summaryrefslogtreecommitdiffstats
path: root/extensions/BMO/lib/Reports
diff options
context:
space:
mode:
authorGervase Markham <gerv@gerv.net>2014-12-22 10:53:22 +0100
committerGervase Markham <gerv@gerv.net>2014-12-22 10:53:22 +0100
commit17a4afe9818289e53969f9eec2cef2367a2d6104 (patch)
tree743b4dfd0fbc40c6f9411ea9d67c133aff4b4387 /extensions/BMO/lib/Reports
parentf7afaa06475eec2d797c70844ed85661d189c368 (diff)
downloadbugzilla-17a4afe9818289e53969f9eec2cef2367a2d6104.tar.gz
bugzilla-17a4afe9818289e53969f9eec2cef2367a2d6104.tar.xz
Bug 836713 - Make group membership reports publicly-available. r=glob.
Diffstat (limited to 'extensions/BMO/lib/Reports')
-rw-r--r--extensions/BMO/lib/Reports/Groups.pm45
1 files changed, 39 insertions, 6 deletions
diff --git a/extensions/BMO/lib/Reports/Groups.pm b/extensions/BMO/lib/Reports/Groups.pm
index ab0f1efa4..7fa86b243 100644
--- a/extensions/BMO/lib/Reports/Groups.pm
+++ b/extensions/BMO/lib/Reports/Groups.pm
@@ -20,11 +20,18 @@ sub admins_report {
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
- ($user->in_group('editusers') || $user->in_group('infrasec'))
- || ThrowUserError('auth_failure', { group => 'editusers',
+ ($user->in_group('editbugs'))
+ || ThrowUserError('auth_failure', { group => 'editbugs',
action => 'run',
object => 'group_admins' });
+ my @grouplist =
+ ($user->in_group('editusers') || $user->in_group('infrasec'))
+ ? map { lc($_->name) } Bugzilla::Group->get_all
+ : _get_public_membership_groups();
+
+ my $groups = join(',', map { $dbh->quote($_) } @grouplist);
+
my $query = "
SELECT groups.name, " .
$dbh->sql_group_concat('profiles.login_name', "','", 1) . "
@@ -36,6 +43,7 @@ sub admins_report {
LEFT JOIN profiles
ON user_group_map.user_id = profiles.userid
WHERE groups.isbuggroup = 1
+ AND groups.name IN ($groups)
GROUP BY groups.name";
my @groups;
@@ -160,11 +168,16 @@ sub members_report {
my $user = Bugzilla->user;
my $cgi = Bugzilla->cgi;
- ($user->in_group('editusers') || $user->in_group('infrasec'))
- || ThrowUserError('auth_failure', { group => 'editusers',
+ ($user->in_group('editbugs'))
+ || ThrowUserError('auth_failure', { group => 'editbugs',
action => 'run',
object => 'group_admins' });
+ my @grouplist =
+ ($user->in_group('editusers') || $user->in_group('infrasec'))
+ ? map { lc($_->name) } Bugzilla::Group->get_all
+ : _get_public_membership_groups();
+
my $include_disabled = $cgi->param('include_disabled') ? 1 : 0;
$vars->{'include_disabled'} = $include_disabled;
@@ -172,8 +185,7 @@ sub members_report {
my @group_names =
sort
grep { !/^(?:bz_.+|canconfirm|editbugs|editbugs-team|everyone)$/ }
- map { lc($_->name) }
- Bugzilla::Group->get_all;
+ @grouplist;
unshift(@group_names, '');
$vars->{'groups'} = \@group_names;
@@ -240,4 +252,25 @@ sub _filter_userlist {
return [ sort { lc($a->identity) cmp lc($b->identity) } @$list ];
}
+# Groups that any user with editbugs can see the membership or admin lists for.
+# Transparency FTW.
+sub _get_public_membership_groups {
+ my @all_groups = map { lc($_->name) } Bugzilla::Group->get_all;
+
+ my %hardcoded_groups = map { $_ => 1 } qw(
+ bugzilla-approvers
+ bugzilla-reviewers
+ can_restrict_comments
+ community-it-team
+ mozilla-employee-confidential
+ mozilla-foundation-confidential
+ mozilla-reps
+ qa-approvers
+ );
+
+ # We also automatically include all drivers groups - this gives us a little
+ # future-proofing
+ return grep { /-drivers$/ || exists $hardcoded_groups{$_} } @all_groups;
+}
+
1;