diff options
4 files changed, 75 insertions, 17 deletions
diff --git a/extensions/BMO/lib/Reports/Groups.pm b/extensions/BMO/lib/Reports/Groups.pm index ab0f1efa4..7fa86b243 100644 --- a/extensions/BMO/lib/Reports/Groups.pm +++ b/extensions/BMO/lib/Reports/Groups.pm @@ -20,11 +20,18 @@ sub admins_report { my $dbh = Bugzilla->dbh; my $user = Bugzilla->user; - ($user->in_group('editusers') || $user->in_group('infrasec')) - || ThrowUserError('auth_failure', { group => 'editusers', + ($user->in_group('editbugs')) + || ThrowUserError('auth_failure', { group => 'editbugs', action => 'run', object => 'group_admins' }); + my @grouplist = + ($user->in_group('editusers') || $user->in_group('infrasec')) + ? map { lc($_->name) } Bugzilla::Group->get_all + : _get_public_membership_groups(); + + my $groups = join(',', map { $dbh->quote($_) } @grouplist); + my $query = " SELECT groups.name, " . $dbh->sql_group_concat('profiles.login_name', "','", 1) . " @@ -36,6 +43,7 @@ sub admins_report { LEFT JOIN profiles ON user_group_map.user_id = profiles.userid WHERE groups.isbuggroup = 1 + AND groups.name IN ($groups) GROUP BY groups.name"; my @groups; @@ -160,11 +168,16 @@ sub members_report { my $user = Bugzilla->user; my $cgi = Bugzilla->cgi; - ($user->in_group('editusers') || $user->in_group('infrasec')) - || ThrowUserError('auth_failure', { group => 'editusers', + ($user->in_group('editbugs')) + || ThrowUserError('auth_failure', { group => 'editbugs', action => 'run', object => 'group_admins' }); + my @grouplist = + ($user->in_group('editusers') || $user->in_group('infrasec')) + ? map { lc($_->name) } Bugzilla::Group->get_all + : _get_public_membership_groups(); + my $include_disabled = $cgi->param('include_disabled') ? 1 : 0; $vars->{'include_disabled'} = $include_disabled; @@ -172,8 +185,7 @@ sub members_report { my @group_names = sort grep { !/^(?:bz_.+|canconfirm|editbugs|editbugs-team|everyone)$/ } - map { lc($_->name) } - Bugzilla::Group->get_all; + @grouplist; unshift(@group_names, ''); $vars->{'groups'} = \@group_names; @@ -240,4 +252,25 @@ sub _filter_userlist { return [ sort { lc($a->identity) cmp lc($b->identity) } @$list ]; } +# Groups that any user with editbugs can see the membership or admin lists for. +# Transparency FTW. +sub _get_public_membership_groups { + my @all_groups = map { lc($_->name) } Bugzilla::Group->get_all; + + my %hardcoded_groups = map { $_ => 1 } qw( + bugzilla-approvers + bugzilla-reviewers + can_restrict_comments + community-it-team + mozilla-employee-confidential + mozilla-foundation-confidential + mozilla-reps + qa-approvers + ); + + # We also automatically include all drivers groups - this gives us a little + # future-proofing + return grep { /-drivers$/ || exists $hardcoded_groups{$_} } @all_groups; +} + 1; diff --git a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl index fd48130eb..34c51db81 100644 --- a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl +++ b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl @@ -24,17 +24,21 @@ <a href="[% urlbase FILTER none %]page.cgi?id=release_tracking_report.html">Release Tracking Report</a> </strong> - For triaging release-train flag information. </li> - [% IF user.in_group('editusers') || user.in_group('infrasec') %] + [% IF user.in_group('editbugs') %] <li> <strong> <a href="[% urlbase FILTER none %]page.cgi?id=group_admins.html">Group Admins</a> </strong> - Lists the administrators of each group. </li> + [% END %] + [% IF user.in_group('editusers') || user.in_group('infrasec') %] <li> <strong> <a href="[% urlbase FILTER none %]page.cgi?id=group_membership.html">Group Membership Report</a> </strong> - Lists the groups a user is a member of. </li> + [% END %] + [% IF user.in_group('editbugs') %] <li> <strong> <a href="[% urlbase FILTER none %]page.cgi?id=group_members.html">Group Members Report</a> diff --git a/extensions/BMO/template/en/default/pages/group_members.html.tmpl b/extensions/BMO/template/en/default/pages/group_members.html.tmpl index daf4d5b0d..67db8ea2e 100644 --- a/extensions/BMO/template/en/default/pages/group_members.html.tmpl +++ b/extensions/BMO/template/en/default/pages/group_members.html.tmpl @@ -11,6 +11,8 @@ style_urls = [ "extensions/BMO/web/styles/reports.css" ] %] +[% SET privileged = (user.in_group('editusers') || user.in_group('infrasec')) %] + <form method="GET" action="page.cgi"> <input type="hidden" name="id" value="group_members.html"> @@ -48,15 +50,23 @@ <th>Type</th> <th>Count</th> <th>Members</th> - <th class="right">Last Seen (days ago)</th> + [% IF privileged %] + <th class="right">Last Seen (days ago)</th> + [% END %] </tr> [% FOREACH type = types %] [% count = loop.count() %] <tr class="report_item [% count % 2 == 1 ? "report_row_odd" : "report_row_even" %]"> <td valign="top"> - [% "via " UNLESS type.name == 'direct' %] - [% type.name FILTER html %] + [% IF type.name == 'direct' %] + direct + [% ELSE %] + via + [% IF privileged %] + [% type.name FILTER html %] + [% ELSE %]another group[% END %] + [% END %] </td> <td valign="top" align="right"> [% type.members.size FILTER html %] @@ -66,16 +76,23 @@ [% FOREACH member = type.members %] <tr> <td width="100%"> - <a href="editusers.cgi?action=edit&userid=[% member.id FILTER none %]" - target="_blank"> + [% IF privileged %] + <a href="editusers.cgi?action=edit&userid=[% member.id FILTER none %]" + target="_blank"> + [% ELSE %] + <a href="user_profile?login=[% member.login FILTER uri %]" + target="_blank"> + [% END %] <span [% 'class="bz_inactive"' UNLESS member.is_enabled %]> [% member.name FILTER html %] <[% member.email FILTER email FILTER html %]> </span> </a> </td> - <td align="right" nowrap> - [% member.lastseen FILTER html %] - </td> + [% IF privileged %] + <td align="right" nowrap> + [% member.lastseen FILTER html %] + </td> + [% END %] </tr> [% END %] </table> diff --git a/extensions/BMO/template/en/default/pages/group_members.json.tmpl b/extensions/BMO/template/en/default/pages/group_members.json.tmpl index 8cbb2a23a..e982731f7 100644 --- a/extensions/BMO/template/en/default/pages/group_members.json.tmpl +++ b/extensions/BMO/template/en/default/pages/group_members.json.tmpl @@ -20,12 +20,16 @@ "membership": "direct", [% ELSE %] "membership": "indirect", - "group": "[% type.name FILTER js %]", + [% IF user.in_group('editusers') || user.in_group('infrasec') %] + "group": "[% type.name FILTER js %]", + [% END %] [% END %] [% IF include_disabled %] "disabled": "[% member.is_enabled ? "false" : "true" %]", [% END %] - "lastseen": "[% member.lastseen FILTER js %]" + [% IF user.in_group('editusers') || user.in_group('infrasec') %] + "lastseen": "[% member.lastseen FILTER js %]" + [% END %] }[% "," UNLESS i == count %] [% END %] [% END %] |