO/lib/Reports/Groups.pm
@@ -29,7 +29,7 @@ sub admins_report {
     my @grouplist =
                   ($user->in_group('editusers') || $user->in_group('infrasec'))
                   ? map { lc($_->name) } Bugzilla::Group->get_all
-                  : _get_public_membership_groups();
+                  : _get_permitted_membership_groups();
 
     my $groups = join(',', map { $dbh->quote($_) } @grouplist);
 
@@ -183,7 +183,7 @@ sub members_report {
 
     my @grouplist = $privileged
         ? map { lc($_->name) } Bugzilla::Group->get_all
-        : _get_public_membership_groups();
+        : _get_permitted_membership_groups();
 
     my $include_disabled = $cgi->param('include_disabled') ? 1 : 0;
     $vars->{'include_disabled'} = $include_disabled;
@@ -203,6 +203,8 @@ sub members_report {
     my $group_obj = Bugzilla::Group->new({ name => $group });
     $vars->{'group'} = $group_obj;
 
+    $vars->{'privileged'} = 1 if ($group_obj->owner && $group_obj->owner->id == $user->id);
+
     my @types;
     my $members = $group_obj->members_complete();
     foreach my $name (sort keys %$members) {
@@ -276,10 +278,11 @@ sub _filter_userlist {
 
 # Groups that any user with editbugs can see the membership or admin lists for.
 # Transparency FTW.
-sub _get_public_membership_groups {
-    my @all_groups = map { lc($_->name) } Bugzilla::Group->get_all;
+sub _get_permitted_membership_groups {
+    my $user = Bugzilla->user;
 
-    my %hardcoded_groups = map { $_ => 1 } qw(
+    # Default publicly viewable groups
+    my %default_public_groups = map { $_ => 1 } qw(
         bugzilla-approvers
         bugzilla-reviewers
         can_restrict_comments
@@ -290,9 +293,25 @@ sub _get_public_membership_groups {
         qa-approvers
     );
 
-    # We also automatically include all drivers groups - this gives us a little
-    # future-proofing
-    return grep { /-drivers$/ || exists $hardcoded_groups{$_} } @all_groups;
+    # We add the group to the permitted list if:
+    # 1. it is a drivers group - this gives us a little
+    #    future-proofing
+    # 2. it is a one of the default public groups
+    # 3. the user is the group's owner
+    # 4. or the user can bless others into the group
+    my @permitted_groups;
+    foreach my $group (Bugzilla::Group->get_all) {
+        my $name = $group->name;
+        if ($name =~ /-drivers$/
+            || exists $default_public_groups{$name}
+            || ($group->owner && $group->owner->id == $user->id)
+            || $user->can_bless($group->id))
+        {
+            push(@permitted_groups, $name);
+        }
+    }
+
+    return @permitted_groups;
 }
 
 1;

diff --git a/extensions/BMO/template/en/default/pages/group_members.html.tmpl b/extensions/BMO/template/en/default/pages/group_members.html.tmpl
index 6136a7c1c8ab3237cb0995b2469360e5f33fad1c..ec2cb2e46360568a50610f817302c509e59dc145 100644 (file)
--- a/extensions/BMO/template/en/default/pages/group_members.html.tmpl
+++ b/extensions/BMO/template/en/default/pages/group_members.html.tmpl
@@ -48,7 +48,7 @@
         <th>Type</th>
         <th>Count</th>
         <th>Members</th>
-        [% IF privileged || (user.id == group.owner.id) %]
+        [% IF privileged %]
           <th class="right">2FA, Last Seen (days ago)</th>
         [% END %]
       </tr>