5 files changed, 144 insertions, 1 deletions

diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm
index 07f8357f1..030dcbeab 100644
--- a/extensions/BMO/Extension.pm
+++ b/extensions/BMO/Extension.pm
@@ -174,8 +174,12 @@ sub page_before_template {
         require Bugzilla::Extension::BMO::Reports::ReleaseTracking;
         Bugzilla::Extension::BMO::Reports::ReleaseTracking::report($vars);
     }
+    elsif ($page eq 'product_security_report.html') {
+        require Bugzilla::Extension::BMO::Reports::ProductSecurity;
+        Bugzilla::Extension::BMO::Reports::ProductSecurity::report($vars);
+    }
     elsif ($page eq 'fields.html') {
-        # Recently global/field-descs.none.tmpl and bug/field-help.none.tmpl 
+        # Recently global/field-descs.none.tmpl and bug/field-help.none.tmpl
         # were changed for better performance and are now only loaded once.
         # I have not found an easy way to allow our hook template to check if
         # it is called from pages/fields.html.tmpl. So we set a value in request_cache
diff --git a/extensions/BMO/lib/Reports/ProductSecurity.pm b/extensions/BMO/lib/Reports/ProductSecurity.pm
new file mode 100644
index 000000000..946ad10f0
--- /dev/null
+++ b/extensions/BMO/lib/Reports/ProductSecurity.pm
@@ -0,0 +1,67 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Extension::BMO::Reports::ProductSecurity;
+use strict;
+use warnings;
+
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Product;
+
+sub report {
+    my ($vars) = @_;
+    my $user = Bugzilla->user;
+
+    ($user->in_group('admin') || $user->in_group('infrasec'))
+        || ThrowUserError('auth_failure', { group  => 'admin',
+                                            action => 'run',
+                                            object => 'product_security' });
+
+    my $moco = Bugzilla::Group->new({ name => 'mozilla-corporation-confidential' })
+        or return;
+
+    my $products = [];
+    foreach my $product (@{ Bugzilla::Product->match({}) }) {
+        my $default_group = $product->default_security_group_obj;
+        my $group_controls = $product->group_controls();
+
+        my $item = {
+            name                    => $product->name,
+            default_security_group  => $product->default_security_group,
+            group_visibility        => 'None/None',
+            moco                    => exists $group_controls->{$moco->id},
+        };
+
+        if ($default_group) {
+            if (my $control = $group_controls->{$default_group->id}) {
+                $item->{group_visibility} = control_to_string($control->{membercontrol}) .
+                                            '/' . control_to_string($control->{othercontrol});
+            }
+        }
+
+        $item->{group_problem} = $default_group ? '' : "Invalid group " . $product->default_security_group;
+        $item->{visibility_problem} = 'Default security group should be Shown/Shown'
+            if ($item->{group_visibility} ne 'Shown/Shown')
+                && ($item->{group_visibility} ne 'Mandatory/Mandatory')
+                && ($item->{group_visibility} ne 'Default/Default');
+
+        push @$products, $item;
+    }
+    $vars->{products} = $products;
+}
+
+sub control_to_string {
+    my ($control) = @_;
+    return 'NA'         if $control == CONTROLMAPNA;
+    return 'Shown'      if $control == CONTROLMAPSHOWN;
+    return 'Default'    if $control == CONTROLMAPDEFAULT;
+    return 'Mandatory'  if $control == CONTROLMAPMANDATORY;
+    return '';
+}
+
+1;
diff --git a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
index 35644c1e4..93f04c4fa 100644
--- a/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
+++ b/extensions/BMO/template/en/default/hook/reports/menu-end.html.tmpl
@@ -41,6 +41,13 @@
       </strong> - Lists the users of groups.
     </li>
   [% END %]
+  [% IF user.in_group('admin') || user.in_group('infrasec') %]
+    <li>
+      <strong>
+        <a href="[% urlbase FILTER none %]page.cgi?id=product_security_report.html">Product Security Report</a>
+      </strong> - Show each product's default security group and visibility.
+    </li>
+  [% END %]
   [% IF user.in_group('admin') || user.in_group('infra') %]
     <li>
       <strong>
diff --git a/extensions/BMO/template/en/default/pages/product_security_report.html.tmpl b/extensions/BMO/template/en/default/pages/product_security_report.html.tmpl
new file mode 100644
index 000000000..c87f6a418
--- /dev/null
+++ b/extensions/BMO/template/en/default/pages/product_security_report.html.tmpl
@@ -0,0 +1,60 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% INCLUDE global/header.html.tmpl
+  title = "Product Security Report"
+  style_urls = [ "extensions/BMO/web/styles/reports.css" ]
+%]
+
+<table border="0" cellspacing="0" id="report" class="nohover" width="100%">
+  <tr id="report-header">
+    <th>Product</th>
+    <th>Default Security Group</th>
+    <th>Default Group Visibility</th>
+    <th>Mozilla-Confidential</th>
+  </tr>
+
+  [% count = 0 %]
+  [% FOREACH product = products %]
+    [% count = count + 1 %]
+    <tr class="report_item [% count % 2 == 1 ? "report_row_odd" : "report_row_even" %]">
+      <td>
+        <a href="editproducts.cgi?action=editgroupcontrols&product=[% product.name FILTER uri %]" target="_blank">
+          [% product.name FILTER html %]
+        </a>
+      </td>
+      [% IF product.group_problem %]
+        <td class="problem">
+          <span title="[% product.group_problem FILTER html %]">
+            [% product.default_security_group FILTER html %]
+          </span>
+        </td>
+      [% ELSE %]
+        <td>
+          [% product.default_security_group FILTER html %]
+        </td>
+      [% END %]
+      [% IF product.visibility_problem %]
+        <td class="problem">
+          <span title="[% product.visibility_problem FILTER html %]">
+            [% product.group_visibility FILTER html %]
+          </span>
+        </td>
+      [% ELSE %]
+        <td>
+          [% product.group_visibility FILTER html %]
+        </td>
+      [% END %]
+      <td>
+        [% product.moco ? 'Yes' : 'No' FILTER none %]
+      </td>
+    </tr>
+  [% END %]
+</table>
+
+[% INCLUDE global/footer.html.tmpl %]
diff --git a/extensions/BMO/web/styles/reports.css b/extensions/BMO/web/styles/reports.css
index 7ad0df241..ccc931eec 100644
--- a/extensions/BMO/web/styles/reports.css
+++ b/extensions/BMO/web/styles/reports.css
@@ -64,3 +64,8 @@
 .hoverrow tr:hover {
     background-color: #ccccff;
 }
+
+.problem {
+    color: #aa2222;
+}
+