summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xeditgroups.cgi332
1 files changed, 164 insertions, 168 deletions
diff --git a/editgroups.cgi b/editgroups.cgi
index b9759910b..62519fc54 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -41,7 +41,7 @@ use vars qw($template $vars);
Bugzilla->login(LOGIN_REQUIRED);
-print Bugzilla->cgi->header();
+print $cgi->header();
UserInGroup("creategroups")
|| ThrowUserError("auth_failure", {group => "creategroups",
@@ -148,13 +148,14 @@ sub CheckGroupRegexp {
unless ($action) {
my @groups;
- SendSQL("SELECT id,name,description,userregexp,isactive,isbuggroup " .
- "FROM groups " .
- "ORDER BY isbuggroup, name");
+ my $group_list =
+ $dbh->selectall_arrayref('SELECT id, name, description,
+ userregexp, isactive, isbuggroup
+ FROM groups
+ ORDER BY isbuggroup, name');
- while (MoreSQLData()) {
- my ($id, $name, $description, $regexp, $isactive, $isbuggroup)
- = FetchSQLData();
+ foreach (@$group_list) {
+ my ($id, $name, $description, $regexp, $isactive, $isbuggroup) = @$_;
my $group = {};
$group->{'id'} = $id;
$group->{'name'} = $name;
@@ -168,7 +169,7 @@ unless ($action) {
$vars->{'groups'} = \@groups;
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -195,29 +196,34 @@ if ($action eq 'changeform') {
# this one
my @groups;
- SendSQL("SELECT groups.id, groups.name, groups.description," .
- " CASE WHEN group_group_map.member_id IS NOT NULL THEN 1 ELSE 0 END," .
- " CASE WHEN B.member_id IS NOT NULL THEN 1 ELSE 0 END," .
- " CASE WHEN C.member_id IS NOT NULL THEN 1 ELSE 0 END" .
- " FROM groups" .
- " LEFT JOIN group_group_map" .
- " ON group_group_map.member_id = groups.id" .
- " AND group_group_map.grantor_id = $group_id" .
- " AND group_group_map.grant_type = " . GROUP_MEMBERSHIP .
- " LEFT JOIN group_group_map as B" .
- " ON B.member_id = groups.id" .
- " AND B.grantor_id = $group_id" .
- " AND B.grant_type = " . GROUP_BLESS .
- " LEFT JOIN group_group_map as C" .
- " ON C.member_id = groups.id" .
- " AND C.grantor_id = $group_id" .
- " AND C.grant_type = " . GROUP_VISIBLE .
- " ORDER by name");
-
- while (MoreSQLData()) {
- my ($grpid, $grpnam, $grpdesc, $grpmember, $blessmember, $membercansee)
- = FetchSQLData();
-
+ my $group_list =
+ $dbh->selectall_arrayref('SELECT groups.id, groups.name, groups.description,
+ CASE WHEN group_group_map.member_id IS NOT NULL
+ THEN 1 ELSE 0 END,
+ CASE WHEN B.member_id IS NOT NULL
+ THEN 1 ELSE 0 END,
+ CASE WHEN C.member_id IS NOT NULL
+ THEN 1 ELSE 0 END
+ FROM groups
+ LEFT JOIN group_group_map
+ ON group_group_map.member_id = groups.id
+ AND group_group_map.grantor_id = ?
+ AND group_group_map.grant_type = ?
+ LEFT JOIN group_group_map as B
+ ON B.member_id = groups.id
+ AND B.grantor_id = ?
+ AND B.grant_type = ?
+ LEFT JOIN group_group_map as C
+ ON C.member_id = groups.id
+ AND C.grantor_id = ?
+ AND C.grant_type = ?
+ ORDER by name',
+ undef, ($group_id, GROUP_MEMBERSHIP,
+ $group_id, GROUP_BLESS,
+ $group_id, GROUP_VISIBLE));
+
+ foreach (@$group_list) {
+ my ($grpid, $grpnam, $grpdesc, $grpmember, $blessmember, $membercansee) = @$_;
my $group = {};
$group->{'grpid'} = $grpid;
$group->{'grpnam'} = $grpnam;
@@ -236,7 +242,7 @@ if ($action eq 'changeform') {
$vars->{'isbuggroup'} = $isbuggroup;
$vars->{'groups'} = \@groups;
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -250,7 +256,7 @@ if ($action eq 'changeform') {
#
if ($action eq 'add') {
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -273,37 +279,35 @@ if ($action eq 'new') {
my $isactive = $cgi->param('isactive') ? 1 : 0;
# Add the new group
- SendSQL("INSERT INTO groups ( " .
- "name, description, isbuggroup, userregexp, isactive, last_changed " .
- " ) VALUES ( " .
- SqlQuote($name) . ", " .
- SqlQuote($desc) . ", " .
- "1," .
- SqlQuote($regexp) . ", " .
- $isactive . ", NOW())" );
+ $dbh->do('INSERT INTO groups
+ (name, description, isbuggroup,
+ userregexp, isactive, last_changed)
+ VALUES (?, ?, 1, ?, ?, NOW())',
+ undef, ($name, $desc, $regexp, $isactive));
+
my $gid = $dbh->bz_last_key('groups', 'id');
my $admin = GroupNameToId('admin');
# Since we created a new group, give the "admin" group all privileges
# initially.
- SendSQL("INSERT INTO group_group_map (member_id, grantor_id, grant_type)
- VALUES ($admin, $gid, " . GROUP_MEMBERSHIP . ")");
- SendSQL("INSERT INTO group_group_map (member_id, grantor_id, grant_type)
- VALUES ($admin, $gid, " . GROUP_BLESS . ")");
- SendSQL("INSERT INTO group_group_map (member_id, grantor_id, grant_type)
- VALUES ($admin, $gid, " . GROUP_VISIBLE . ")");
+ my $sth = $dbh->prepare('INSERT INTO group_group_map
+ (member_id, grantor_id, grant_type)
+ VALUES (?, ?, ?)');
+
+ $sth->execute($admin, $gid, GROUP_MEMBERSHIP);
+ $sth->execute($admin, $gid, GROUP_BLESS);
+ $sth->execute($admin, $gid, GROUP_VISIBLE);
+
# Permit all existing products to use the new group if makeproductgroups.
if ($cgi->param('insertnew')) {
- SendSQL("INSERT INTO group_control_map " .
- "(group_id, product_id, entry, membercontrol, " .
- "othercontrol, canedit) " .
- "SELECT $gid, products.id, 0, " .
- CONTROLMAPSHOWN . ", " .
- CONTROLMAPNA . ", 0 " .
- "FROM products");
+ $dbh->do('INSERT INTO group_control_map
+ (group_id, product_id, entry, membercontrol,
+ othercontrol, canedit)
+ SELECT ?, products.id, 0, ?, ?, 0 FROM products',
+ undef, ($gid, CONTROLMAPSHOWN, CONTROLMAPNA));
}
RederiveRegexp($regexp, $gid);
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/created.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -327,38 +331,24 @@ if ($action eq 'del') {
ThrowUserError("system_group_not_deletable", { name => $name });
}
- my $hasusers = 0;
- SendSQL("SELECT user_id FROM user_group_map
- WHERE group_id = $gid AND isbless = 0");
- if (FetchOneColumn()) {
- $hasusers = 1;
- }
-
- my $hasbugs = 0;
- my $buglist = "0";
- SendSQL("SELECT bug_id FROM bug_group_map WHERE group_id = $gid");
+ my $hasusers = $dbh->selectrow_array('SELECT 1 FROM user_group_map
+ WHERE group_id = ? AND isbless = 0 ' .
+ $dbh->sql_limit(1),
+ undef, $gid) || 0;
- if (MoreSQLData()) {
- $hasbugs = 1;
+ my $bug_ids = $dbh->selectcol_arrayref('SELECT bug_id FROM bug_group_map
+ WHERE group_id = ?', undef, $gid);
- while (MoreSQLData()) {
- my ($bug) = FetchSQLData();
- $buglist .= "," . $bug;
- }
- }
+ my $hasbugs = scalar(@$bug_ids) ? 1 : 0;
+ my $buglist = join(',', @$bug_ids);
- my $hasproduct = 0;
- SendSQL("SELECT name FROM products WHERE name=" . SqlQuote($name));
- if (MoreSQLData()) {
- $hasproduct = 1;
- }
+ my $hasproduct = get_product_id($name) ? 1 : 0;
- my $hasflags = 0;
- SendSQL("SELECT id FROM flagtypes
- WHERE grant_group_id = $gid OR request_group_id = $gid");
- if (FetchOneColumn()) {
- $hasflags = 1;
- }
+ my $hasflags = $dbh->selectrow_array('SELECT 1 FROM flagtypes
+ WHERE grant_group_id = ?
+ OR request_group_id = ? ' .
+ $dbh->sql_limit(1),
+ undef, ($gid, $gid)) || 0;
$vars->{'gid'} = $gid;
$vars->{'name'} = $name;
@@ -369,7 +359,7 @@ if ($action eq 'del') {
$vars->{'hasflags'} = $hasflags;
$vars->{'buglist'} = $buglist;
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -394,53 +384,62 @@ if ($action eq 'delete') {
my $cantdelete = 0;
- SendSQL("SELECT user_id FROM user_group_map
- WHERE group_id = $gid AND isbless = 0");
- if (FetchOneColumn()) {
- if (!defined $cgi->param('removeusers')) {
- $cantdelete = 1;
- }
+ my $hasusers = $dbh->selectrow_array('SELECT 1 FROM user_group_map
+ WHERE group_id = ? AND isbless = 0 ' .
+ $dbh->sql_limit(1),
+ undef, $gid) || 0;
+ if ($hasusers && !defined $cgi->param('removeusers')) {
+ $cantdelete = 1;
}
- SendSQL("SELECT bug_id FROM bug_group_map WHERE group_id = $gid");
- if (FetchOneColumn()) {
- if (!defined $cgi->param('removebugs')) {
- $cantdelete = 1;
- }
+
+ my $hasbugs = $dbh->selectrow_array('SELECT 1 FROM bug_group_map
+ WHERE group_id = ? ' .
+ $dbh->sql_limit(1),
+ undef, $gid) || 0;
+ if ($hasbugs && !defined $cgi->param('removebugs')) {
+ $cantdelete = 1;
}
- SendSQL("SELECT name FROM products WHERE name=" . SqlQuote($name));
- if (FetchOneColumn()) {
- if (!defined $cgi->param('unbind')) {
- $cantdelete = 1;
- }
+
+ if (get_product_id($name) && !defined $cgi->param('unbind')) {
+ $cantdelete = 1;
}
- SendSQL("SELECT id FROM flagtypes
- WHERE grant_group_id = $gid OR request_group_id = $gid");
- if (FetchOneColumn()) {
- if (!defined $cgi->param('removeflags')) {
- $cantdelete = 1;
- }
+
+ my $hasflags = $dbh->selectrow_array('SELECT 1 FROM flagtypes
+ WHERE grant_group_id = ?
+ OR request_group_id = ? ' .
+ $dbh->sql_limit(1),
+ undef, ($gid, $gid)) || 0;
+ if ($hasflags && !defined $cgi->param('removeflags')) {
+ $cantdelete = 1;
}
if (!$cantdelete) {
- SendSQL("UPDATE flagtypes SET grant_group_id = NULL
- WHERE grant_group_id = $gid");
- SendSQL("UPDATE flagtypes SET request_group_id = NULL
- WHERE request_group_id = $gid");
- SendSQL("DELETE FROM user_group_map WHERE group_id = $gid");
- SendSQL("DELETE FROM group_group_map WHERE grantor_id = $gid");
- SendSQL("DELETE FROM bug_group_map WHERE group_id = $gid");
- SendSQL("DELETE FROM group_control_map WHERE group_id = $gid");
- SendSQL("DELETE FROM whine_schedules WHERE " .
- "mailto_type = " . MAILTO_GROUP . " " .
- "AND mailto = $gid");
- SendSQL("DELETE FROM groups WHERE id = $gid");
+ $dbh->do('UPDATE flagtypes SET grant_group_id = ?
+ WHERE grant_group_id = ?',
+ undef, (undef, $gid));
+ $dbh->do('UPDATE flagtypes SET request_group_id = ?
+ WHERE request_group_id = ?',
+ undef, (undef, $gid));
+ $dbh->do('DELETE FROM user_group_map WHERE group_id = ?',
+ undef, $gid);
+ $dbh->do('DELETE FROM group_group_map WHERE grantor_id = ?',
+ undef, $gid);
+ $dbh->do('DELETE FROM bug_group_map WHERE group_id = ?',
+ undef, $gid);
+ $dbh->do('DELETE FROM group_control_map WHERE group_id = ?',
+ undef, $gid);
+ $dbh->do('DELETE FROM whine_schedules
+ WHERE mailto_type = ? AND mailto = ?',
+ undef, (MAILTO_GROUP, $gid));
+ $dbh->do('DELETE FROM groups WHERE id = ?',
+ undef, $gid);
}
$vars->{'gid'} = $gid;
$vars->{'name'} = $name;
$vars->{'cantdelete'} = $cantdelete;
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -474,7 +473,7 @@ if ($action eq 'postchanges') {
$vars->{'regexp'} = $regexp;
}
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/change.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -487,19 +486,20 @@ if (($action eq 'remove_all_regexp') || ($action eq 'remove_all')) {
my $gid = CheckGroupID($cgi->param('group'));
- my $sth = $dbh->prepare("SELECT name, userregexp FROM groups
- WHERE id = ?");
- $sth->execute($gid);
- my ($name, $regexp) = $sth->fetchrow_array();
+ my ($name, $regexp) =
+ $dbh->selectrow_array('SELECT name, userregexp FROM groups
+ WHERE id = ?', undef, $gid);
+
$dbh->bz_lock_tables('groups WRITE', 'profiles READ',
'user_group_map WRITE');
- $sth = $dbh->prepare("SELECT user_group_map.user_id, profiles.login_name
- FROM user_group_map
- INNER JOIN profiles
- ON user_group_map.user_id = profiles.userid
- WHERE user_group_map.group_id = ?
- AND grant_type = ?
- AND isbless = 0");
+
+ my $sth = $dbh->prepare("SELECT user_group_map.user_id, profiles.login_name
+ FROM user_group_map
+ INNER JOIN profiles
+ ON user_group_map.user_id = profiles.userid
+ WHERE user_group_map.group_id = ?
+ AND grant_type = ?
+ AND isbless = 0");
$sth->execute($gid, GRANT_DIRECT);
my @users;
@@ -507,11 +507,12 @@ if (($action eq 'remove_all_regexp') || ($action eq 'remove_all')) {
WHERE user_id = ?
AND isbless = 0
AND group_id = ?");
+
while ( my ($userid, $userlogin) = $sth->fetchrow_array() ) {
if ((($regexp =~ /\S/) && ($userlogin =~ m/$regexp/i))
|| ($action eq 'remove_all'))
{
- $sth2->execute($userid,$gid);
+ $sth2->execute($userid, $gid);
my $user = {};
$user->{'login'} = $userlogin;
@@ -519,10 +520,8 @@ if (($action eq 'remove_all_regexp') || ($action eq 'remove_all')) {
}
}
- $sth = $dbh->prepare("UPDATE groups
- SET last_changed = NOW()
- WHERE id = ?");
- $sth->execute($gid);
+ $dbh->do('UPDATE groups SET last_changed = NOW()
+ WHERE id = ?', undef, $gid);
$dbh->bz_unlock_tables();
$vars->{'users'} = \@users;
@@ -531,7 +530,7 @@ if (($action eq 'remove_all_regexp') || ($action eq 'remove_all')) {
$vars->{'remove_all'} = ($action eq 'remove_all');
$vars->{'gid'} = $gid;
- print Bugzilla->cgi->header();
+ print $cgi->header();
$template->process("admin/groups/remove.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -550,7 +549,6 @@ ThrowCodeError("action_unrecognized", $vars);
sub doGroupChanges {
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
- my $sth;
$dbh->bz_lock_tables('groups WRITE', 'group_group_map WRITE',
'user_group_map WRITE', 'profiles READ',
@@ -563,8 +561,8 @@ sub doGroupChanges {
# The name and the description of system groups cannot be edited.
# We then need to know if the group being edited is a system group.
- SendSQL("SELECT isbuggroup FROM groups WHERE id = $gid");
- my ($isbuggroup) = FetchSQLData();
+ my $isbuggroup = $dbh->selectrow_array('SELECT isbuggroup FROM groups
+ WHERE id = ?', undef, $gid);
my $name;
my $desc;
my $isactive;
@@ -583,27 +581,36 @@ sub doGroupChanges {
if ($name ne $cgi->param('oldname')) {
$chgs = 1;
- $sth = $dbh->do("UPDATE groups SET name = ? WHERE id = ?",
- undef, $name, $gid);
+ $dbh->do('UPDATE groups SET name = ? WHERE id = ?',
+ undef, ($name, $gid));
}
if ($desc ne $cgi->param('olddesc')) {
$chgs = 1;
- $sth = $dbh->do("UPDATE groups SET description = ? WHERE id = ?",
- undef, $desc, $gid);
+ $dbh->do('UPDATE groups SET description = ? WHERE id = ?',
+ undef, ($desc, $gid));
}
if ($isactive ne $cgi->param('oldisactive')) {
$chgs = 1;
- $sth = $dbh->do("UPDATE groups SET isactive = ? WHERE id = ?",
- undef, $isactive, $gid);
+ $dbh->do('UPDATE groups SET isactive = ? WHERE id = ?',
+ undef, ($isactive, $gid));
}
}
if ($regexp ne $cgi->param('oldregexp')) {
$chgs = 1;
- $sth = $dbh->do("UPDATE groups SET userregexp = ? WHERE id = ?",
- undef, $regexp, $gid);
+ $dbh->do('UPDATE groups SET userregexp = ? WHERE id = ?',
+ undef, ($regexp, $gid));
RederiveRegexp($regexp, $gid);
}
+ my $sthInsert = $dbh->prepare('INSERT INTO group_group_map
+ (member_id, grantor_id, grant_type)
+ VALUES (?, ?, ?)');
+
+ my $sthDelete = $dbh->prepare('DELETE FROM group_group_map
+ WHERE member_id = ?
+ AND grantor_id = ?
+ AND grant_type = ?');
+
foreach my $b (grep {/^oldgrp-\d*$/} $cgi->param()) {
if (defined($cgi->param($b))) {
$b =~ /^oldgrp-(\d+)$/;
@@ -612,13 +619,9 @@ sub doGroupChanges {
if (($v != $gid) && ($cgi->param("oldgrp-$v") != $grp)) {
$chgs = 1;
if ($grp != 0) {
- SendSQL("INSERT INTO group_group_map
- (member_id, grantor_id, grant_type)
- VALUES ($v, $gid," . GROUP_MEMBERSHIP . ")");
+ $sthInsert->execute($v, $gid, GROUP_MEMBERSHIP);
} else {
- SendSQL("DELETE FROM group_group_map
- WHERE member_id = $v AND grantor_id = $gid
- AND grant_type = " . GROUP_MEMBERSHIP);
+ $sthDelete->execute($v, $gid, GROUP_MEMBERSHIP);
}
}
@@ -627,13 +630,9 @@ sub doGroupChanges {
if ((defined $oldbless) and ($oldbless != $bless)) {
$chgs = 1;
if ($bless != 0) {
- SendSQL("INSERT INTO group_group_map
- (member_id, grantor_id, grant_type)
- VALUES ($v, $gid," . GROUP_BLESS . ")");
+ $sthInsert->execute($v, $gid, GROUP_BLESS);
} else {
- SendSQL("DELETE FROM group_group_map
- WHERE member_id = $v AND grantor_id = $gid
- AND grant_type = " . GROUP_BLESS);
+ $sthDelete->execute($v, $gid, GROUP_BLESS);
}
}
@@ -642,22 +641,19 @@ sub doGroupChanges {
&& ($cgi->param("oldcansee-$v") != $cansee)) {
$chgs = 1;
if ($cansee != 0) {
- SendSQL("INSERT INTO group_group_map
- (member_id, grantor_id, grant_type)
- VALUES ($v, $gid," . GROUP_VISIBLE . ")");
+ $sthInsert->execute($v, $gid, GROUP_VISIBLE);
} else {
- SendSQL("DELETE FROM group_group_map
- WHERE member_id = $v AND grantor_id = $gid
- AND grant_type = " . GROUP_VISIBLE);
+ $sthDelete->execute($v, $gid, GROUP_VISIBLE);
}
}
}
}
-
+
if ($chgs) {
# mark the changes
- SendSQL("UPDATE groups SET last_changed = NOW() WHERE id = $gid");
+ $dbh->do('UPDATE groups SET last_changed = NOW()
+ WHERE id = ?', undef, $gid);
}
$dbh->bz_unlock_tables();
return $gid, $chgs, $name, $regexp;