From: lpsolit%gmail.com <>
Date: Sat, 21 Oct 2006 04:16:53 +0000 (+0000)
Subject: Bug 349855: editgroups.cgi doesn't protect the querysharegroup from deletion
X-Git-Tag: bugzilla-2.23.4~265
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac3fe4074a3e583948bf2a1d0b81f8f3f6acce51;p=thirdparty%2Fbugzilla.git

Bug 349855: editgroups.cgi doesn't protect the querysharegroup from deletion

Bug 357429: Renaming a group which plays a special role generates a SQL error

Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
---

diff --git a/editgroups.cgi b/editgroups.cgi
index 09e1c8b10c..0c49db6985 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -37,6 +37,9 @@ use Bugzilla::Product;
 use Bugzilla::User;
 use Bugzilla::Token;
 
+use constant SPECIAL_GROUPS => ('chartgroup', 'insidergroup',
+                                'timetrackinggroup', 'querysharegroup');
+
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
@@ -316,7 +319,7 @@ if ($action eq 'del') {
     }
     # Groups having a special role cannot be deleted.
     my @special_groups;
-    foreach my $special_group ('chartgroup', 'insidergroup', 'timetrackinggroup') {
+    foreach my $special_group (SPECIAL_GROUPS) {
         if ($name eq Bugzilla->params->{$special_group}) {
             push(@special_groups, $special_group);
         }
@@ -389,7 +392,7 @@ if ($action eq 'delete') {
     }
     # Groups having a special role cannot be deleted.
     my @special_groups;
-    foreach my $special_group ('chartgroup', 'insidergroup', 'timetrackinggroup') {
+    foreach my $special_group (SPECIAL_GROUPS) {
         if ($name eq Bugzilla->params->{$special_group}) {
             push(@special_groups, $special_group);
         }
@@ -577,7 +580,11 @@ sub doGroupChanges {
 
     $dbh->bz_lock_tables('groups WRITE', 'group_group_map WRITE',
                          'bug_group_map WRITE', 'user_group_map WRITE',
-                         'group_control_map READ', 'bugs READ', 'profiles READ');
+                         'group_control_map READ', 'bugs READ', 'profiles READ',
+                         # Due to the way Bugzilla::Config::BugFields::get_param_list()
+                         # works, we need to lock these tables too.
+                         'priority READ', 'bug_severity READ', 'rep_platform READ',
+                         'op_sys READ');
 
     # Check that the given group ID and regular expression are valid.
     # If tests are successful, trimmed values are returned by CheckGroup*.
@@ -611,7 +618,7 @@ sub doGroupChanges {
             # If the group is used by some parameters, we have to update
             # these parameters too.
             my $update_params = 0;
-            foreach my $group ('chartgroup', 'insidergroup', 'timetrackinggroup') {
+            foreach my $group (SPECIAL_GROUPS) {
                 if ($cgi->param('oldname') eq Bugzilla->params->{$group}) {
                     SetParam($group, $name);
                     $update_params = 1;
diff --git a/template/en/default/admin/groups/list.html.tmpl b/template/en/default/admin/groups/list.html.tmpl
index 554ead7719..9f4f129c45 100644
--- a/template/en/default/admin/groups/list.html.tmpl
+++ b/template/en/default/admin/groups/list.html.tmpl
@@ -102,6 +102,12 @@
      override_content => 1
      content => "(used as the 'timetrackinggroup')"
    },
+   {
+     match_value => Param("querysharegroup")
+     match_field => 'name'
+     override_content => 1
+     content => "(used as the 'querysharegroup')"
+   },
    {
      match_value => "1"
      match_field => 'isbuggroup'