sub get_selectable_products {
my $self = shift;
+ my $classification_id = shift;
if (defined $self->{selectable_products}) {
return $self->{selectable_products};
}
my $dbh = Bugzilla->dbh;
+ my @params = ();
+
my $query = "SELECT id " .
"FROM products " .
"LEFT JOIN group_control_map " .
}
$query .= "AND group_id NOT IN(" .
$self->groups_as_string . ") " .
- "WHERE group_id IS NULL ORDER BY name";
+ "WHERE group_id IS NULL ";
+
+ if (Param('useclassification') && $classification_id) {
+ $query .= "AND classification_id = ? ";
+ detaint_natural($classification_id);
+ push(@params, $classification_id);
+ }
- my $prod_ids = $dbh->selectcol_arrayref($query);
+ $query .= "ORDER BY name";
+
+ my $prod_ids = $dbh->selectcol_arrayref($query, undef, @params);
my @products;
foreach my $prod_id (@$prod_ids) {
push(@products, new Bugzilla::Product($prod_id));
=item C<get_selectable_products>
- Description: Returns all products the user is allowed to access.
+ Description: Returns all products the user is allowed to access. This list
+ is restricted to some given classification if $classification_id
+ is given.
- Params: none
+ Params: $classification_id - (optional) The ID of the classification
+ the products belong to.
Returns: An array of product objects, sorted by the product name.
#
# Contributor(s): Holger Schurig <holgerschurig@nikocity.de>
# Terry Weissman <terry@mozilla.org>
+# Frédéric Buclin <LpSolit@gmail.com>
#
# Direct any questions on this source code to
#
#
unless ($product_name) {
-
- my @products = Bugzilla::Product::get_all_products();
-
+ $vars->{'products'} = $user->get_selectable_products;
$vars->{'showbugcounts'} = $showbugcounts;
- $vars->{'products'} = \@products;
- $template->process("admin/components/select-product.html.tmpl",
- $vars)
- || ThrowTemplateError($template->error());
-
+ $template->process("admin/components/select-product.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
exit;
}
+# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+# Then make sure the user is allowed to edit properties of this product.
+$user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
+
#
# action='' -> Show nice list of components
#
#
unless ($product_name) {
-
- my @products = Bugzilla::Product::get_all_products();
-
+ $vars->{'products'} = $user->get_selectable_products;
$vars->{'showbugcounts'} = $showbugcounts;
- $vars->{'products'} = \@products;
- $template->process("admin/milestones/select-product.html.tmpl",
- $vars)
- || ThrowTemplateError($template->error());
+ $template->process("admin/milestones/select-product.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
exit;
}
+# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+# Then make sure the user is allowed to edit properties of this product.
+$user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
+
#
# action='' -> Show nice list of milestones
#
&& !$classification_name
&& !$product_name)
{
- my @classifications =
- Bugzilla::Classification::get_all_classifications();
+ $vars->{'classifications'} = $user->get_selectable_classifications;
- $vars->{'classifications'} = \@classifications;
-
- $template->process("admin/products/list-classifications.html.tmpl",
- $vars)
+ $template->process("admin/products/list-classifications.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
#
if (!$action && !$product_name) {
- my @products;
+ my $products;
if (Param('useclassification')) {
my $classification =
Bugzilla::Classification::check_classification($classification_name);
- @products = @{$classification->products};
+ $products = $user->get_selectable_products($classification->id);
$vars->{'classification'} = $classification;
} else {
- @products = Bugzilla::Product::get_all_products;
+ $products = $user->get_selectable_products;
}
- $vars->{'products'} = \@products;
+ $vars->{'products'} = $products;
$vars->{'showbugcounts'} = $showbugcounts;
$template->process("admin/products/list.html.tmpl", $vars)
#
if ($action eq 'del') {
-
+ # First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+ # Then make sure the user is allowed to edit properties of this product.
+ $user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
if (Param('useclassification')) {
my $classification =
Bugzilla::Classification::check_classification($classification_name);
#
if ($action eq 'delete') {
-
+ # First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+
+ # Then make sure the user is allowed to edit properties of this product.
+ $user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
$vars->{'product'} = $product;
#
if ($action eq 'edit' || (!$action && $product_name)) {
-
+ # First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+ # Then make sure the user is allowed to edit properties of this product.
+ $user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
if (Param('useclassification')) {
my $classification;
if (!$classification_name) {
#
if ($action eq 'updategroupcontrols') {
-
+ # First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+
+ # Then make sure the user is allowed to edit properties of this product.
+ $user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
my @now_na = ();
my @now_mandatory = ();
foreach my $f ($cgi->param()) {
my $checkvotes = 0;
+ # First make sure the product name is valid.
my $product_old = Bugzilla::Product::check_product($product_old_name);
+ # Then make sure the user is allowed to edit properties of this product.
+ $user->can_see_product($product_old->name)
+ || ThrowUserError('product_access_denied', {product => $product_old->name});
+
if (Param('useclassification')) {
my $classification;
if (!$classification_name) {
#
if ($action eq 'editgroupcontrols') {
+ # First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+
+ # Then make sure the user is allowed to edit properties of this product.
+ $user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
# Display a group if it is either enabled or has bugs for this product.
my $groups = $dbh->selectall_arrayref(
'SELECT id, name, entry, membercontrol, othercontrol, canedit,
#
unless ($product_name) {
-
- my @products = Bugzilla::Product::get_all_products();
-
+ $vars->{'products'} = $user->get_selectable_products;
$vars->{'showbugcounts'} = $showbugcounts;
- $vars->{'products'} = \@products;
- $template->process("admin/versions/select-product.html.tmpl",
- $vars)
- || ThrowTemplateError($template->error());
+ $template->process("admin/versions/select-product.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
exit;
}
+# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
+# Then make sure the user is allowed to edit properties of this product.
+$user->can_see_product($product->name)
+ || ThrowUserError('product_access_denied', {product => $product->name});
+
+
#
# action='' -> Show nice list of versions
#
create the milestone '[% defaultmilestone FILTER html %]'</a> before
it can be made the default milestone for product '[% product FILTER html %]'.
+ [% ELSIF error == "product_access_denied" %]
+ [% title = "Product Access Denied" %]
+ You are not allowed to edit properties of product '[% product FILTER html %]'.
+
[% ELSIF error == "product_blank_name" %]
[% title = "Blank Product Name Not Allowed" %]
You must enter a name for the new product.
projects / thirdparty / bugzilla.git / commitdiff
