summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorByron Jones <bjones@mozilla.com>2013-05-07 07:58:00 +0200
committerByron Jones <bjones@mozilla.com>2013-05-07 07:58:00 +0200
commit2202b4da89a7426ecf208a877ac9032bc44cd7ec (patch)
tree472906394052fb9d86d56933076c0275041a461b /extensions
parentcf7d6aea1af628711f2c870cdc8607390c18089a (diff)
downloadbugzilla-2202b4da89a7426ecf208a877ac9032bc44cd7ec.tar.gz
bugzilla-2202b4da89a7426ecf208a877ac9032bc44cd7ec.tar.xz
Bug 869025: create a report to sanity check product's default security group
Diffstat (limited to 'extensions')
-rw-r--r--extensions/BMO/Extension.pm6
-rw-r--r--extensions/BMO/lib/Reports/ProductSecurity.pm67
-rw-r--r--extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl7
-rw-r--r--extensions/BMO/template/en/default/pages/product_security_report.html.tmpl60
-rw-r--r--extensions/BMO/web/styles/reports.css5
5 files changed, 144 insertions, 1 deletions
diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm
index 07f8357f1..030dcbeab 100644
--- a/extensions/BMO/Extension.pm
+++ b/extensions/BMO/Extension.pm
@@ -174,8 +174,12 @@ sub page_before_template {
require Bugzilla::Extension::BMO::Reports::ReleaseTracking;
Bugzilla::Extension::BMO::Reports::ReleaseTracking::report($vars);
}
+ elsif ($page eq 'product_security_report.html') {
+ require Bugzilla::Extension::BMO::Reports::ProductSecurity;
+ Bugzilla::Extension::BMO::Reports::ProductSecurity::report($vars);
+ }
elsif ($page eq 'fields.html') {
- # Recently global/field-descs.none.tmpl and bug/field-help.none.tmpl
+ # Recently global/field-descs.none.tmpl and bug/field-help.none.tmpl
# were changed for better performance and are now only loaded once.
# I have not found an easy way to allow our hook template to check if
# it is called from pages/fields.html.tmpl. So we set a value in request_cache
diff --git a/extensions/BMO/lib/Reports/ProductSecurity.pm b/extensions/BMO/lib/Reports/ProductSecurity.pm
new file mode 100644
index 000000000..946ad10f0
--- /dev/null
+++ b/extensions/BMO/lib/Reports/ProductSecurity.pm
@@ -0,0 +1,67 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Extension::BMO::Reports::ProductSecurity;
+use strict;
+use warnings;
+
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Product;
+
+sub report {
+ my ($vars) = @_;
+ my $user = Bugzilla->user;
+
+ ($user->in_group('admin') || $user->in_group('infrasec'))
+ || ThrowUserError('auth_failure', { group => 'admin',
+ action => 'run',
+ object => 'product_security' });
+
+ my $moco = Bugzilla::Group->new({ name => 'mozilla-corporation-confidential' })
+ or return;
+
+ my $products = [];
+ foreach my $product (@{ Bugzilla::Product->match({}) }) {
+ my $default_group = $product->default_security_group_obj;
+ my $group_controls = $product->group_controls();
+
+ my $item = {
+ name => $product->name,
+ default_security_group => $product->default_security_group,
+ group_visibility => 'None/None',
+ moco => exists $group_controls->{$moco->id},
+ };
+
+ if ($default_group) {
+ if (my $control = $group_controls->{$default_group->id}) {
+ $item->{group_visibility} = control_to_string($control->{membercontrol}) .
+ '/' . control_to_string($control->{othercontrol});
+ }
+ }
+
+ $item->{group_problem} = $default_group ? '' : "Invalid group " . $product->default_security_group;
+ $item->{visibility_problem} = 'Default security group should be Shown/Shown'
+ if ($item->{group_visibility} ne 'Shown/Shown')
+ && ($item->{group_visibility} ne 'Mandatory/Mandatory')
+ && ($item->{group_visibility} ne 'Default/Default');
+
+ push @$products, $item;
+ }
+ $vars->{products} = $products;
+}
+
+sub control_to_string {
+ my ($control) = @_;
+ return 'NA' if $control == CONTROLMAPNA;
+ return 'Shown' if $control == CONTROLMAPSHOWN;
+ return 'Default' if $control == CONTROLMAPDEFAULT;
+ return 'Mandatory' if $control == CONTROLMAPMANDATORY;
+ return '';
+}
+
+1;
diff --git a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
index 35644c1e4..93f04c4fa 100644
--- a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
+++ b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
@@ -41,6 +41,13 @@
</strong> - Lists the users of groups.
</li>
[% END %]
+ [% IF user.in_group('admin') || user.in_group('infrasec') %]
+ <li>
+ <strong>
+ <a href="[% urlbase FILTER none %]page.cgi?id=product_security_report.html">Product Security Report</a>
+ </strong> - Show each product's default security group and visibility.
+ </li>
+ [% END %]
[% IF user.in_group('admin') || user.in_group('infra') %]
<li>
<strong>
diff --git a/extensions/BMO/template/en/default/pages/product_security_report.html.tmpl b/extensions/BMO/template/en/default/pages/product_security_report.html.tmpl
new file mode 100644
index 000000000..c87f6a418
--- /dev/null
+++ b/extensions/BMO/template/en/default/pages/product_security_report.html.tmpl
@@ -0,0 +1,60 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This Source Code Form is "Incompatible With Secondary Licenses", as
+ # defined by the Mozilla Public License, v. 2.0.
+ #%]
+
+[% INCLUDE global/header.html.tmpl
+ title = "Product Security Report"
+ style_urls = [ "extensions/BMO/web/styles/reports.css" ]
+%]
+
+<table border="0" cellspacing="0" id="report" class="nohover" width="100%">
+ <tr id="report-header">
+ <th>Product</th>
+ <th>Default Security Group</th>
+ <th>Default Group Visibility</th>
+ <th>Mozilla-Confidential</th>
+ </tr>
+
+ [% count = 0 %]
+ [% FOREACH product = products %]
+ [% count = count + 1 %]
+ <tr class="report_item [% count % 2 == 1 ? "report_row_odd" : "report_row_even" %]">
+ <td>
+ <a href="editproducts.cgi?action=editgroupcontrols&product=[% product.name FILTER uri %]" target="_blank">
+ [% product.name FILTER html %]
+ </a>
+ </td>
+ [% IF product.group_problem %]
+ <td class="problem">
+ <span title="[% product.group_problem FILTER html %]">
+ [% product.default_security_group FILTER html %]
+ </span>
+ </td>
+ [% ELSE %]
+ <td>
+ [% product.default_security_group FILTER html %]
+ </td>
+ [% END %]
+ [% IF product.visibility_problem %]
+ <td class="problem">
+ <span title="[% product.visibility_problem FILTER html %]">
+ [% product.group_visibility FILTER html %]
+ </span>
+ </td>
+ [% ELSE %]
+ <td>
+ [% product.group_visibility FILTER html %]
+ </td>
+ [% END %]
+ <td>
+ [% product.moco ? 'Yes' : 'No' FILTER none %]
+ </td>
+ </tr>
+ [% END %]
+</table>
+
+[% INCLUDE global/footer.html.tmpl %]
diff --git a/extensions/BMO/web/styles/reports.css b/extensions/BMO/web/styles/reports.css
index 7ad0df241..ccc931eec 100644
--- a/extensions/BMO/web/styles/reports.css
+++ b/extensions/BMO/web/styles/reports.css
@@ -64,3 +64,8 @@
.hoverrow tr:hover {
background-color: #ccccff;
}
+
+.problem {
+ color: #aa2222;
+}
+