| #!/usr/bin/perl -T |
| # This Source Code Form is subject to the terms of the Mozilla Public |
| # License, v. 2.0. If a copy of the MPL was not distributed with this |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| # |
| # This Source Code Form is "Incompatible With Secondary Licenses", as |
| # defined by the Mozilla Public License, v. 2.0. |
| |
| use 5.10.1; |
| use strict; |
| use warnings; |
| |
| use lib qw(. lib); |
| |
| use Bugzilla; |
| use Bugzilla::Constants; |
| use Bugzilla::Flag; |
| use Bugzilla::FlagType; |
| use Bugzilla::Group; |
| use Bugzilla::Util; |
| use Bugzilla::Error; |
| use Bugzilla::Product; |
| use Bugzilla::Token; |
| |
| # Make sure the user is logged in and has the right privileges. |
| my $user = Bugzilla->login(LOGIN_REQUIRED); |
| my $cgi = Bugzilla->cgi; |
| my $template = Bugzilla->template; |
| |
| print $cgi->header(); |
| |
| $user->in_group('editcomponents') |
| || scalar(@{$user->get_products_by_permission('editcomponents')}) |
| || ThrowUserError("auth_failure", {group => "editcomponents", |
| action => "edit", |
| object => "flagtypes"}); |
| |
| # We need this everywhere. |
| my $vars = get_products_and_components(); |
| my @products = @{$vars->{products}}; |
| |
| my $action = $cgi->param('action') || 'list'; |
| my $token = $cgi->param('token'); |
| my $prod_name = $cgi->param('product'); |
| my $comp_name = $cgi->param('component'); |
| my $flag_id = $cgi->param('id'); |
| |
| my ($product, $component); |
| |
| if ($prod_name) { |
| # Make sure the user is allowed to view this product name. |
| # Users with global editcomponents privs can see all product names. |
| ($product) = grep { lc($_->name) eq lc($prod_name) } @products; |
| $product || ThrowUserError('product_access_denied', { name => $prod_name }); |
| } |
| |
| if ($comp_name) { |
| $product || ThrowUserError('flag_type_component_without_product'); |
| ($component) = grep { lc($_->name) eq lc($comp_name) } @{$product->components}; |
| $component || ThrowUserError('product_unknown_component', { product => $product->name, |
| comp => $comp_name }); |
| } |
| |
| # If 'categoryAction' is set, it has priority over 'action'. |
| if (my ($category_action) = grep { $_ =~ /^categoryAction-(?:\w+)$/ } $cgi->param()) { |
| $category_action =~ s/^categoryAction-//; |
| |
| my @inclusions = $cgi->param('inclusions'); |
| my @exclusions = $cgi->param('exclusions'); |
| my @categories; |
| if ($category_action =~ /^(in|ex)clude$/) { |
| if (!$user->in_group('editcomponents') && !$product) { |
| # The user can only add the flag type to products they can administrate. |
| foreach my $prod (@products) { |
| push(@categories, $prod->id . ':0') |
| } |
| } |
| else { |
| my $category = ($product ? $product->id : 0) . ':' . |
| ($component ? $component->id : 0); |
| push(@categories, $category); |
| } |
| } |
| |
| if ($category_action eq 'include') { |
| foreach my $category (@categories) { |
| push(@inclusions, $category) unless grep($_ eq $category, @inclusions); |
| } |
| } |
| elsif ($category_action eq 'exclude') { |
| foreach my $category (@categories) { |
| push(@exclusions, $category) unless grep($_ eq $category, @exclusions); |
| } |
| } |
| elsif ($category_action eq 'removeInclusion') { |
| my @inclusion_to_remove = $cgi->param('inclusion_to_remove'); |
| foreach my $remove (@inclusion_to_remove) { |
| @inclusions = grep { $_ ne $remove } @inclusions; |
| } |
| } |
| elsif ($category_action eq 'removeExclusion') { |
| my @exclusion_to_remove = $cgi->param('exclusion_to_remove'); |
| foreach my $remove (@exclusion_to_remove) { |
| @exclusions = grep { $_ ne $remove } @exclusions; |
| } |
| } |
| |
| $vars->{'groups'} = get_settable_groups(); |
| $vars->{'action'} = $action; |
| |
| my $type = {}; |
| $type->{$_} = $cgi->param($_) foreach $cgi->param(); |
| # Make sure boolean fields are defined, else they fall back to 1. |
| foreach my $boolean (qw(is_active is_requestable is_requesteeble is_multiplicable)) { |
| $type->{$boolean} ||= 0; |
| } |
| |
| # That's what I call a big hack. The template expects to see a group object. |
| $type->{'grant_group'} = {}; |
| $type->{'grant_group'}->{'name'} = $cgi->param('grant_group'); |
| $type->{'request_group'} = {}; |
| $type->{'request_group'}->{'name'} = $cgi->param('request_group'); |
| |
| $vars->{'inclusions'} = clusion_array_to_hash(\@inclusions, \@products); |
| $vars->{'exclusions'} = clusion_array_to_hash(\@exclusions, \@products); |
| |
| $vars->{'type'} = $type; |
| $vars->{'token'} = $token; |
| $vars->{'check_clusions'} = 1; |
| $vars->{'can_fully_edit'} = $cgi->param('can_fully_edit'); |
| |
| $template->process("admin/flag-type/edit.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'list') { |
| my $product_id = $product ? $product->id : 0; |
| my $component_id = $component ? $component->id : 0; |
| my $show_flag_counts = $cgi->param('show_flag_counts') ? 1 : 0; |
| my $group_id = $cgi->param('group'); |
| if ($group_id) { |
| detaint_natural($group_id) || ThrowUserError('invalid_group_ID'); |
| } |
| |
| my $bug_flagtypes; |
| my $attach_flagtypes; |
| |
| # If a component is given, restrict the list to flag types available |
| # for this component. |
| if ($component) { |
| $bug_flagtypes = $component->flag_types->{'bug'}; |
| $attach_flagtypes = $component->flag_types->{'attachment'}; |
| |
| # Filter flag types if a group ID is given. |
| $bug_flagtypes = filter_group($bug_flagtypes, $group_id); |
| $attach_flagtypes = filter_group($attach_flagtypes, $group_id); |
| |
| } |
| # If only a product is specified but no component, then restrict the list |
| # to flag types available in at least one component of that product. |
| elsif ($product) { |
| $bug_flagtypes = $product->flag_types->{'bug'}; |
| $attach_flagtypes = $product->flag_types->{'attachment'}; |
| |
| # Filter flag types if a group ID is given. |
| $bug_flagtypes = filter_group($bug_flagtypes, $group_id); |
| $attach_flagtypes = filter_group($attach_flagtypes, $group_id); |
| } |
| # If no product is given, then show all flag types available. |
| else { |
| my $flagtypes = get_editable_flagtypes(\@products, $group_id); |
| $bug_flagtypes = [grep { $_->target_type eq 'bug' } @$flagtypes]; |
| $attach_flagtypes = [grep { $_->target_type eq 'attachment' } @$flagtypes]; |
| } |
| |
| if ($show_flag_counts) { |
| my %bug_lists; |
| my %map = ('+' => 'granted', '-' => 'denied', '?' => 'pending'); |
| |
| foreach my $flagtype (@$bug_flagtypes, @$attach_flagtypes) { |
| $bug_lists{$flagtype->id} = {}; |
| my $flags = Bugzilla::Flag->match({type_id => $flagtype->id}); |
| # Build lists of bugs, triaged by flag status. |
| push(@{$bug_lists{$flagtype->id}->{$map{$_->status}}}, $_->bug_id) foreach @$flags; |
| } |
| $vars->{'bug_lists'} = \%bug_lists; |
| $vars->{'show_flag_counts'} = 1; |
| } |
| |
| $vars->{'selected_product'} = $product ? $product->name : ''; |
| $vars->{'selected_component'} = $component ? $component->name : ''; |
| $vars->{'bug_types'} = $bug_flagtypes; |
| $vars->{'attachment_types'} = $attach_flagtypes; |
| |
| $template->process("admin/flag-type/list.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'enter') { |
| my $type = $cgi->param('target_type'); |
| ($type eq 'bug' || $type eq 'attachment') |
| || ThrowCodeError('flag_type_target_type_invalid', { target_type => $type }); |
| |
| $vars->{'action'} = 'insert'; |
| $vars->{'token'} = issue_session_token('add_flagtype'); |
| $vars->{'type'} = { 'target_type' => $type }; |
| # Only users with global editcomponents privs can add a flagtype |
| # to all products. |
| $vars->{'inclusions'} = { '__Any__:__Any__' => '0:0' } |
| if $user->in_group('editcomponents'); |
| $vars->{'can_fully_edit'} = 1; |
| # Get a list of groups available to restrict this flag type against. |
| $vars->{'groups'} = get_settable_groups(); |
| |
| $template->process("admin/flag-type/edit.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'edit' || $action eq 'copy') { |
| my ($flagtype, $can_fully_edit) = $user->check_can_admin_flagtype($flag_id); |
| $vars->{'type'} = $flagtype; |
| $vars->{'can_fully_edit'} = $can_fully_edit; |
| |
| if ($user->in_group('editcomponents')) { |
| $vars->{'inclusions'} = $flagtype->inclusions; |
| $vars->{'exclusions'} = $flagtype->exclusions; |
| } |
| else { |
| # Filter products the user shouldn't know about. |
| $vars->{'inclusions'} = clusion_array_to_hash([values %{$flagtype->inclusions}], \@products); |
| $vars->{'exclusions'} = clusion_array_to_hash([values %{$flagtype->exclusions}], \@products); |
| } |
| |
| if ($action eq 'copy') { |
| $vars->{'action'} = "insert"; |
| $vars->{'token'} = issue_session_token('add_flagtype'); |
| } |
| else { |
| $vars->{'action'} = "update"; |
| $vars->{'token'} = issue_session_token('edit_flagtype'); |
| } |
| |
| # Get a list of groups available to restrict this flag type against. |
| $vars->{'groups'} = get_settable_groups(); |
| |
| $template->process("admin/flag-type/edit.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'insert') { |
| check_token_data($token, 'add_flagtype'); |
| |
| my $name = $cgi->param('name'); |
| my $description = $cgi->param('description'); |
| my $target_type = $cgi->param('target_type'); |
| my $cc_list = $cgi->param('cc_list'); |
| my $sortkey = $cgi->param('sortkey'); |
| my $is_active = $cgi->param('is_active'); |
| my $is_requestable = $cgi->param('is_requestable'); |
| my $is_specifically = $cgi->param('is_requesteeble'); |
| my $is_multiplicable = $cgi->param('is_multiplicable'); |
| my $grant_group = $cgi->param('grant_group'); |
| my $request_group = $cgi->param('request_group'); |
| my @inclusions = $cgi->param('inclusions'); |
| my @exclusions = $cgi->param('exclusions'); |
| |
| # Filter inclusion and exclusion lists to products the user can see. |
| unless ($user->in_group('editcomponents')) { |
| @inclusions = values %{clusion_array_to_hash(\@inclusions, \@products)}; |
| @exclusions = values %{clusion_array_to_hash(\@exclusions, \@products)}; |
| } |
| |
| my $flagtype = Bugzilla::FlagType->create({ |
| name => $name, |
| description => $description, |
| target_type => $target_type, |
| cc_list => $cc_list, |
| sortkey => $sortkey, |
| is_active => $is_active, |
| is_requestable => $is_requestable, |
| is_requesteeble => $is_specifically, |
| is_multiplicable => $is_multiplicable, |
| grant_group => $grant_group, |
| request_group => $request_group, |
| inclusions => \@inclusions, |
| exclusions => \@exclusions |
| }); |
| |
| delete_token($token); |
| |
| $vars->{'name'} = $flagtype->name; |
| $vars->{'message'} = "flag_type_created"; |
| |
| my $flagtypes = get_editable_flagtypes(\@products); |
| $vars->{'bug_types'} = [grep { $_->target_type eq 'bug' } @$flagtypes]; |
| $vars->{'attachment_types'} = [grep { $_->target_type eq 'attachment' } @$flagtypes]; |
| |
| $template->process("admin/flag-type/list.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'update') { |
| check_token_data($token, 'edit_flagtype'); |
| |
| my $name = $cgi->param('name'); |
| my $description = $cgi->param('description'); |
| my $cc_list = $cgi->param('cc_list'); |
| my $sortkey = $cgi->param('sortkey'); |
| my $is_active = $cgi->param('is_active'); |
| my $is_requestable = $cgi->param('is_requestable'); |
| my $is_specifically = $cgi->param('is_requesteeble'); |
| my $is_multiplicable = $cgi->param('is_multiplicable'); |
| my $grant_group = $cgi->param('grant_group'); |
| my $request_group = $cgi->param('request_group'); |
| my @inclusions = $cgi->param('inclusions'); |
| my @exclusions = $cgi->param('exclusions'); |
| |
| my ($flagtype, $can_fully_edit) = $user->check_can_admin_flagtype($flag_id); |
| if ($cgi->param('check_clusions') && !$user->in_group('editcomponents')) { |
| # Filter inclusion and exclusion lists to products the user can edit. |
| @inclusions = values %{clusion_array_to_hash(\@inclusions, \@products)}; |
| @exclusions = values %{clusion_array_to_hash(\@exclusions, \@products)}; |
| # Bring back the products the user cannot edit. |
| foreach my $item (values %{$flagtype->inclusions}) { |
| my ($prod_id, $comp_id) = split(':', $item); |
| push(@inclusions, $item) unless grep { $_->id == $prod_id } @products; |
| } |
| foreach my $item (values %{$flagtype->exclusions}) { |
| my ($prod_id, $comp_id) = split(':', $item); |
| push(@exclusions, $item) unless grep { $_->id == $prod_id } @products; |
| } |
| } |
| |
| if ($can_fully_edit) { |
| $flagtype->set_name($name); |
| $flagtype->set_description($description); |
| $flagtype->set_cc_list($cc_list); |
| $flagtype->set_sortkey($sortkey); |
| $flagtype->set_is_active($is_active); |
| $flagtype->set_is_requestable($is_requestable); |
| $flagtype->set_is_specifically_requestable($is_specifically); |
| $flagtype->set_is_multiplicable($is_multiplicable); |
| $flagtype->set_grant_group($grant_group); |
| $flagtype->set_request_group($request_group); |
| } |
| $flagtype->set_clusions({ inclusions => \@inclusions, exclusions => \@exclusions}) |
| if $cgi->param('check_clusions'); |
| my $changes = $flagtype->update(); |
| |
| delete_token($token); |
| |
| $vars->{'flagtype'} = $flagtype; |
| $vars->{'changes'} = $changes; |
| $vars->{'message'} = 'flag_type_updated'; |
| |
| my $flagtypes = get_editable_flagtypes(\@products); |
| $vars->{'bug_types'} = [grep { $_->target_type eq 'bug' } @$flagtypes]; |
| $vars->{'attachment_types'} = [grep { $_->target_type eq 'attachment' } @$flagtypes]; |
| |
| $template->process("admin/flag-type/list.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'confirmdelete') { |
| my ($flagtype, $can_fully_edit) = $user->check_can_admin_flagtype($flag_id); |
| ThrowUserError('flag_type_cannot_delete', { flagtype => $flagtype }) unless $can_fully_edit; |
| |
| $vars->{'flag_type'} = $flagtype; |
| $vars->{'token'} = issue_session_token('delete_flagtype'); |
| |
| $template->process("admin/flag-type/confirm-delete.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'delete') { |
| check_token_data($token, 'delete_flagtype'); |
| |
| my ($flagtype, $can_fully_edit) = $user->check_can_admin_flagtype($flag_id); |
| ThrowUserError('flag_type_cannot_delete', { flagtype => $flagtype }) unless $can_fully_edit; |
| |
| $flagtype->remove_from_db(); |
| |
| delete_token($token); |
| |
| $vars->{'name'} = $flagtype->name; |
| $vars->{'message'} = "flag_type_deleted"; |
| |
| my @flagtypes = Bugzilla::FlagType->get_all; |
| $vars->{'bug_types'} = [grep { $_->target_type eq 'bug' } @flagtypes]; |
| $vars->{'attachment_types'} = [grep { $_->target_type eq 'attachment' } @flagtypes]; |
| |
| $template->process("admin/flag-type/list.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| if ($action eq 'deactivate') { |
| check_token_data($token, 'delete_flagtype'); |
| |
| my ($flagtype, $can_fully_edit) = $user->check_can_admin_flagtype($flag_id); |
| ThrowUserError('flag_type_cannot_deactivate', { flagtype => $flagtype }) unless $can_fully_edit; |
| |
| $flagtype->set_is_active(0); |
| $flagtype->update(); |
| |
| delete_token($token); |
| |
| $vars->{'message'} = "flag_type_deactivated"; |
| $vars->{'flag_type'} = $flagtype; |
| |
| my @flagtypes = Bugzilla::FlagType->get_all; |
| $vars->{'bug_types'} = [grep { $_->target_type eq 'bug' } @flagtypes]; |
| $vars->{'attachment_types'} = [grep { $_->target_type eq 'attachment' } @flagtypes]; |
| |
| $template->process("admin/flag-type/list.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| exit; |
| } |
| |
| ThrowUserError('unknown_action', {action => $action}); |
| |
| ##################### |
| # Helper subroutines |
| ##################### |
| |
| sub get_products_and_components { |
| my $vars = {}; |
| my $user = Bugzilla->user; |
| |
| my @products; |
| if ($user->in_group('editcomponents')) { |
| if (Bugzilla->params->{useclassification}) { |
| # We want products grouped by classifications. |
| @products = map { @{ $_->products } } Bugzilla::Classification->get_all; |
| } |
| else { |
| @products = Bugzilla::Product->get_all; |
| } |
| } |
| else { |
| @products = @{$user->get_products_by_permission('editcomponents')}; |
| |
| if (Bugzilla->params->{useclassification}) { |
| my %class; |
| push(@{$class{$_->classification_id}}, $_) foreach @products; |
| |
| # Let's sort the list by classifications. |
| @products = (); |
| push(@products, @{$class{$_->id}}) foreach Bugzilla::Classification->get_all; |
| } |
| } |
| |
| my %components; |
| foreach my $product (@products) { |
| $components{$_->name} = 1 foreach @{$product->components}; |
| } |
| $vars->{'products'} = \@products; |
| $vars->{'components'} = [sort(keys %components)]; |
| return $vars; |
| } |
| |
| sub get_editable_flagtypes { |
| my ($products, $group_id) = @_; |
| my $flagtypes; |
| |
| if (Bugzilla->user->in_group('editcomponents')) { |
| $flagtypes = Bugzilla::FlagType::match({ group => $group_id }); |
| return $flagtypes; |
| } |
| |
| my %visible_flagtypes; |
| foreach my $product (@$products) { |
| foreach my $target ('bug', 'attachment') { |
| my $prod_flagtypes = $product->flag_types->{$target}; |
| $visible_flagtypes{$_->id} ||= $_ foreach @$prod_flagtypes; |
| } |
| } |
| @$flagtypes = sort { $a->sortkey <=> $b->sortkey || $a->name cmp $b->name } |
| values %visible_flagtypes; |
| # Filter flag types if a group ID is given. |
| $flagtypes = filter_group($flagtypes, $group_id); |
| return $flagtypes; |
| } |
| |
| sub get_settable_groups { |
| my $user = Bugzilla->user; |
| my $groups = $user->in_group('editcomponents') ? [Bugzilla::Group->get_all] : $user->groups; |
| return $groups; |
| } |
| |
| sub filter_group { |
| my ($flag_types, $gid) = @_; |
| return $flag_types unless $gid; |
| |
| my @flag_types = grep {($_->grant_group && $_->grant_group->id == $gid) |
| || ($_->request_group && $_->request_group->id == $gid)} @$flag_types; |
| |
| return \@flag_types; |
| } |
| |
| # Convert the array @clusions('prod_ID:comp_ID') back to a hash of |
| # the form %clusions{'prod_name:comp_name'} = 'prod_ID:comp_ID' |
| sub clusion_array_to_hash { |
| my ($array, $visible_products) = @_; |
| my $user = Bugzilla->user; |
| my $has_privs = $user->in_group('editcomponents'); |
| |
| my %hash; |
| my %products; |
| my %components; |
| |
| foreach my $ids (@$array) { |
| my ($product_id, $component_id) = split(":", $ids); |
| my $product_name = "__Any__"; |
| my $component_name = "__Any__"; |
| |
| if ($product_id) { |
| ($products{$product_id}) = grep { $_->id == $product_id } @$visible_products; |
| next unless $products{$product_id}; |
| $product_name = $products{$product_id}->name; |
| |
| if ($component_id) { |
| ($components{$component_id}) = |
| grep { $_->id == $component_id } @{$products{$product_id}->components}; |
| next unless $components{$component_id}; |
| $component_name = $components{$component_id}->name; |
| } |
| } |
| else { |
| # Users with local editcomponents privs cannot use __Any__:__Any__. |
| next unless $has_privs; |
| # It's illegal to select a component without a product. |
| next if $component_id; |
| } |
| $hash{"$product_name:$component_name"} = $ids; |
| } |
| return \%hash; |
| } |