diff options
author | lpsolit%gmail.com <> | 2006-08-25 00:56:39 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-08-25 00:56:39 +0200 |
commit | 41e381d9d5d1fe53fbf92127c3f65eac4f531f36 (patch) | |
tree | f1d680fa63706d55f3a9720e3d9bb821e9d2eca4 /Bugzilla/FlagType.pm | |
parent | 6d154983302359ba9d38e1ff659c580853f68c2d (diff) | |
download | bugzilla-41e381d9d5d1fe53fbf92127c3f65eac4f531f36.tar.gz bugzilla-41e381d9d5d1fe53fbf92127c3f65eac4f531f36.tar.xz |
Bug 343809: Merge FlagType::validate() with Flag::validate() - Patch by Frédéric Buclin <LpSolit@gmail.com> a=myk
Diffstat (limited to 'Bugzilla/FlagType.pm')
-rw-r--r-- | Bugzilla/FlagType.pm | 137 |
1 files changed, 0 insertions, 137 deletions
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 47efbd68a..1504be87d 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -359,143 +359,6 @@ sub count { return $count; } -=pod - -=over - -=item C<validate($cgi, $bug_id, $attach_id)> - -Get a list of flag types to validate. Uses the "map" function -to extract flag type IDs from form field names by matching columns -whose name looks like "flag_type-nnn", where "nnn" is the ID, -and returning just the ID portion of matching field names. - -If the attachment is new, it has no ID yet and $attach_id is set -to -1 to force its check anyway. - -=back - -=cut - -sub validate { - my ($cgi, $bug_id, $attach_id) = @_; - - my $user = Bugzilla->user; - my $dbh = Bugzilla->dbh; - - my @ids = map(/^flag_type-(\d+)$/ ? $1 : (), $cgi->param()); - - return unless scalar(@ids); - - # No flag reference should exist when changing several bugs at once. - ThrowCodeError("flags_not_available", { type => 'b' }) unless $bug_id; - - # We don't check that these flag types are valid for - # this bug/attachment. This check will be done later when - # processing new flags, see Flag::FormToNewFlags(). - - # All flag types have to be active - my $inactive_flagtypes = - $dbh->selectrow_array("SELECT 1 FROM flagtypes - WHERE id IN (" . join(',', @ids) . ") - AND is_active = 0 " . - $dbh->sql_limit(1)); - - ThrowCodeError("flag_type_inactive") if $inactive_flagtypes; - - foreach my $id (@ids) { - my $status = $cgi->param("flag_type-$id"); - my @requestees = $cgi->param("requestee_type-$id"); - - # Don't bother validating types the user didn't touch. - next if $status eq "X"; - - # Make sure the flag type exists. - my $flag_type = new Bugzilla::FlagType($id); - $flag_type - || ThrowCodeError("flag_type_nonexistent", { id => $id }); - - # Make sure the value of the field is a valid status. - grep($status eq $_, qw(X + - ?)) - || ThrowCodeError("flag_status_invalid", - { id => $id , status => $status }); - - # Make sure the user didn't request the flag unless it's requestable. - if ($status eq '?' && !$flag_type->is_requestable) { - ThrowCodeError("flag_status_invalid", - { id => $id , status => $status }); - } - - # Make sure the user didn't specify a requestee unless the flag - # is specifically requestable. - if ($status eq '?' - && !$flag_type->is_requesteeble - && scalar(@requestees) > 0) - { - ThrowCodeError("flag_requestee_disabled", { type => $flag_type }); - } - - # Make sure the user didn't enter multiple requestees for a flag - # that can't be requested from more than one person at a time. - if ($status eq '?' - && !$flag_type->is_multiplicable - && scalar(@requestees) > 1) - { - ThrowUserError("flag_not_multiplicable", { type => $flag_type }); - } - - # Make sure the requestees are authorized to access the bug - # (and attachment, if this installation is using the "insider group" - # feature and the attachment is marked private). - if ($status eq '?' && $flag_type->is_requesteeble) { - foreach my $login (@requestees) { - # We know the requestee exists because we ran - # Bugzilla::User::match_field before getting here. - my $requestee = new Bugzilla::User({ name => $login }); - - # Throw an error if the user can't see the bug. - if (!$requestee->can_see_bug($bug_id)) { - ThrowUserError("flag_requestee_unauthorized", - { flag_type => $flag_type, - requestee => $requestee, - bug_id => $bug_id, - attach_id => $attach_id }); - } - - # Throw an error if the target is a private attachment and - # the requestee isn't in the group of insiders who can see it. - if ($attach_id - && Bugzilla->params->{"insidergroup"} - && $cgi->param('isprivate') - && !$requestee->in_group(Bugzilla->params->{"insidergroup"})) - { - ThrowUserError("flag_requestee_unauthorized_attachment", - { flag_type => $flag_type, - requestee => $requestee, - bug_id => $bug_id, - attach_id => $attach_id }); - } - } - } - - # Make sure the user is authorized to modify flags, see bug 180879 - # - User in the grant_group can set flags, including "+" and "-". - next if (!$flag_type->grant_group - || $user->in_group_id($flag_type->grant_group->id)); - - # - User in the request_group can request flags. - next if ($status eq '?' - && (!$flag_type->request_group - || $user->in_group_id($flag_type->request_group->id))); - - # - Any other flag modification is denied - ThrowUserError("flag_update_denied", - { name => $flag_type->name, - status => $status, - old_status => "X" }); - } -} - ###################################################################### # Private Functions ###################################################################### |