summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Install.pm116
-rw-r--r--Bugzilla/Install/DB.pm5
-rwxr-xr-xchecksetup.pl105
3 files changed, 122 insertions, 104 deletions
diff --git a/Bugzilla/Install.pm b/Bugzilla/Install.pm
index 9c2349199..1a910f8e0 100644
--- a/Bugzilla/Install.pm
+++ b/Bugzilla/Install.pm
@@ -58,6 +58,55 @@ use constant SETTINGS => {
};
+use constant SYSTEM_GROUPS => (
+ {
+ name => 'admin',
+ description => 'Administrators'
+ },
+ {
+ name => 'tweakparams',
+ description => 'Can change Parameters'
+ },
+ {
+ name => 'editusers',
+ description => 'Can edit or disable users'
+ },
+ {
+ name => 'creategroups',
+ description => 'Can create and destroy groups'
+ },
+ {
+ name => 'editclassifications',
+ description => 'Can create, destroy, and edit classifications'
+ },
+ {
+ name => 'editcomponents',
+ description => 'Can create, destroy, and edit components'
+ },
+ {
+ name => 'editkeywords',
+ description => 'Can create, destroy, and edit keywords'
+ },
+ {
+ name => 'editbugs',
+ description => 'Can edit all bug fields',
+ userregexp => '.*'
+ },
+ {
+ name => 'canconfirm',
+ description => 'Can confirm a bug or mark it a duplicate'
+ },
+ {
+ name => 'bz_canusewhines',
+ description => 'User can configure whine reports for self'
+ },
+ {
+ name => 'bz_sudoers',
+ description => 'Can perform actions as other users'
+ },
+ # There are also other groups created in update_system_groups.
+);
+
use constant DEFAULT_CLASSIFICATION => {
name => 'Unclassified',
description => 'Unassigned to any classification'
@@ -87,6 +136,73 @@ sub update_settings {
}
}
+sub update_system_groups {
+ my $dbh = Bugzilla->dbh;
+
+ # Create most of the system groups
+ foreach my $definition (SYSTEM_GROUPS) {
+ my $exists = new Bugzilla::Group({ name => $definition->{name} });
+ $definition->{isbuggroup} = 0;
+ Bugzilla::Group->create($definition) unless $exists;
+ }
+
+ # Certain groups need something done after they are created. We do
+ # that here.
+
+ # Make sure people who can whine at others can also whine.
+ if (!new Bugzilla::Group({name => 'bz_canusewhineatothers'})) {
+ my $whineatothers = Bugzilla::Group->create({
+ name => 'bz_canusewhineatothers',
+ description => 'Can configure whine reports for other users',
+ isbuggroup => 0 });
+ my $whine = new Bugzilla::Group({ name => 'bz_canusewhines' });
+
+ $dbh->do('INSERT INTO group_group_map (grantor_id, member_id)
+ VALUES (?,?)', undef, $whine->id, $whineatothers->id);
+ }
+
+ # Make sure sudoers are automatically protected from being sudoed.
+ if (!new Bugzilla::Group({name => 'bz_sudo_protect'})) {
+ my $sudo_protect = Bugzilla::Group->create({
+ name => 'bz_sudo_protect',
+ description => 'Can not be impersonated by other users',
+ isbuggroup => 0 });
+ my $sudo = new Bugzilla::Group({ name => 'bz_sudoers' });
+ $dbh->do('INSERT INTO group_group_map (grantor_id, member_id)
+ VALUES (?,?)', undef, $sudo_protect->id, $sudo->id);
+ }
+
+ # Re-evaluate all regexps, to keep them up-to-date.
+ my $sth = $dbh->prepare(
+ "SELECT profiles.userid, profiles.login_name, groups.id,
+ groups.userregexp, user_group_map.group_id
+ FROM (profiles CROSS JOIN groups)
+ LEFT JOIN user_group_map
+ ON user_group_map.user_id = profiles.userid
+ AND user_group_map.group_id = groups.id
+ AND user_group_map.grant_type = ?
+ WHERE userregexp != '' OR user_group_map.group_id IS NOT NULL");
+
+ my $sth_add = $dbh->prepare(
+ "INSERT INTO user_group_map (user_id, group_id, isbless, grant_type)
+ VALUES (?, ?, 0, " . GRANT_REGEXP . ")");
+
+ my $sth_del = $dbh->prepare(
+ "DELETE FROM user_group_map
+ WHERE user_id = ? AND group_id = ? AND isbless = 0
+ AND grant_type = " . GRANT_REGEXP);
+
+ $sth->execute(GRANT_REGEXP);
+ while (my ($uid, $login, $gid, $rexp, $present) = $sth->fetchrow_array()) {
+ if ($login =~ m/$rexp/i) {
+ $sth_add->execute($uid, $gid) unless $present;
+ } else {
+ $sth_del->execute($uid, $gid) if $present;
+ }
+ }
+
+}
+
# This function should be called only after creating the admin user.
sub create_default_product {
my $dbh = Bugzilla->dbh;
diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index e4e4e97fe..2e364c540 100644
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -416,6 +416,11 @@ sub update_table_definitions {
_copy_attachments_thedata_to_attach_data();
_fix_broken_all_closed_series();
+ # 2005-08-14 bugreport@peshkin.net -- Bug 304583
+ # Get rid of leftover DERIVED group permissions
+ use constant GRANT_DERIVED => 1;
+ $dbh->do("DELETE FROM user_group_map WHERE grant_type = " . GRANT_DERIVED);
+
# PUBLIC is a reserved word in Oracle.
$dbh->bz_rename_column('series', 'public', 'is_public');
diff --git a/checksetup.pl b/checksetup.pl
index 985a0da09..4a92e1ea1 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -390,9 +390,6 @@ $dbh->bz_populate_enum_tables();
update_filesystem({ index_html => $lc_hash->{'index_html'} });
create_htaccess() if $lc_hash->{'create_htaccess'};
-# XXX Some parts of checksetup still need these, right now.
-my $datadir = bz_locations()->{'datadir'};
-
# Remove parameters from the params file that no longer exist in Bugzilla,
# and set the defaults for new ones
update_params({ answer => \%answer});
@@ -441,107 +438,7 @@ Bugzilla::Install::DB::update_table_definitions();
# Bugzilla uses --GROUPS-- to assign various rights to its users.
###########################################################################
-my $admin_group = Bugzilla::Group->new({ name => 'admin' })
- || Bugzilla::Group->create({
- name => 'admin', description => 'Administrators', isbuggroup => 0 });
-
-Bugzilla::Group->create({ name => 'tweakparams',
- description => 'Can tweak operating parameters', isbuggroup => 0 })
- unless new Bugzilla::Group({ name => 'tweakparams' });
-
-Bugzilla::Group->create({ name => 'editusers',
- description => 'Can edit or disable users', isbuggroup => 0 })
- unless new Bugzilla::Group({ name => 'editusers' });
-
-Bugzilla::Group->create({ name => 'creategroups',
- description => 'Can create and destroy groups.', isbuggroup => 0 })
- unless new Bugzilla::Group({ name => 'creategroups' });
-
-Bugzilla::Group->create({ name => 'editclassifications',
- description => 'Can create, destroy, and edit classifications.',
- isbuggroup => 0 })
- unless new Bugzilla::Group({ name => 'editclassifications' });
-
-Bugzilla::Group->create({ name => 'editcomponents',
- description => 'Can create, destroy, and edit components.',
- isbuggroup => 0 })
- unless new Bugzilla::Group({ name => 'editcomponents' });
-
-Bugzilla::Group->create({ name => 'editkeywords',
- description => 'Can create, destroy, and edit keywords.',
- isbuggroup => 0 })
- unless new Bugzilla::Group({ name => 'editkeywords' });
-
-Bugzilla::Group->create({name => 'editbugs',
- description => 'Can edit all bug fields.', userregexp => ".*",
- isbuggroup => 0 })
- unless new Bugzilla::Group({name => "editbugs"});
-
-Bugzilla::Group->create({ name => 'canconfirm',
- description => 'Can confirm a bug.', userregexp => ".*",
- isbuggroup => 0 })
- unless new Bugzilla::Group({name => "canconfirm"});
-
-# Create bz_canusewhineatothers and bz_canusewhines
-if (!new Bugzilla::Group({name => 'bz_canusewhines'})) {
- my $whine = Bugzilla::Group->create({name => 'bz_canusewhines',
- description => 'User can configure whine reports for self',
- isbuggroup => 0 });
- my $whineatothers = Bugzilla::Group->create({
- name => 'bz_canusewhineatothers',
- description => 'Can configure whine reports for other users',
- isbuggroup => 0 });
-
- $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) VALUES (?,?)',
- undef, $whine->id, $whineatothers->id);
-}
-
-# 2005-08-14 bugreport@peshkin.net -- Bug 304583
-use constant GRANT_DERIVED => 1;
-# Get rid of leftover DERIVED group permissions
-$dbh->do("DELETE FROM user_group_map WHERE grant_type = " . GRANT_DERIVED);
-# Evaluate regexp-based group memberships
-my $sth = $dbh->prepare("SELECT profiles.userid, profiles.login_name,
- groups.id, groups.userregexp,
- user_group_map.group_id
- FROM (profiles
- CROSS JOIN groups)
- LEFT JOIN user_group_map
- ON user_group_map.user_id = profiles.userid
- AND user_group_map.group_id = groups.id
- AND user_group_map.grant_type = ?
- WHERE (userregexp != ''
- OR user_group_map.group_id IS NOT NULL)");
-
-my $sth_add = $dbh->prepare("INSERT INTO user_group_map
- (user_id, group_id, isbless, grant_type)
- VALUES(?, ?, 0, " . GRANT_REGEXP . ")");
-
-my $sth_del = $dbh->prepare("DELETE FROM user_group_map
- WHERE user_id = ?
- AND group_id = ?
- AND isbless = 0
- AND grant_type = " . GRANT_REGEXP);
-
-$sth->execute(GRANT_REGEXP);
-while (my ($uid, $login, $gid, $rexp, $present) = $sth->fetchrow_array()) {
- if ($login =~ m/$rexp/i) {
- $sth_add->execute($uid, $gid) unless $present;
- } else {
- $sth_del->execute($uid, $gid) if $present;
- }
-}
-
-# 2005-10-10 karl@kornel.name -- Bug 204498
-if (!new Bugzilla::Group({name => 'bz_sudoers'})) {
- my $sudo = Bugzilla::Group->create({name => 'bz_sudoers',
- description => 'Can perform actions as other users', isbuggroup => 0 });
- my $sudo_protect = Bugzilla::Group->create({name => 'bz_sudo_protect',
- description => 'Can not be impersonated by other users',
- isbuggroup => 0 });
- $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) VALUES (?,?)',
- undef, $sudo_protect->id, $sudo->id);
-}
+Bugzilla::Install::update_system_groups();
###########################################################################
# Create --SETTINGS-- users can adjust