summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGervase Markham <gerv@gerv.net>2014-12-22 10:53:22 +0100
committerGervase Markham <gerv@gerv.net>2014-12-22 10:53:22 +0100
commit17a4afe9818289e53969f9eec2cef2367a2d6104 (patch)
tree743b4dfd0fbc40c6f9411ea9d67c133aff4b4387
parentf7afaa06475eec2d797c70844ed85661d189c368 (diff)
downloadbugzilla-17a4afe9818289e53969f9eec2cef2367a2d6104.tar.gz
bugzilla-17a4afe9818289e53969f9eec2cef2367a2d6104.tar.xz
Bug 836713 - Make group membership reports publicly-available. r=glob.
-rw-r--r--extensions/BMO/lib/Reports/Groups.pm45
-rw-r--r--extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl6
-rw-r--r--extensions/BMO/template/en/default/pages/group_members.html.tmpl33
-rw-r--r--extensions/BMO/template/en/default/pages/group_members.json.tmpl8
4 files changed, 75 insertions, 17 deletions
diff --git a/extensions/BMO/lib/Reports/Groups.pm b/extensions/BMO/lib/Reports/Groups.pm
index ab0f1efa4..7fa86b243 100644
--- a/extensions/BMO/lib/Reports/Groups.pm
+++ b/extensions/BMO/lib/Reports/Groups.pm
@@ -20,11 +20,18 @@ sub admins_report {
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
- ($user->in_group('editusers') || $user->in_group('infrasec'))
- || ThrowUserError('auth_failure', { group => 'editusers',
+ ($user->in_group('editbugs'))
+ || ThrowUserError('auth_failure', { group => 'editbugs',
action => 'run',
object => 'group_admins' });
+ my @grouplist =
+ ($user->in_group('editusers') || $user->in_group('infrasec'))
+ ? map { lc($_->name) } Bugzilla::Group->get_all
+ : _get_public_membership_groups();
+
+ my $groups = join(',', map { $dbh->quote($_) } @grouplist);
+
my $query = "
SELECT groups.name, " .
$dbh->sql_group_concat('profiles.login_name', "','", 1) . "
@@ -36,6 +43,7 @@ sub admins_report {
LEFT JOIN profiles
ON user_group_map.user_id = profiles.userid
WHERE groups.isbuggroup = 1
+ AND groups.name IN ($groups)
GROUP BY groups.name";
my @groups;
@@ -160,11 +168,16 @@ sub members_report {
my $user = Bugzilla->user;
my $cgi = Bugzilla->cgi;
- ($user->in_group('editusers') || $user->in_group('infrasec'))
- || ThrowUserError('auth_failure', { group => 'editusers',
+ ($user->in_group('editbugs'))
+ || ThrowUserError('auth_failure', { group => 'editbugs',
action => 'run',
object => 'group_admins' });
+ my @grouplist =
+ ($user->in_group('editusers') || $user->in_group('infrasec'))
+ ? map { lc($_->name) } Bugzilla::Group->get_all
+ : _get_public_membership_groups();
+
my $include_disabled = $cgi->param('include_disabled') ? 1 : 0;
$vars->{'include_disabled'} = $include_disabled;
@@ -172,8 +185,7 @@ sub members_report {
my @group_names =
sort
grep { !/^(?:bz_.+|canconfirm|editbugs|editbugs-team|everyone)$/ }
- map { lc($_->name) }
- Bugzilla::Group->get_all;
+ @grouplist;
unshift(@group_names, '');
$vars->{'groups'} = \@group_names;
@@ -240,4 +252,25 @@ sub _filter_userlist {
return [ sort { lc($a->identity) cmp lc($b->identity) } @$list ];
}
+# Groups that any user with editbugs can see the membership or admin lists for.
+# Transparency FTW.
+sub _get_public_membership_groups {
+ my @all_groups = map { lc($_->name) } Bugzilla::Group->get_all;
+
+ my %hardcoded_groups = map { $_ => 1 } qw(
+ bugzilla-approvers
+ bugzilla-reviewers
+ can_restrict_comments
+ community-it-team
+ mozilla-employee-confidential
+ mozilla-foundation-confidential
+ mozilla-reps
+ qa-approvers
+ );
+
+ # We also automatically include all drivers groups - this gives us a little
+ # future-proofing
+ return grep { /-drivers$/ || exists $hardcoded_groups{$_} } @all_groups;
+}
+
1;
diff --git a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
index fd48130eb..34c51db81 100644
--- a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
+++ b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
@@ -24,17 +24,21 @@
<a href="[% urlbase FILTER none %]page.cgi?id=release_tracking_report.html">Release Tracking Report</a>
</strong> - For triaging release-train flag information.
</li>
- [% IF user.in_group('editusers') || user.in_group('infrasec') %]
+ [% IF user.in_group('editbugs') %]
<li>
<strong>
<a href="[% urlbase FILTER none %]page.cgi?id=group_admins.html">Group Admins</a>
</strong> - Lists the administrators of each group.
</li>
+ [% END %]
+ [% IF user.in_group('editusers') || user.in_group('infrasec') %]
<li>
<strong>
<a href="[% urlbase FILTER none %]page.cgi?id=group_membership.html">Group Membership Report</a>
</strong> - Lists the groups a user is a member of.
</li>
+ [% END %]
+ [% IF user.in_group('editbugs') %]
<li>
<strong>
<a href="[% urlbase FILTER none %]page.cgi?id=group_members.html">Group Members Report</a>
diff --git a/extensions/BMO/template/en/default/pages/group_members.html.tmpl b/extensions/BMO/template/en/default/pages/group_members.html.tmpl
index daf4d5b0d..67db8ea2e 100644
--- a/extensions/BMO/template/en/default/pages/group_members.html.tmpl
+++ b/extensions/BMO/template/en/default/pages/group_members.html.tmpl
@@ -11,6 +11,8 @@
style_urls = [ "extensions/BMO/web/styles/reports.css" ]
%]
+[% SET privileged = (user.in_group('editusers') || user.in_group('infrasec')) %]
+
<form method="GET" action="page.cgi">
<input type="hidden" name="id" value="group_members.html">
@@ -48,15 +50,23 @@
<th>Type</th>
<th>Count</th>
<th>Members</th>
- <th class="right">Last Seen (days ago)</th>
+ [% IF privileged %]
+ <th class="right">Last Seen (days ago)</th>
+ [% END %]
</tr>
[% FOREACH type = types %]
[% count = loop.count() %]
<tr class="report_item [% count % 2 == 1 ? "report_row_odd" : "report_row_even" %]">
<td valign="top">
- [% "via&nbsp;" UNLESS type.name == 'direct' %]
- [% type.name FILTER html %]
+ [% IF type.name == 'direct' %]
+ direct
+ [% ELSE %]
+ via&nbsp;
+ [% IF privileged %]
+ [% type.name FILTER html %]
+ [% ELSE %]another&nbsp;group[% END %]
+ [% END %]
</td>
<td valign="top" align="right">
[% type.members.size FILTER html %]
@@ -66,16 +76,23 @@
[% FOREACH member = type.members %]
<tr>
<td width="100%">
- <a href="editusers.cgi?action=edit&amp;userid=[% member.id FILTER none %]"
- target="_blank">
+ [% IF privileged %]
+ <a href="editusers.cgi?action=edit&amp;userid=[% member.id FILTER none %]"
+ target="_blank">
+ [% ELSE %]
+ <a href="user_profile?login=[% member.login FILTER uri %]"
+ target="_blank">
+ [% END %]
<span [% 'class="bz_inactive"' UNLESS member.is_enabled %]>
[% member.name FILTER html %] &lt;[% member.email FILTER email FILTER html %]&gt;
</span>
</a>
</td>
- <td align="right" nowrap>
- [% member.lastseen FILTER html %]
- </td>
+ [% IF privileged %]
+ <td align="right" nowrap>
+ [% member.lastseen FILTER html %]
+ </td>
+ [% END %]
</tr>
[% END %]
</table>
diff --git a/extensions/BMO/template/en/default/pages/group_members.json.tmpl b/extensions/BMO/template/en/default/pages/group_members.json.tmpl
index 8cbb2a23a..e982731f7 100644
--- a/extensions/BMO/template/en/default/pages/group_members.json.tmpl
+++ b/extensions/BMO/template/en/default/pages/group_members.json.tmpl
@@ -20,12 +20,16 @@
"membership": "direct",
[% ELSE %]
"membership": "indirect",
- "group": "[% type.name FILTER js %]",
+ [% IF user.in_group('editusers') || user.in_group('infrasec') %]
+ "group": "[% type.name FILTER js %]",
+ [% END %]
[% END %]
[% IF include_disabled %]
"disabled": "[% member.is_enabled ? "false" : "true" %]",
[% END %]
- "lastseen": "[% member.lastseen FILTER js %]"
+ [% IF user.in_group('editusers') || user.in_group('infrasec') %]
+ "lastseen": "[% member.lastseen FILTER js %]"
+ [% END %]
}[% "," UNLESS i == count %]
[% END %]
[% END %]