next;
}
- if (!&::CanEnterProduct($product)) {
+ if (!Bugzilla->user->can_enter_product($product)) {
# If we're using bug groups to restrict entry on products, and
# this product has an entry group, and the user is not in that
# group, we don't want to include that product in this list.
}
sub get_selectable_products {
- my ($self, $by_id) = @_;
+ my $self = shift;
if (defined $self->{selectable_products}) {
return $self->{selectable_products};
return $self->{selectable_classifications};
}
+sub can_enter_product {
+ my ($self, $product_name, $warn) = @_;
+ my $dbh = Bugzilla->dbh;
+
+ if (!defined($product_name)) {
+ return unless $warn;
+ ThrowUserError('no_products');
+ }
+ trick_taint($product_name);
+
+ # Checks whether the user has access to the product.
+ my $has_access = $dbh->selectrow_array('SELECT group_id IS NULL
+ FROM products
+ LEFT JOIN group_control_map
+ ON group_control_map.product_id = products.id
+ AND group_control_map.entry != 0
+ AND group_id NOT IN (' . $self->groups_as_string . ')
+ WHERE products.name = ? ' .
+ $dbh->sql_limit(1),
+ undef, $product_name);
+
+ if (!$has_access) {
+ return unless $warn;
+ ThrowUserError('entry_access_denied', { product => $product_name });
+ }
+
+ # Checks whether the product is open for new bugs and
+ # has at least one component and one version.
+ my ($is_open, $has_version) =
+ $dbh->selectrow_array('SELECT CASE WHEN disallownew = 0 THEN 1 ELSE 0 END,
+ versions.value IS NOT NULL
+ FROM products
+ INNER JOIN components
+ ON components.product_id = products.id
+ LEFT JOIN versions
+ ON versions.product_id = products.id
+ WHERE products.name = ? ' .
+ $dbh->sql_limit(1), undef, $product_name);
+
+ # Returns undef if the product has no components
+ # Returns 0 if the product has no versions, or is closed for bug entry
+ # Returns 1 if the user can enter bugs into the product
+ return ($is_open && $has_version) unless $warn;
+
+ # (undef, undef): the product has no components,
+ # (0, ?) : the product is closed for new bug entry,
+ # (?, 0) : the product has no versions,
+ # (1, 1) : the user can enter bugs into the product,
+ if (!defined $is_open) {
+ ThrowUserError('missing_component', { product => $product_name });
+ } elsif (!$is_open) {
+ ThrowUserError('product_disabled', { product => $product_name });
+ } elsif (!$has_version) {
+ ThrowUserError('missing_version', { product => $product_name });
+ }
+ return 1;
+}
+
+sub get_enterable_products {
+ my $self = shift;
+
+ if (defined $self->{enterable_products}) {
+ return $self->{enterable_products};
+ }
+
+ my @products;
+ foreach my $product (Bugzilla::Product::get_all_products()) {
+ if ($self->can_enter_product($product->name)) {
+ push(@products, $product);
+ }
+ }
+ $self->{enterable_products} = \@products;
+ return $self->{enterable_products};
+}
+
# visible_groups_inherited returns a reference to a list of all the groups
# whose members are visible to this user.
sub visible_groups_inherited {
Returns: An array of Bugzilla::Classification objects, sorted by
the classification name.
+=item C<can_enter_product($product_name, $warn)>
+
+ Description: Returns 1 if the user can enter bugs into the specified product.
+ If the user cannot enter bugs into the product, the behavior of
+ this method depends on the value of $warn:
+ - if $warn is false (or not given), a 'false' value is returned;
+ - if $warn is true, an error is thrown.
+
+ Params: $product_name - a product name.
+ $warn - optional parameter, indicating whether an error
+ must be thrown if the user cannot enter bugs
+ into the specified product.
+
+ Returns: 1 if the user can enter bugs into the product,
+ 0 if the user cannot enter bugs into the product and if $warn
+ is false (an error is thrown if $warn is true).
+
+=item C<get_enterable_products>
+
+ Description: Returns an array of product objects into which the user is
+ allowed to enter bugs.
+
+ Params: none
+
+ Returns: an array of product objects.
+
=item C<get_userlist>
Returns a reference to an array of users. The array is populated with hashrefs
$vars->{'dotweak'} = 1;
$vars->{'use_keywords'} = 1 if @::legal_keywords;
- my @enterable_products = GetEnterableProducts();
- $vars->{'products'} = \@enterable_products;
+ $vars->{'products'} = Bugzilla->user->get_enterable_products;
$vars->{'platforms'} = \@::legal_platform;
$vars->{'op_sys'} = \@::legal_opsys;
$vars->{'priorities'} = \@::legal_priority;
use vars qw($vars @legal_product);
-Bugzilla->login();
+my $user = Bugzilla->login();
GetVersionTable();
my $product = trim($cgi->param('product') || '');
my $product_id = get_product_id($product);
-if (!$product_id || !CanEnterProduct($product)) {
+if (!$product_id || !$user->can_enter_product($product)) {
# Reference to a subset of %::proddesc, which the user is allowed to see
my %products;
# OK, now only add products the user can see
Bugzilla->login(LOGIN_REQUIRED);
foreach my $p (@::legal_product) {
- if (CanEnterProduct($p)) {
+ if ($user->can_enter_product($p)) {
$products{$p} = $::proddesc{$p};
}
}
foreach my $classification (@$classifications) {
my $found = 0;
foreach my $p (@enterable_products) {
- if (CanEnterProduct($p)
+ if (Bugzilla->user->can_enter_product($p)
&& IsInClassification($classification->{name},$p)) {
$found = 1;
}
my %products;
foreach my $p (@enterable_products) {
- if (CanEnterProduct($p)) {
+ if (Bugzilla->user->can_enter_product($p)) {
if (IsInClassification(scalar $cgi->param('classification'),$p) ||
$cgi->param('classification') eq "__all") {
$products{$p} = $::proddesc{$p};
# We need to check and make sure
# that the user has permission to enter a bug against this product.
-CanEnterProductOrWarn($product);
+Bugzilla->user->can_enter_product($product, 1);
GetVersionTable();
}
}
-# This function determines whether or not a user can enter
-# bugs into the named product.
-sub CanEnterProduct {
- my ($productname, $verbose) = @_;
- my $dbh = Bugzilla->dbh;
-
- return unless defined($productname);
- trick_taint($productname);
-
- # First check whether or not the user has access to that product.
- my $query = "SELECT group_id IS NULL " .
- "FROM products " .
- "LEFT JOIN group_control_map " .
- "ON group_control_map.product_id = products.id " .
- "AND group_control_map.entry != 0 ";
- if (%{Bugzilla->user->groups}) {
- $query .= "AND group_id NOT IN(" .
- join(',', values(%{Bugzilla->user->groups})) . ") ";
- }
- $query .= "WHERE products.name = ? " .
- $dbh->sql_limit(1);
-
- my $has_access = $dbh->selectrow_array($query, undef, $productname);
- if (!$has_access) {
- # Do we require the exact reason why we cannot enter
- # bugs into that product? Returning -1 explicitely
- # means the user has no access to the product or the
- # product does not exist.
- return (defined($verbose)) ? -1 : 0;
- }
-
- # Check if the product is open for new bugs and has
- # at least one component and has at least one version.
- my ($allow_new_bugs, $has_version) =
- $dbh->selectrow_array('SELECT CASE WHEN disallownew = 0 THEN 1 ELSE 0 END, ' .
- 'versions.value IS NOT NULL ' .
- 'FROM products INNER JOIN components ' .
- 'ON components.product_id = products.id ' .
- 'LEFT JOIN versions ' .
- 'ON versions.product_id = products.id ' .
- 'WHERE products.name = ? ' .
- $dbh->sql_limit(1), undef, $productname);
-
-
- if (defined $verbose) {
- # Return (undef, undef) if the product has no components,
- # Return (?, 0) if the product has no versions,
- # Return (0, ?) if the product is closed for new bug entry,
- # Return (1, 1) if the user can enter bugs into the product,
- return ($allow_new_bugs, $has_version);
- } else {
- # Return undef if the product has no components
- # Return 0 if the product has no versions, or is closed for bug entry
- # Return 1 if the user can enter bugs into the product
- return ($allow_new_bugs && $has_version);
- }
-}
-
-# Call CanEnterProduct() and display an error message
-# if the user cannot enter bugs into that product.
-sub CanEnterProductOrWarn {
- my ($product) = @_;
-
- if (!defined($product)) {
- ThrowUserError("no_products");
- }
- my ($allow_new_bugs, $has_version) = CanEnterProduct($product, 1);
- trick_taint($product);
-
- if (!defined $allow_new_bugs) {
- ThrowUserError("missing_component", { product => $product });
- } elsif (!$allow_new_bugs) {
- ThrowUserError("product_disabled", { product => $product});
- } elsif ($allow_new_bugs < 0) {
- ThrowUserError("entry_access_denied", { product => $product});
- } elsif (!$has_version) {
- ThrowUserError("missing_version", { product => $product });
- }
- return 1;
-}
-
-sub GetEnterableProducts {
- my @products;
- # XXX rewrite into pure SQL instead of relying on legal_products?
- foreach my $p (@::legal_product) {
- if (CanEnterProduct($p)) {
- push @products, $p;
- }
- }
- return (@products);
-}
-
sub ValidatePassword {
# Determines whether or not a password is valid (i.e. meets Bugzilla's
# requirements for length and content).
# Check that the product exists and that the user
# is allowed to enter bugs into this product.
my $product = $cgi->param('product');
-CanEnterProductOrWarn($product);
+$user->can_enter_product($product, 1);
my $product_id = get_product_id($product);
$dbh->sql_limit(1),
undef, $prod);
- if ($check_can_enter) { CanEnterProductOrWarn($prod) }
+ if ($check_can_enter) { $user->can_enter_product($prod, 1) }
# note that when this script is called from buglist.cgi (rather
# than show_bug.cgi), it's possible that the product will be changed
<th><label for="product">Product:</label></th>
<td>
[% PROCESS selectmenu menuname = "product"
- menuitems = products %]
+ menuitems = products
+ property = "name" %]
</td>
<th><label for="version">Version:</label></th>
<td>
[% PROCESS selectmenu menuname = "version"
- menuitems = versions %]
+ menuitems = versions
+ property = "" %]
</td>
</tr>
[% dontchange FILTER html %]
</option>
[% FOREACH menuitem = menuitems %]
+ [% IF property %][% menuitem = menuitem.$property %][% END %]
<option value="[% menuitem FILTER html %]">[% menuitem FILTER html %]</option>
[% END %]
</select>
projects / thirdparty / bugzilla.git / commitdiff
