diff options
| -rw-r--r-- | Bugzilla/Install.pm | 116 | ||||
| -rw-r--r-- | Bugzilla/Install/DB.pm | 5 | ||||
| -rwxr-xr-x | checksetup.pl | 105 |
3 files changed, 122 insertions, 104 deletions
diff --git a/Bugzilla/Install.pm b/Bugzilla/Install.pm index 9c2349199..1a910f8e0 100644 --- a/Bugzilla/Install.pm +++ b/Bugzilla/Install.pm @@ -58,6 +58,55 @@ use constant SETTINGS => { }; +use constant SYSTEM_GROUPS => ( + { + name => 'admin', + description => 'Administrators' + }, + { + name => 'tweakparams', + description => 'Can change Parameters' + }, + { + name => 'editusers', + description => 'Can edit or disable users' + }, + { + name => 'creategroups', + description => 'Can create and destroy groups' + }, + { + name => 'editclassifications', + description => 'Can create, destroy, and edit classifications' + }, + { + name => 'editcomponents', + description => 'Can create, destroy, and edit components' + }, + { + name => 'editkeywords', + description => 'Can create, destroy, and edit keywords' + }, + { + name => 'editbugs', + description => 'Can edit all bug fields', + userregexp => '.*' + }, + { + name => 'canconfirm', + description => 'Can confirm a bug or mark it a duplicate' + }, + { + name => 'bz_canusewhines', + description => 'User can configure whine reports for self' + }, + { + name => 'bz_sudoers', + description => 'Can perform actions as other users' + }, + # There are also other groups created in update_system_groups. +); + use constant DEFAULT_CLASSIFICATION => { name => 'Unclassified', description => 'Unassigned to any classification' @@ -87,6 +136,73 @@ sub update_settings { } } +sub update_system_groups { + my $dbh = Bugzilla->dbh; + + # Create most of the system groups + foreach my $definition (SYSTEM_GROUPS) { + my $exists = new Bugzilla::Group({ name => $definition->{name} }); + $definition->{isbuggroup} = 0; + Bugzilla::Group->create($definition) unless $exists; + } + + # Certain groups need something done after they are created. We do + # that here. + + # Make sure people who can whine at others can also whine. + if (!new Bugzilla::Group({name => 'bz_canusewhineatothers'})) { + my $whineatothers = Bugzilla::Group->create({ + name => 'bz_canusewhineatothers', + description => 'Can configure whine reports for other users', + isbuggroup => 0 }); + my $whine = new Bugzilla::Group({ name => 'bz_canusewhines' }); + + $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) + VALUES (?,?)', undef, $whine->id, $whineatothers->id); + } + + # Make sure sudoers are automatically protected from being sudoed. + if (!new Bugzilla::Group({name => 'bz_sudo_protect'})) { + my $sudo_protect = Bugzilla::Group->create({ + name => 'bz_sudo_protect', + description => 'Can not be impersonated by other users', + isbuggroup => 0 }); + my $sudo = new Bugzilla::Group({ name => 'bz_sudoers' }); + $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) + VALUES (?,?)', undef, $sudo_protect->id, $sudo->id); + } + + # Re-evaluate all regexps, to keep them up-to-date. + my $sth = $dbh->prepare( + "SELECT profiles.userid, profiles.login_name, groups.id, + groups.userregexp, user_group_map.group_id + FROM (profiles CROSS JOIN groups) + LEFT JOIN user_group_map + ON user_group_map.user_id = profiles.userid + AND user_group_map.group_id = groups.id + AND user_group_map.grant_type = ? + WHERE userregexp != '' OR user_group_map.group_id IS NOT NULL"); + + my $sth_add = $dbh->prepare( + "INSERT INTO user_group_map (user_id, group_id, isbless, grant_type) + VALUES (?, ?, 0, " . GRANT_REGEXP . ")"); + + my $sth_del = $dbh->prepare( + "DELETE FROM user_group_map + WHERE user_id = ? AND group_id = ? AND isbless = 0 + AND grant_type = " . GRANT_REGEXP); + + $sth->execute(GRANT_REGEXP); + while (my ($uid, $login, $gid, $rexp, $present) = $sth->fetchrow_array()) { + if ($login =~ m/$rexp/i) { + $sth_add->execute($uid, $gid) unless $present; + } else { + $sth_del->execute($uid, $gid) if $present; + } + } + +} + # This function should be called only after creating the admin user. sub create_default_product { my $dbh = Bugzilla->dbh; diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm index e4e4e97fe..2e364c540 100644 --- a/Bugzilla/Install/DB.pm +++ b/Bugzilla/Install/DB.pm @@ -416,6 +416,11 @@ sub update_table_definitions { _copy_attachments_thedata_to_attach_data(); _fix_broken_all_closed_series(); + # 2005-08-14 bugreport@peshkin.net -- Bug 304583 + # Get rid of leftover DERIVED group permissions + use constant GRANT_DERIVED => 1; + $dbh->do("DELETE FROM user_group_map WHERE grant_type = " . GRANT_DERIVED); + # PUBLIC is a reserved word in Oracle. $dbh->bz_rename_column('series', 'public', 'is_public'); diff --git a/checksetup.pl b/checksetup.pl index 985a0da09..4a92e1ea1 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -390,9 +390,6 @@ $dbh->bz_populate_enum_tables(); update_filesystem({ index_html => $lc_hash->{'index_html'} }); create_htaccess() if $lc_hash->{'create_htaccess'}; -# XXX Some parts of checksetup still need these, right now. -my $datadir = bz_locations()->{'datadir'}; - # Remove parameters from the params file that no longer exist in Bugzilla, # and set the defaults for new ones update_params({ answer => \%answer}); @@ -441,107 +438,7 @@ Bugzilla::Install::DB::update_table_definitions(); # Bugzilla uses --GROUPS-- to assign various rights to its users. ########################################################################### -my $admin_group = Bugzilla::Group->new({ name => 'admin' }) - || Bugzilla::Group->create({ - name => 'admin', description => 'Administrators', isbuggroup => 0 }); - -Bugzilla::Group->create({ name => 'tweakparams', - description => 'Can tweak operating parameters', isbuggroup => 0 }) - unless new Bugzilla::Group({ name => 'tweakparams' }); - -Bugzilla::Group->create({ name => 'editusers', - description => 'Can edit or disable users', isbuggroup => 0 }) - unless new Bugzilla::Group({ name => 'editusers' }); - -Bugzilla::Group->create({ name => 'creategroups', - description => 'Can create and destroy groups.', isbuggroup => 0 }) - unless new Bugzilla::Group({ name => 'creategroups' }); - -Bugzilla::Group->create({ name => 'editclassifications', - description => 'Can create, destroy, and edit classifications.', - isbuggroup => 0 }) - unless new Bugzilla::Group({ name => 'editclassifications' }); - -Bugzilla::Group->create({ name => 'editcomponents', - description => 'Can create, destroy, and edit components.', - isbuggroup => 0 }) - unless new Bugzilla::Group({ name => 'editcomponents' }); - -Bugzilla::Group->create({ name => 'editkeywords', - description => 'Can create, destroy, and edit keywords.', - isbuggroup => 0 }) - unless new Bugzilla::Group({ name => 'editkeywords' }); - -Bugzilla::Group->create({name => 'editbugs', - description => 'Can edit all bug fields.', userregexp => ".*", - isbuggroup => 0 }) - unless new Bugzilla::Group({name => "editbugs"}); - -Bugzilla::Group->create({ name => 'canconfirm', - description => 'Can confirm a bug.', userregexp => ".*", - isbuggroup => 0 }) - unless new Bugzilla::Group({name => "canconfirm"}); - -# Create bz_canusewhineatothers and bz_canusewhines -if (!new Bugzilla::Group({name => 'bz_canusewhines'})) { - my $whine = Bugzilla::Group->create({name => 'bz_canusewhines', - description => 'User can configure whine reports for self', - isbuggroup => 0 }); - my $whineatothers = Bugzilla::Group->create({ - name => 'bz_canusewhineatothers', - description => 'Can configure whine reports for other users', - isbuggroup => 0 }); - - $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) VALUES (?,?)', - undef, $whine->id, $whineatothers->id); -} - -# 2005-08-14 bugreport@peshkin.net -- Bug 304583 -use constant GRANT_DERIVED => 1; -# Get rid of leftover DERIVED group permissions -$dbh->do("DELETE FROM user_group_map WHERE grant_type = " . GRANT_DERIVED); -# Evaluate regexp-based group memberships -my $sth = $dbh->prepare("SELECT profiles.userid, profiles.login_name, - groups.id, groups.userregexp, - user_group_map.group_id - FROM (profiles - CROSS JOIN groups) - LEFT JOIN user_group_map - ON user_group_map.user_id = profiles.userid - AND user_group_map.group_id = groups.id - AND user_group_map.grant_type = ? - WHERE (userregexp != '' - OR user_group_map.group_id IS NOT NULL)"); - -my $sth_add = $dbh->prepare("INSERT INTO user_group_map - (user_id, group_id, isbless, grant_type) - VALUES(?, ?, 0, " . GRANT_REGEXP . ")"); - -my $sth_del = $dbh->prepare("DELETE FROM user_group_map - WHERE user_id = ? - AND group_id = ? - AND isbless = 0 - AND grant_type = " . GRANT_REGEXP); - -$sth->execute(GRANT_REGEXP); -while (my ($uid, $login, $gid, $rexp, $present) = $sth->fetchrow_array()) { - if ($login =~ m/$rexp/i) { - $sth_add->execute($uid, $gid) unless $present; - } else { - $sth_del->execute($uid, $gid) if $present; - } -} - -# 2005-10-10 karl@kornel.name -- Bug 204498 -if (!new Bugzilla::Group({name => 'bz_sudoers'})) { - my $sudo = Bugzilla::Group->create({name => 'bz_sudoers', - description => 'Can perform actions as other users', isbuggroup => 0 }); - my $sudo_protect = Bugzilla::Group->create({name => 'bz_sudo_protect', - description => 'Can not be impersonated by other users', - isbuggroup => 0 }); - $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) VALUES (?,?)', - undef, $sudo_protect->id, $sudo->id); -} +Bugzilla::Install::update_system_groups(); ########################################################################### # Create --SETTINGS-- users can adjust |