diff options
-rw-r--r-- | Attachment.pm | 5 | ||||
-rw-r--r-- | Bugzilla/Attachment.pm | 5 | ||||
-rw-r--r-- | Bugzilla/Search.pm | 3 | ||||
-rw-r--r-- | CGI.pl | 2 | ||||
-rwxr-xr-x | attachment.cgi | 99 | ||||
-rwxr-xr-x | checksetup.pl | 10 | ||||
-rw-r--r-- | defparams.pl | 6 | ||||
-rw-r--r-- | globals.pl | 27 | ||||
-rwxr-xr-x | process_bug.cgi | 21 | ||||
-rwxr-xr-x | processmail | 23 | ||||
-rw-r--r-- | template/en/default/attachment/create.html.tmpl | 17 | ||||
-rw-r--r-- | template/en/default/attachment/edit.html.tmpl | 3 | ||||
-rw-r--r-- | template/en/default/attachment/list.html.tmpl | 6 | ||||
-rw-r--r-- | template/en/default/bug/comments.html.tmpl | 32 | ||||
-rw-r--r-- | template/en/default/bug/edit.html.tmpl | 7 | ||||
-rw-r--r-- | template/en/default/bug/show-multiple.html.tmpl | 2 |
16 files changed, 194 insertions, 74 deletions
diff --git a/Attachment.pm b/Attachment.pm index 23e634276..b4216d4c6 100644 --- a/Attachment.pm +++ b/Attachment.pm @@ -49,7 +49,7 @@ sub query # of hashes in which each hash represents a single attachment. &::SendSQL(" SELECT attach_id, creation_ts, mimetype, description, ispatch, - isobsolete, submitter_id + isobsolete, isprivate, submitter_id FROM attachments WHERE bug_id = $bugid ORDER BY attach_id "); my @attachments = (); @@ -57,7 +57,8 @@ sub query my %a; my $submitter_id; ($a{'attachid'}, $a{'date'}, $a{'contenttype'}, $a{'description'}, - $a{'ispatch'}, $a{'isobsolete'}, $submitter_id) = &::FetchSQLData(); + $a{'ispatch'}, $a{'isobsolete'}, $a{'isprivate'}, $submitter_id) + = &::FetchSQLData(); # Format the attachment's creation/modification date into a standard # format (YYYY-MM-DD HH:MM) diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 23e634276..b4216d4c6 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -49,7 +49,7 @@ sub query # of hashes in which each hash represents a single attachment. &::SendSQL(" SELECT attach_id, creation_ts, mimetype, description, ispatch, - isobsolete, submitter_id + isobsolete, isprivate, submitter_id FROM attachments WHERE bug_id = $bugid ORDER BY attach_id "); my @attachments = (); @@ -57,7 +57,8 @@ sub query my %a; my $submitter_id; ($a{'attachid'}, $a{'date'}, $a{'contenttype'}, $a{'description'}, - $a{'ispatch'}, $a{'isobsolete'}, $submitter_id) = &::FetchSQLData(); + $a{'ispatch'}, $a{'isobsolete'}, $a{'isprivate'}, $submitter_id) + = &::FetchSQLData(); # Format the attachment's creation/modification date into a standard # format (YYYY-MM-DD HH:MM) diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 257b7656d..9ce9d78f4 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -312,6 +312,9 @@ sub init { "^long_?desc," => sub { my $table = "longdescs_$chartid"; push(@supptables, "longdescs $table"); + if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) { + push(@wherepart, "$table.isprivate < 1") ; + } push(@wherepart, "$table.bug_id = bugs.bug_id"); $f = "$table.thetext"; }, @@ -937,7 +937,7 @@ sub CheckIfVotedConfirmed { } AppendComment($id, DBID_to_name($who), - "*** This bug has been confirmed by popular vote. ***"); + "*** This bug has been confirmed by popular vote. ***", 0); $vars->{'type'} = "votes"; $vars->{'id'} = $id; diff --git a/attachment.cgi b/attachment.cgi index 5614549e4..9f3b39fcc 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -109,6 +109,7 @@ elsif ($action eq "update") validateIsPatch(); validateContentType() unless $::FORM{'ispatch'}; validateIsObsolete(); + validatePrivate(); validateStatuses(); update(); } @@ -125,22 +126,25 @@ exit; sub validateID { - # Validate the value of the "id" form field, which must contain an - # integer that is the ID of an existing attachment. + # Validate the value of the "id" form field, which must contain an + # integer that is the ID of an existing attachment. - detaint_natural($::FORM{'id'}) - || DisplayError("You did not enter a valid attachment number.") + detaint_natural($::FORM{'id'}) + || DisplayError("You did not enter a valid attachment number.") && exit; - # Make sure the attachment exists in the database. - SendSQL("SELECT bug_id FROM attachments WHERE attach_id = $::FORM{'id'}"); - MoreSQLData() - || DisplayError("Attachment #$::FORM{'id'} does not exist.") - && exit; + # Make sure the attachment exists in the database. + SendSQL("SELECT bug_id, isprivate FROM attachments WHERE attach_id = $::FORM{'id'}"); + MoreSQLData() + || DisplayError("Attachment #$::FORM{'id'} does not exist.") + && exit; - # Make sure the user is authorized to access this attachment's bug. - my ($bugid) = FetchSQLData(); - ValidateBugID($bugid); + # Make sure the user is authorized to access this attachment's bug. + my ($bugid, $isprivate) = FetchSQLData(); + ValidateBugID($bugid); + if (($isprivate > 0 ) && Param("insidergroup") && !(UserInGroup(Param("insidergroup")))) { + ThrowUserError("You are not permitted access to this attachment."); + } } sub validateCanEdit @@ -244,6 +248,14 @@ sub validateIsObsolete $::FORM{'isobsolete'} = $::FORM{'isobsolete'} ? 1 : 0; } +sub validatePrivate +{ + # Set the isprivate flag to zero if it is undefined, since the UI uses + # an HTML checkbox to represent this flag, and unchecked HTML checkboxes + # do not get sent in HTML requests. + $::FORM{'isprivate'} = $::FORM{'isprivate'} ? 1 : 0; +} + sub validateStatuses { # Get a list of attachment statuses that are valid for this attachment. @@ -354,16 +366,16 @@ sub validateObsolete sub view { - # Display an attachment. + # Display an attachment. - # Retrieve the attachment content and its content type from the database. - SendSQL("SELECT mimetype, thedata FROM attachments WHERE attach_id = $::FORM{'id'}"); - my ($contenttype, $thedata) = FetchSQLData(); + # Retrieve the attachment content and its content type from the database. + SendSQL("SELECT mimetype, thedata FROM attachments WHERE attach_id = $::FORM{'id'}"); + my ($contenttype, $thedata) = FetchSQLData(); - # Return the appropriate HTTP response headers. - print "Content-Type: $contenttype\n\n"; + # Return the appropriate HTTP response headers. + print "Content-Type: $contenttype\n\n"; - print $thedata; + print $thedata; } @@ -373,14 +385,20 @@ sub viewall # Retrieve the attachments from the database and write them into an array # of hashes where each hash represents one attachment. - SendSQL("SELECT attach_id, creation_ts, mimetype, description, ispatch, isobsolete - FROM attachments WHERE bug_id = $::FORM{'bugid'} ORDER BY attach_id"); + my $privacy = ""; + if (Param("insidergroup") && !(UserInGroup(Param("insidergroup")))) { + $privacy = "AND isprivate < 1 "; + } + SendSQL("SELECT attach_id, creation_ts, mimetype, description, + ispatch, isobsolete, isprivate + FROM attachments WHERE bug_id = $::FORM{'bugid'} $privacy + ORDER BY attach_id"); my @attachments; # the attachments array while (MoreSQLData()) { my %a; # the attachment hash ($a{'attachid'}, $a{'date'}, $a{'contenttype'}, - $a{'description'}, $a{'ispatch'}, $a{'isobsolete'}) = FetchSQLData(); + $a{'description'}, $a{'ispatch'}, $a{'isobsolete'}, $a{'isprivate'}) = FetchSQLData(); # Flag attachments as to whether or not they can be viewed (as opposed to # being downloaded). Currently I decide they are viewable if their MIME type @@ -432,7 +450,7 @@ sub enter if (!UserInGroup("editbugs")) { $canEdit = "AND submitter_id = $::userid"; } - SendSQL("SELECT attach_id, description + SendSQL("SELECT attach_id, description, isprivate FROM attachments WHERE bug_id = $::FORM{'bugid'} AND isobsolete = 0 $canEdit @@ -440,7 +458,7 @@ sub enter my @attachments; # the attachments array while ( MoreSQLData() ) { my %a; # the attachment hash - ($a{'id'}, $a{'description'}) = FetchSQLData(); + ($a{'id'}, $a{'description'}, $a{'isprivate'}) = FetchSQLData(); # Add the hash representing the attachment to the array of attachments. push @attachments, \%a; @@ -473,10 +491,11 @@ sub insert my $description = SqlQuote($::FORM{'description'}); my $contenttype = SqlQuote($::FORM{'contenttype'}); my $thedata = SqlQuote($::FORM{'data'}); + my $isprivate = $::FORM{'isprivate'} ? 1 : 0; # Insert the attachment into the database. - SendSQL("INSERT INTO attachments (bug_id, creation_ts, filename, description, mimetype, ispatch, submitter_id, thedata) - VALUES ($::FORM{'bugid'}, now(), $filename, $description, $contenttype, $::FORM{'ispatch'}, $::userid, $thedata)"); + SendSQL("INSERT INTO attachments (bug_id, creation_ts, filename, description, mimetype, ispatch, isprivate, submitter_id, thedata) + VALUES ($::FORM{'bugid'}, now(), $filename, $description, $contenttype, $::FORM{'ispatch'}, $isprivate, $::userid, $thedata)"); # Retrieve the ID of the newly created attachment record. SendSQL("SELECT LAST_INSERT_ID()"); @@ -493,14 +512,15 @@ sub insert AppendComment($::FORM{'bugid'}, $::COOKIE{"Bugzilla_login"}, - $comment); + $comment, + $isprivate); # Make existing attachments obsolete. my $fieldid = GetFieldID('attachments.isobsolete'); foreach my $attachid (@{$::MFORM{'obsolete'}}) { - SendSQL("UPDATE attachments SET isobsolete = 1 WHERE attach_id = $attachid"); - SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added) - VALUES ($::FORM{'bugid'}, $attachid, $::userid, NOW(), $fieldid, '0', '1')"); + SendSQL("UPDATE attachments SET isobsolete = 1 WHERE attach_id = $attachid"); + SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added) + VALUES ($::FORM{'bugid'}, $attachid, $::userid, NOW(), $fieldid, '0', '1')"); } # Send mail to let people know the attachment has been created. Uses a @@ -540,9 +560,9 @@ sub edit # Users cannot edit the content of the attachment itself. # Retrieve the attachment from the database. - SendSQL("SELECT description, mimetype, bug_id, ispatch, isobsolete + SendSQL("SELECT description, mimetype, bug_id, ispatch, isobsolete, isprivate FROM attachments WHERE attach_id = $::FORM{'id'}"); - my ($description, $contenttype, $bugid, $ispatch, $isobsolete) = FetchSQLData(); + my ($description, $contenttype, $bugid, $ispatch, $isobsolete, $isprivate) = FetchSQLData(); # Flag attachment as to whether or not it can be viewed (as opposed to # being downloaded). Currently I decide it is viewable if its content @@ -592,6 +612,7 @@ sub edit $vars->{'bugsummary'} = $bugsummary; $vars->{'ispatch'} = $ispatch; $vars->{'isobsolete'} = $isobsolete; + $vars->{'isprivate'} = $isprivate; $vars->{'isviewable'} = $isviewable; $vars->{'statuses'} = \%statuses; $vars->{'statusdefs'} = \@statusdefs; @@ -619,12 +640,12 @@ sub update # Lock database tables in preparation for updating the attachment. SendSQL("LOCK TABLES attachments WRITE , attachstatuses WRITE , attachstatusdefs READ , fielddefs READ , bugs_activity WRITE"); - # Get a copy of the attachment record before we make changes # so we can record those changes in the activity table. - SendSQL("SELECT description, mimetype, ispatch, isobsolete + SendSQL("SELECT description, mimetype, ispatch, isobsolete, isprivate FROM attachments WHERE attach_id = $::FORM{'id'}"); - my ($olddescription, $oldcontenttype, $oldispatch, $oldisobsolete) = FetchSQLData(); + my ($olddescription, $oldcontenttype, $oldispatch, $oldisobsolete, + $oldisprivate ) = FetchSQLData(); # Get the list of old status flags. SendSQL("SELECT attachstatusdefs.name @@ -672,6 +693,7 @@ sub update mimetype = $quotedcontenttype , ispatch = $::FORM{'ispatch'} , isobsolete = $::FORM{'isobsolete'} + isprivate = $::FORM{'isprivate'} , WHERE attach_id = $::FORM{'id'} "); @@ -698,6 +720,11 @@ sub update SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added) VALUES ($bugid, $::FORM{'id'}, $::userid, NOW(), $fieldid, $oldisobsolete, $::FORM{'isobsolete'})"); } + if ($oldisprivate ne $::FORM{'isprivate'}) { + my $fieldid = GetFieldID('attachments.isprivate'); + SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added) + VALUES ($bugid, $::FORM{'id'}, $::userid, NOW(), $fieldid, $oldisprivate, $::FORM{'isprivate'})"); + } if ($oldstatuslist ne $newstatuslist) { my ($removed, $added) = DiffStrings($oldstatuslist, $newstatuslist); my $quotedremoved = SqlQuote($removed); @@ -759,7 +786,7 @@ sub update my $neverused = $::userid; # Append the comment to the list of comments in the database. - AppendComment($bugid, $who, $wrappedcomment); + AppendComment($bugid, $who, $wrappedcomment, $::FORM{'isprivate'}); } diff --git a/checksetup.pl b/checksetup.pl index 34b487443..0a37174dd 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -1316,6 +1316,7 @@ $table{attachments} = thedata longblob not null, submitter_id mediumint not null, isobsolete tinyint not null default 0, + isprivate tinyint not null default 0, index(bug_id), index(creation_ts)'; @@ -1414,7 +1415,7 @@ $table{longdescs} = who mediumint not null, bug_when datetime not null, thetext mediumtext, - + isprivate tinyint not null default 0, index(bug_id), index(who), index(bug_when)'; @@ -1794,6 +1795,7 @@ AddFDef("attachments.thedata", "Attachment data", 0); AddFDef("attachments.mimetype", "Attachment mime type", 0); AddFDef("attachments.ispatch", "Attachment is patch", 0); AddFDef("attachments.isobsolete", "Attachment is obsolete", 0); +AddFDef("attachments.isprivate", "Attachment is private", 0); AddFDef("attachstatusdefs.name", "Attachment Status", 0); AddFDef("target_milestone", "Target Milestone", 0); AddFDef("delta_ts", "Last changed date", 0); @@ -2503,6 +2505,12 @@ if (GetFieldDef('bugs_activity', 'field')) { DropField('bugs_activity', 'field'); } + +# 2002-05-10 - enhanchment bug 143826 +# Add private comments and private attachments on less-private bugs +AddField('longdescs', 'isprivate', 'tinyint not null default 0'); +AddField('attachments', 'isprivate', 'tinyint not null default 0'); + # 2000-01-18 New email-notification scheme uses a new field in the bug to diff --git a/defparams.pl b/defparams.pl index bc73de600..4f30f85a9 100644 --- a/defparams.pl +++ b/defparams.pl @@ -717,4 +717,10 @@ DefParam("maxattachmentsize" , "t" , '1000'); +DefParam("insidergroup", + "The name of the group of users who can see/change private comments + and attachments.", + "t", + ''); 1; + diff --git a/globals.pl b/globals.pl index 9f15976b2..b437d343f 100644 --- a/globals.pl +++ b/globals.pl @@ -323,7 +323,7 @@ sub FetchOneColumn { "status", "resolution", "summary"); sub AppendComment { - my ($bugid,$who,$comment) = (@_); + my ($bugid,$who,$comment,$isprivate) = (@_); $comment =~ s/\r\n/\n/g; # Get rid of windows-style line endings. $comment =~ s/\r/\n/g; # Get rid of mac-style line endings. if ($comment =~ /^\s*$/) { # Nothin' but whitespace. @@ -331,9 +331,10 @@ sub AppendComment { } my $whoid = DBNameToIdAndCheck($who); - - SendSQL("INSERT INTO longdescs (bug_id, who, bug_when, thetext) " . - "VALUES($bugid, $whoid, now(), " . SqlQuote($comment) . ")"); + my $privacyval = $isprivate ? 1 : 0 ; + SendSQL("INSERT INTO longdescs (bug_id, who, bug_when, thetext, isprivate) " . + "VALUES($bugid, $whoid, now(), " . SqlQuote($comment) . ", " . + $privacyval . ")"); SendSQL("UPDATE bugs SET delta_ts = now() WHERE bug_id = $bugid"); } @@ -1137,8 +1138,9 @@ sub GetLongDescriptionAsText { my ($id, $start, $end) = (@_); my $result = ""; my $count = 0; + my $anyprivate = 0; my ($query) = ("SELECT profiles.login_name, longdescs.bug_when, " . - " longdescs.thetext " . + " longdescs.thetext, longdescs.isprivate " . "FROM longdescs, profiles " . "WHERE profiles.userid = longdescs.who " . "AND longdescs.bug_id = $id "); @@ -1156,25 +1158,29 @@ sub GetLongDescriptionAsText { $query .= "ORDER BY longdescs.bug_when"; SendSQL($query); while (MoreSQLData()) { - my ($who, $when, $text) = (FetchSQLData()); + my ($who, $when, $text, $isprivate) = (FetchSQLData()); if ($count) { $result .= "\n\n------- Additional Comments From $who".Param('emailsuffix')." ". time2str("%Y-%m-%d %H:%M", str2time($when)) . " -------\n"; } + if (($isprivate > 0) && Param("insidergroup")) { + $anyprivate = 1; + } $result .= $text; $count++; } - return $result; + return ($result, $anyprivate); } sub GetComments { my ($id) = (@_); my @comments; - SendSQL("SELECT profiles.realname, profiles.login_name, date_format(longdescs.bug_when,'%Y-%m-%d %H:%i'), - longdescs.thetext + longdescs.thetext, + isprivate, + date_format(longdescs.bug_when,'%Y%m%d%H%i%s') FROM longdescs, profiles WHERE profiles.userid = longdescs.who AND longdescs.bug_id = $id @@ -1182,7 +1188,8 @@ sub GetComments { while (MoreSQLData()) { my %comment; - ($comment{'name'}, $comment{'email'}, $comment{'time'}, $comment{'body'}) = FetchSQLData(); + ($comment{'name'}, $comment{'email'}, $comment{'time'}, $comment{'body'}, + $comment{'isprivate'}, $comment{'when'}) = FetchSQLData(); $comment{'email'} .= Param('emailsuffix'); $comment{'name'} = $comment{'name'} || $comment{'email'}; diff --git a/process_bug.cgi b/process_bug.cgi index 85522b66d..02089297a 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -630,6 +630,22 @@ if ( $::FORM{'id'} ) { } } +if ($::FORM{'id'} && + (Param("insidergroup") && UserInGroup(Param("insidergroup")))) { + detaint_natural($::FORM{'id'}); + foreach my $field (keys %::FORM) { + if ($field =~ /when-([0-9]+)/) { + my $sequence = $1; + my $private = $::FORM{"isprivate-$sequence"} ? 1 : 0 ; + if ($private != $::FORM{"oisprivate-$sequence"}) { + detaint_natural($::FORM{"$field"}); + SendSQL("UPDATE longdescs SET isprivate = $private + WHERE bug_id = $::FORM{'id'} AND bug_when = " . $::FORM{"$field"}); + } + } + + } +} my $duplicate = 0; @@ -1098,7 +1114,8 @@ foreach my $id (@idlist) { $timestamp = FetchOneColumn(); if (defined $::FORM{'comment'}) { - AppendComment($id, $::COOKIE{'Bugzilla_login'}, $::FORM{'comment'}); + AppendComment($id, $::COOKIE{'Bugzilla_login'}, $::FORM{'comment'}, + $::FORM{'commentprivacy'}); } my $removedCcString = ""; @@ -1368,7 +1385,7 @@ foreach my $id (@idlist) { LogActivityEntry($duplicate,"cc","",DBID_to_name($reporter)); SendSQL("INSERT INTO cc (who, bug_id) VALUES ($reporter, " . SqlQuote($duplicate) . ")"); } - AppendComment($duplicate, $::COOKIE{'Bugzilla_login'}, "*** Bug $::FORM{'id'} has been marked as a duplicate of this bug. ***"); + AppendComment($duplicate, $::COOKIE{'Bugzilla_login'}, "*** Bug $::FORM{'id'} has been marked as a duplicate of this bug. ***", 1); CheckFormFieldDefined(\%::FORM,'comment'); SendSQL("INSERT INTO duplicates VALUES ($duplicate, $::FORM{'id'})"); diff --git a/processmail b/processmail index 20833a4f4..8d4dc4b69 100755 --- a/processmail +++ b/processmail @@ -225,7 +225,7 @@ sub ProcessOneBug { } - my $newcomments = GetLongDescriptionAsText($id, $start, $end); + my ($newcomments, $anyprivate) = GetLongDescriptionAsText($id, $start, $end); # # Start of email filtering code @@ -303,7 +303,8 @@ sub ProcessOneBug { \@reasons, \%values, \%defmailhead, \%fielddescription, $difftext, - $newcomments, $start, $id, + $newcomments, $anyprivate, + $start, $id, \@depbugs))) { @@ -612,9 +613,9 @@ sub filterEmailGroup ($$$) { return @recipients; } -sub NewProcessOnePerson ($$$$$$$$$$$$) { +sub NewProcessOnePerson ($$$$$$$$$$$$$) { my ($person, $count, $hlRef, $reasonsRef, $valueRef, $dmhRef, $fdRef, $difftext, - $newcomments, $start, $id, $depbugsRef) = @_; + $newcomments, $anyprivate, $start, $id, $depbugsRef) = @_; my %values = %$valueRef; my @headerlist = @$hlRef; @@ -650,7 +651,19 @@ sub NewProcessOnePerson ($$$$$$$$$$$$) { # quietly disappear from their radar. # return unless CanSeeBug($id, $userid, $groupset); - + + # Drop any non-insiders if the comment is private + if (Param("insidergroup") && ($anyprivate != 0)) { + ConnectToDatabase(); + PushGlobalSQLState(); + SendSQL("select (bit & $groupset ) != 0 from groups where name = " . SqlQuote(Param("insidergroup"))); + my $bit = FetchOneColumn(); + PopGlobalSQLState(); + if (!$bit) { + return; + } + } + # We shouldn't send changedmail if this is a dependency mail, and any of # the depending bugs is not visible to the user. foreach my $dep_id (@depbugs) { diff --git a/template/en/default/attachment/create.html.tmpl b/template/en/default/attachment/create.html.tmpl index a80708ee3..1c00146e5 100644 --- a/template/en/default/attachment/create.html.tmpl +++ b/template/en/default/attachment/create.html.tmpl @@ -94,15 +94,28 @@ onchange="if (this.value) this.form.contenttypemethod[2].checked = true;"> </td> </tr> + [% IF (Param("insidergroup") && UserInGroup(Param("insidergroup"))) %] + <tr> + <th>Privacy:</th> + <td> + <em>If the attachment is private, check the box below.</em><br> + <input type="checkbox" name="isprivate" id="isprivate" value="1"> + <label for="isprivate">Private</label> + </td> + </tr> + [% END %] <tr> <th>Obsoletes:</th> <td> <em>(optional) Check each existing attachment made obsolete by your new attachment.</em><br> [% IF attachments.size %] [% FOREACH attachment = attachments %] - <input type="checkbox" id="[% attachment.id %]" + [% IF ((attachment.isprivate == 0) || (Param("insidergroup") + && UserInGroup(Param("insidergroup")))) %] + <input type="checkbox" id="[% attachment.id %]" name="obsolete" value="[% attachment.id %]"> - <a href="attachment.cgi?id=[% attachment.id %]&action=edit">[% attachment.id %]: [% attachment.description FILTER html %]</a><br> + <a href="attachment.cgi?id=[% attachment.id %]&action=edit">[% attachment.id %]: [% attachment.description FILTER html %]</a><br> + [% END %] [% END %] [% ELSE %] [no attachments can be made obsolete] diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index 5d01d2898..c9bc7c1cd 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -163,6 +163,9 @@ <input type="checkbox" id="isobsolete" name="isobsolete" value="1" [% 'checked="checked"' IF isobsolete %]> <label for="isobsolete">obsolete</label><br> + [% IF (Param("insidergroup") && UserInGroup(Param("insidergroup"))) %] + <input type="checkbox" name="isprivate" value="1"[% " checked" IF isprivate %]> private<br><br> + [% END %] [% IF statusdefs.size %] <b>Status:</b><br> diff --git a/template/en/default/attachment/list.html.tmpl b/template/en/default/attachment/list.html.tmpl index bc25c5721..e7aa8b0ef 100644 --- a/template/en/default/attachment/list.html.tmpl +++ b/template/en/default/attachment/list.html.tmpl @@ -28,9 +28,10 @@ <th bgcolor="#cccccc" align="left">Status</th> <th bgcolor="#cccccc" align="left">Actions</th> </tr> - + [% canseeprivate = !Param("insidergroup") || UserInGroup(Param("insidergroup")) %] [% FOREACH attachment = attachments %] - <tr> + [% IF !attachment.isprivate || canseeprivate %] + <tr [% "class=\"bz_private\"" IF attachment.isprivate %]> <td valign="top"> [% IF attachment.isobsolete %] <strike><a href="attachment.cgi?id=[% attachment.attachid %]&action=view">[% attachment.description FILTER html %]</a></strike> @@ -67,6 +68,7 @@ [% END %] </td> </tr> + [% END %] [% END %] <tr> diff --git a/template/en/default/bug/comments.html.tmpl b/template/en/default/bug/comments.html.tmpl index f1f8e762e..7a8ae73db 100644 --- a/template/en/default/bug/comments.html.tmpl +++ b/template/en/default/bug/comments.html.tmpl @@ -19,8 +19,9 @@ # Contributor(s): Gervase Markham <gerv@gerv.net> #%] -[% DEFAULT start_at = 0 %] +[% DEFAULT start_at = 0 mode = "show" %] [% count = 0 %] +[% isinsider = Param("insidergroup") && UserInGroup(Param("insidergroup")) %] [% FOREACH comment = comments %] [% IF count >= start_at %] [% PROCESS a_comment %] @@ -35,14 +36,25 @@ [%############################################################################%] [% BLOCK a_comment %] - [% IF count > 0 %] - <br> - <i>------- Additional Comment - <a name="c[% count %]" href="#c[% count %]">#[% count %]</a> From - <a href="mailto:[% comment.email FILTER html %]">[% comment.name FILTER html %]</a> - [%+ comment.time %] ------- - </i> - [% END %] + [% IF NOT comment.isprivate || isinsider %] + <div [% "class=\"bz_private\"" IF comment.isprivate %]> + [% IF count > 0 %] + <br> + <i>------- Additional Comment + <a name="c[% count %]" href="#c[% count %]">#[% count %]</a> From + <a href="mailto:[% comment.email FILTER html %]">[% comment.name FILTER html %]</a> + [%+ comment.time %] ------- + </i> + [% END %] + [% IF mode == "edit" && isinsider %] + <i> + <input type=hidden name="oisprivate-[% count %]" + value="[% comment.isprivate %]"> + <input type=hidden name="when-[% count %]" value="[% comment.when %]"> + <input type=checkbox name="isprivate-[% count %]" value="1" + [% " checked=\"checked\"" IF comment.isprivate %]> Private + </i> + [% END %] [%# Don't indent the <pre> block, since then the spaces are displayed in the # generated HTML @@ -50,4 +62,6 @@ <pre> [%- quoteUrls(comment.body) -%] </pre> + </div> + [% END %] [% END %] diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index 502952ef2..9cf33b8b5 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -28,6 +28,7 @@ h2 = filtered_desc h3 = "Last modified: $bug.calc_disp_date" header_html = navigation_links + style_urls = [ "css/edit_bug.css" ] %] [% END %] @@ -310,6 +311,9 @@ <br> <b>Additional <u>C</u>omments:</b> + [% IF Param("insidergroup") && UserInGroup(Param("insidergroup")) %] + <input type="checkbox" name="commentprivacy" value="1"> Private + [% END %] <br> <textarea wrap="hard" name="comment" rows="10" cols="80" accesskey="c"></textarea> @@ -482,7 +486,6 @@ value="[% Param("move-button-text") %]"> [% END %] </p> -</form> [%# *** Additional Comments *** %] @@ -502,8 +505,10 @@ [% PROCESS bug/comments.html.tmpl comments = bug.comments + mode = "edit" %] +</form> <hr> [% PROCESS bug/navigate.html.tmpl %] diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index 7c3e7407f..0c089e9c5 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -22,8 +22,8 @@ [% PROCESS global/header.html.tmpl title = "Full Text Bug Listing" + style_urls = [ "css/show_multiple.css" ] %] - [% IF bugs.first %] [% FOREACH bug = bugs %] [% PROCESS bug_display %] |