return %deps;
}
+#Verify if the new assignee belongs to the group of
+#the product that the bug(s) is in.
+sub can_add_user_to_bug {
+ my ($prod_id, $id, $uid) = @_;
+ my $user = new Bugzilla::User($uid);
+ if (!$user->can_edit_product($prod_id)) {
+ ThrowUserError("invalid_user_group", { 'user' =>
+ $user->login, bug_id => $id });
+ }
+}
+
sub AUTOLOAD {
use vars qw($AUTOLOAD);
my $attr = $AUTOLOAD;
name => 'usevisibilitygroups',
type => 'b',
default => 0
+ },
+
+ {
+ name => 'strict_isolation',
+ type => 'b',
+ default => 0
} );
return @param_list;
}
return Bugzilla->dbh->selectrow_array($query, undef, $otherUser->id);
}
+sub can_edit_product {
+ my ($self, $prod_id) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $sth = $self->{sthCanEditProductId};
+ my $userid = $self->{id};
+ my $query = q{SELECT group_id FROM group_control_map
+ WHERE product_id =?
+ AND canedit != 0 };
+ if (%{$self->groups}) {
+ my $groups = join(',', values(%{$self->groups}));
+ $query .= qq{AND group_id NOT IN($groups)};
+ }
+ unless ($sth) { $sth = $dbh->prepare($query); }
+ $sth->execute($prod_id);
+ $self->{sthCanEditProductId} = $sth;
+ my $result = $sth->fetchrow_array();
+
+ return (!defined($result));
+}
+
sub can_see_bug {
my ($self, $bugid) = @_;
my $dbh = Bugzilla->dbh;
Returns 1 if the specified user account exists and is visible to the user,
0 otherwise.
+=item C<can_edit_product(prod_id)>
+
+Determines if, given a product id, the user can edit bugs in this product
+at all.
+
=item C<can_see_bug(bug_id)>
Determines if the user can see the specified bug.
ON bugs.bug_id = attachments.bug_id
WHERE attach_id = $attachid");
my $productid = FetchOneColumn();
- CanEditProductId($productid)
+ Bugzilla->user->can_edit_product_id($productid)
|| ThrowUserError("illegal_attachment_edit",
{ attach_id => $attachid });
}
return $::CachedAnyDefaultGroups;
}
-#
-# This function checks if, given a product id, the user can edit
-# bugs in this product at all.
-sub CanEditProductId {
- my ($productid) = @_;
- my $dbh = Bugzilla->dbh;
- my $query = "SELECT group_id FROM group_control_map " .
- "WHERE product_id = $productid " .
- "AND canedit != 0 ";
- if (%{Bugzilla->user->groups}) {
- $query .= "AND group_id NOT IN(" .
- join(',', values(%{Bugzilla->user->groups})) . ") ";
- }
- $query .= $dbh->sql_limit(1);
- PushGlobalSQLState();
- SendSQL($query);
- my ($result) = FetchSQLData();
- PopGlobalSQLState();
- return (!defined($result));
-}
-
sub IsInClassification {
my ($classification,$productname) = @_;
# The QA contact cannot be deleted from show_bug.cgi for a single bug!
if ($name ne $cgi->param('dontchange')) {
$qacontact = DBNameToIdAndCheck($name) if ($name ne "");
+ if (Param("strict_isolation")) {
+ my $product_id = get_product_id($cgi->param('product'));
+ Bugzilla::Bug::can_add_user_to_bug(
+ $product_id, $cgi->param('id'), $qacontact);
+ }
DoComma();
if($qacontact) {
$::query .= "qa_contact = $qacontact";
}
ChangeStatus('NEW');
DoComma();
- if (!defined $cgi->param('assigned_to')
+ if (defined $cgi->param('assigned_to')) {
+ my $uid = DBNameToIdAndCheck($cgi->param('assigned_to'));
+ if (Param("strict_isolation")) {
+ my $product_id = get_product_id($cgi->param('product'));
+ Bugzilla::Bug::can_add_user_to_bug(
+ $product_id, $cgi->param('id'), $uid);
+ }
+ } elsif (!defined $cgi->param('assigned_to')
|| trim($cgi->param('assigned_to')) eq "") {
ThrowUserError("reassign_to_empty");
}
# show_bug.cgi).
#
foreach my $id (@idlist) {
+ my $bug_obj = new Bugzilla::Bug($id, $whoid);
my %dependencychanged;
$bug_changed = 0;
my $write = "WRITE"; # Might want to make a param to control
ThrowUserError("illegal_change", $vars);
}
}
-
+ if ($cgi->param('assigned_to') && Param("strict_isolation")) {
+ my $uid = DBNameToIdAndCheck($cgi->param('assigned_to'));
+ Bugzilla::Bug::can_add_user_to_bug(
+ $bug_obj->{'product_id'}, $id, $uid);
+ }
+ if ($cgi->param('qa_contact') && Param("strict_isolation")) {
+ Bugzilla::Bug::can_add_user_to_bug(
+ $bug_obj->{'product_id'}, $id, $qacontact);
+ }
+
# When editing multiple bugs, users can specify a list of keywords to delete
# from bugs. If the list matches the current set of keywords on those bugs,
# CheckCanChangeField above will fail to check permissions because it thinks
}
$oldhash{'product'} = get_product_name($oldhash{'product_id'});
- if (!CanEditProductId($oldhash{'product_id'})) {
+ if (!Bugzilla->user->can_edit_product($oldhash{'product_id'})) {
ThrowUserError("product_edit_denied",
{ product => $oldhash{'product'} });
}
$oncc{FetchOneColumn()} = 1;
}
- my (@added, @removed) = ();
+ my (@added, @removed, @blocked_cc) = ();
+
+ if (Param("strict_isolation")) {
+ foreach my $pid (keys %cc_add) {
+ my $user = Bugzilla::User->new($pid);
+ if (!$user->can_edit_product($bug_obj->{'product_id'})) {
+ push (@blocked_cc, $cc_add{$pid});
+ }
+ }
+ if (scalar(@blocked_cc)) {
+ my $blocked_cc = join(", ", @blocked_cc);
+ ThrowUserError("invalid_user_group",
+ {'user' => $blocked_cc , bug_id => $id });
+ }
+ }
+
foreach my $pid (keys %cc_add) {
# If this person isn't already on the cc list, add them
if (! $oncc{$pid}) {
"information.",
usevisibilitygroups => "Do you wish to restrict visibility of users to members of " _
- "specific groups?" }
+ "specific groups?",
+
+ strict_isolation => "Don't allow users to assign, be qa-contacts or add to CC list " _
+ "any user that do not have permission to edit the bug." }
%]
[% title = "Invalid regular expression" %]
The regular expression you entered is invalid.
+ [% ELSIF error == "invalid_user_group" %]
+ [% title = "Invalid User Group" %]
+ User '[% user FILTER html %]' is not able to edit the
+ [% terms.bug %] '[% bug_id FILTER html %]'.
+
[% ELSIF error == "invalid_username" %]
[% title = "Invalid Username" %]
The name <tt>[% name FILTER html %]</tt> is not a valid username.
projects / thirdparty / bugzilla.git / commitdiff
