summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CGI.pl3
-rwxr-xr-xeditgroups.cgi470
-rwxr-xr-xenter_bug.cgi76
-rwxr-xr-xpost_bug.cgi6
4 files changed, 508 insertions, 47 deletions
diff --git a/CGI.pl b/CGI.pl
index 6f31f604f..e70da5d4d 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -943,6 +943,9 @@ sub GetCommandMenu {
if (UserInGroup("editcomponents")) {
$html .= ", <a href=editproducts.cgi>components</a>";
}
+ if (UserInGroup("creategroups")) {
+ $html .= ", <a href=editgroups.cgi>groups</a>";
+ }
if (UserInGroup("editkeywords")) {
$html .= ", <a href=editkeywords.cgi>keywords</a>";
}
diff --git a/editgroups.cgi b/editgroups.cgi
new file mode 100755
index 000000000..1f329d8ac
--- /dev/null
+++ b/editgroups.cgi
@@ -0,0 +1,470 @@
+#!/usr/bonsaitools/bin/perl -w
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Netscape Communications
+# Corporation. Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): Dave Miller <dave@intrec.com>
+
+# Code derived from editowners.cgi and editusers.cgi
+
+use diagnostics;
+use strict;
+
+require "CGI.pl";
+
+confirm_login();
+
+print "Content-type: text/html\n\n";
+
+if (!UserInGroup("creategroups")) {
+ PutHeader("Not Authorized","Edit Groups","","Not Authorized for this function!");
+ print "<H1>Sorry, you aren't a member of the 'creategroups' group.</H1>\n";
+ print "And so, you aren't allowed to edit the groups.\n";
+ print "<p>\n";
+ PutFooter();
+ exit;
+}
+
+my $action = trim($::FORM{action} || '');
+
+# TestGroup: check if the group name exists
+sub TestGroup ($)
+{
+ my $group = shift;
+
+ # does the group exist?
+ SendSQL("SELECT name
+ FROM groups
+ WHERE name=" . SqlQuote($group));
+ return FetchOneColumn();
+}
+
+sub ShowError ($)
+{
+ my $msgtext = shift;
+ print "<TABLE BGCOLOR=\"#FF0000\" CELLPADDING=15><TR><TD>";
+ print "<B>$msgtext</B>";
+ print "</TD></TR></TABLE><P>";
+ return 1;
+}
+
+#
+# Displays a text like "a.", "a or b.", "a, b or c.", "a, b, c or d."
+#
+
+sub PutTrailer (@)
+{
+ my (@links) = ("<a href=index.html>Back to the Main Bugs Page</a>", @_);
+
+ my $count = $#links;
+ my $num = 0;
+ print "<P>\n";
+ foreach (@links) {
+ print $_;
+ if ($num == $count) {
+ print ".\n";
+ }
+ elsif ($num == $count-1) {
+ print " or ";
+ }
+ else {
+ print ", ";
+ }
+ $num++;
+ }
+ PutFooter();
+}
+
+#
+# action='' -> No action specified, get a list.
+#
+
+unless ($action) {
+ PutHeader("Edit Groups","Edit Groups","This lets you edit the groups available to put users in.");
+
+ print "<form method=post action=editgroups.cgi>\n";
+ print "<table border=1>\n";
+ print "<tr>";
+ print "<th>Bit</th>";
+ print "<th>Name</th>";
+ print "<th>Description</th>";
+ print "<th>User RegExp</th>";
+ print "<th>Action</th>";
+ print "</tr>\n";
+
+ SendSQL("SELECT bit,name,description,userregexp " .
+ "FROM groups " .
+ "WHERE isbuggroup != 0 " .
+ "ORDER BY bit");
+
+ while (MoreSQLData()) {
+ my ($bit, $name, $desc, $regexp) = FetchSQLData();
+ print "<tr>\n";
+ print "<td valign=middle>$bit</td>\n";
+ print "<td><input size=20 name=\"name-$bit\" value=\"$name\">\n";
+ print "<input type=hidden name=\"oldname-$bit\" value=\"$name\"></td>\n";
+ print "<td><input size=40 name=\"desc-$bit\" value=\"$desc\">\n";
+ print "<input type=hidden name=\"olddesc-$bit\" value=\"$desc\"></td>\n";
+ print "<td><input size=30 name=\"regexp-$bit\" value=\"$regexp\">\n";
+ print "<input type=hidden name=\"oldregexp-$bit\" value=\"$regexp\"></td>\n";
+ print "<td align=center valign=middle><a href=\"editgroups.cgi?action=del&group=$bit\">Delete</a></td>\n";
+ print "</tr>\n";
+ }
+
+ print "<tr>\n";
+ print "<td colspan=4></td>\n";
+ print "<td><a href=\"editgroups.cgi?action=add\">Add Group</a></td>\n";
+ print "</tr>\n";
+ print "</table>\n";
+ print "<input type=hidden name=\"action\" value=\"update\">";
+ print "<input type=submit value=\"Submit changes\">\n";
+ print "</form>\n";
+
+ print "<p>";
+ print "<b>Name</b> is what is used with the UserInGroup() function in any
+customized cgi files you write that use a given group. It can also be used by
+people submitting bugs by email to limit a bug to a certain groupset. It
+may not contain any spaces.<p>";
+ print "<b>Description</b> is what will be shown in the bug reports to
+members of the group where they can choose whether the bug will be restricted
+to others in the same group.<p>";
+ print "<b>User RegExp</b> is optional, and if filled in, will automatically
+grant membership to this group to anyone creating a new account with an
+email address that matches this regular expression.<p>";
+ print "In addition, the following groups that determine user privileges
+exist. You can not edit these, but you need to know they are here, because
+you can't duplicate the Names of any of them in your user groups either.<p>";
+
+ print "<table border=1>\n";
+ print "<tr>";
+ print "<th>Bit</th>";
+ print "<th>Name</th>";
+ print "<th>Description</th>";
+ print "</tr>\n";
+
+ SendSQL("SELECT bit,name,description " .
+ "FROM groups " .
+ "WHERE isbuggroup = 0 " .
+ "ORDER BY bit");
+
+ while (MoreSQLData()) {
+ my ($bit, $name, $desc) = FetchSQLData();
+ print "<tr>\n";
+ print "<td>$bit</td>\n";
+ print "<td>$name</td>\n";
+ print "<td>$desc</td>\n";
+ print "</tr>\n";
+ }
+
+ print "</table><p>\n";
+
+ PutFooter();
+ exit;
+}
+
+#
+# action='add' -> present form for parameters for new group
+#
+# (next action will be 'new')
+#
+
+if ($action eq 'add') {
+ PutHeader("Add group");
+
+ print "<FORM METHOD=POST ACTION=editgroups.cgi>\n";
+ print "<TABLE BORDER=1 CELLPADDING=4 CELLSPACING=0><TR>\n";
+ print "<th>New Name</th>";
+ print "<th>New Description</th>";
+ print "<th>New User RegExp</th>";
+ print "</tr><tr>";
+ print "<td><input size=20 name=\"name\"></td>\n";
+ print "<td><input size=40 name=\"desc\"></td>\n";
+ print "<td><input size=30 name=\"regexp\"></td>\n";
+ print "</TR></TABLE>\n<HR>\n";
+ print "<INPUT TYPE=SUBMIT VALUE=\"Add\">\n";
+ print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"new\">\n";
+ print "</FORM>";
+
+ print "<p>";
+ print "<b>Name</b> is what is used with the UserInGroup() function in any
+customized cgi files you write that use a given group. It can also be used by
+people submitting bugs by email to limit a bug to a certain groupset. It
+may not contain any spaces.<p>";
+ print "<b>Description</b> is what will be shown in the bug reports to
+members of the group where they can choose whether the bug will be restricted
+to others in the same group.<p>";
+ print "<b>User RegExp</b> is optional, and if filled in, will automatically
+grant membership to this group to anyone creating a new account with an
+email address that matches this regular expression.<p>";
+
+ PutTrailer("<a href=editgroups.cgi>Back to the group list</a>");
+ exit;
+}
+
+
+
+#
+# action='new' -> add group entered in the 'action=add' screen
+#
+
+if ($action eq 'new') {
+ PutHeader("Adding new group");
+
+ # Cleanups and valididy checks
+ my $name = trim($::FORM{name} || '');
+ my $desc = trim($::FORM{desc} || '');
+ my $regexp = trim($::FORM{regexp} || '');
+
+ unless ($name) {
+ ShowError("You must enter a name for the new group.<BR>" .
+ "Please click the <b>Back</b> button and try again.");
+ PutFooter();
+ exit;
+ }
+ unless ($desc) {
+ ShowError("You must enter a description for the new group.<BR>" .
+ "Please click the <b>Back</b> button and try again.");
+ PutFooter();
+ exit;
+ }
+ if (TestGroup($name)) {
+ ShowError("The group '" . $name . "' already exists.<BR>" .
+ "Please click the <b>Back</b> button and try again.");
+ PutFooter();
+ exit;
+ }
+
+ # Major hack for bit values... perl can't handle 64-bit ints, so I can't
+ # just do the math to get the next available bit number, gotta handle
+ # them as strings... also, we're actually only going to allow 63 bits
+ # because that's all that opblessgroupset masks for (the high bit is off
+ # to avoid signing issues).
+
+ my @bitvals = ('1','2','4','8','16','32','64','128','256','512','1024',
+ '2048','4096','8192','16384','32768',
+
+ '65535','131072','262144','524288','1048576','2097152',
+ '4194304','8388608','16777216','33554432','67108864',
+ '134217728','268435456','536870912','1073741824',
+ '2147483648',
+
+ '4294967296','8589934592','17179869184','34359738368',
+ '68719476736','137438953472','274877906944',
+ '549755813888','1099511627776','2199023255552',
+ '4398046511104','8796093022208','17592186044416',
+ '35184372088832','70368744177664','140737488355328',
+
+ '281474976710656','562949953421312','1125899906842624',
+ '2251799813685248','4503599627370496','9007199254740992',
+ '18014398509481984','36028797018963968','72057594037927936',
+ '144115188075855872','288230376151711744',
+ '576460752303423488','1152921504606846976',
+ '2305843009213693958','4611686018427387916');
+
+ # First the next available bit
+ my $bit = "";
+ foreach (@bitvals) {
+ if ($bit == "") {
+ SendSQL("SELECT bit FROM groups WHERE bit=" . SqlQuote($_));
+ if (!FetchOneColumn()) { $bit = $_; }
+ }
+ }
+ if ($bit == "") {
+ ShowError("Sorry, you already have the maximum number of groups " .
+ "defined.<BR><BR>You must delete a group first before you " .
+ "can add any more.</B>");
+ PutTrailer("<a href=editgroups.cgi>Back to the group list</a>");
+ exit;
+ }
+
+ # Add the new group
+ SendSQL("INSERT INTO groups ( " .
+ "bit, name, description, isbuggroup, userregexp" .
+ " ) VALUES ( " .
+ $bit . "," .
+ SqlQuote($name) . "," .
+ SqlQuote($desc) . "," .
+ "1," .
+ SqlQuote($regexp) . ")" );
+
+ print "OK, done.<p>\n";
+ print "Your new group was assigned bit #$bit.<p>";
+ PutTrailer("<a href=\"editgroups.cgi?action=add\">Add another group</a>",
+ "<a href=\"editgroups.cgi\">Back to the group list</a>");
+ exit;
+}
+
+#
+# action='del' -> ask if user really wants to delete
+#
+# (next action would be 'delete')
+#
+
+if ($action eq 'del') {
+ PutHeader("Delete group");
+ my $bit = trim($::FORM{group} || '');
+ unless ($bit) {
+ ShowError("No group specified.<BR>" .
+ "Click the <b>Back</b> button and try again.");
+ PutFooter();
+ exit;
+ }
+ SendSQL("SELECT bit FROM groups WHERE bit=" . SqlQuote($bit));
+ if (!FetchOneColumn()) {
+ ShowError("That group doesn't exist.<BR>" .
+ "Click the <b>Back</b> button and try again.");
+ PutFooter();
+ exit;
+ }
+ SendSQL("SELECT name,description " .
+ "FROM groups " .
+ "WHERE bit = " . SqlQuote($bit));
+
+ my ($name, $desc) = FetchSQLData();
+ print "<table border=1>\n";
+ print "<tr>";
+ print "<th>Bit</th>";
+ print "<th>Name</th>";
+ print "<th>Description</th>";
+ print "</tr>\n";
+ print "<tr>\n";
+ print "<td>$bit</td>\n";
+ print "<td>$name</td>\n";
+ print "<td>$desc</td>\n";
+ print "</tr>\n";
+ print "</table>\n";
+
+ print "<H2>Confirmation</H2>\n";
+ print "<P>Do you really want to delete this group?<P>\n";
+
+ print "<FORM METHOD=POST ACTION=editgroups.cgi>\n";
+ print "<INPUT TYPE=SUBMIT VALUE=\"Yes, delete\">\n";
+ print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"delete\">\n";
+ print "<INPUT TYPE=HIDDEN NAME=\"group\" VALUE=\"$bit\">\n";
+ print "</FORM>";
+
+ PutTrailer("<a href=editgroups.cgi>No, go back to the group list</a>");
+ exit;
+}
+
+#
+# action='delete' -> really delete the group
+#
+
+if ($action eq 'delete') {
+ PutHeader("Deleting user");
+ ShowError("This function has not been implemented yet! (Sorry)<br>" .
+ "Try again later");
+
+ print "
+Deleting a group is not as easy as it sounds:<p>
+<OL>
+<LI>All users have to be checked to ensure anyone who is a member of this group is first removed from membership.
+<LI>All bugs have to be checked to ensure no bugs are set to use this group.
+</OL>
+If the above is not done, conflicts may occur if a new group is created that uses a bit number that has already been used in the past.<p>
+Deleting a group will be implemented very shortly, stay tuned!
+I just figured most people would be more interested in adding and editing
+groups for the time being, so I would get that done first, so I could get this out here for people to use. :)<p>
+Watch <a href=\"http://bugzilla.mozilla.org/show_bug.cgi?id=25010\">Bug 25010</a> on Mozilla's bugzilla for details.
+<p>
+";
+
+ PutTrailer("<a href=editgroups.cgi>Back to group list</a>");
+ exit;
+}
+
+#
+# action='update' -> update the groups
+#
+
+if ($action eq 'update') {
+ PutHeader("Updating groups");
+
+ my $chgs = 0;
+
+ foreach my $b (grep(/^name-\d*$/, keys %::FORM)) {
+ if ($::FORM{$b}) {
+ my $v = substr($b, 5);
+
+# print "Old: '" . $::FORM{"oldname-$v"} . "', '" . $::FORM{"olddesc-$v"} .
+# "', '" . $::FORM{"oldregexp-$v"} . "'<br>";
+# print "New: '" . $::FORM{"name-$v"} . "', '" . $::FORM{"desc-$v"} .
+# "', '" . $::FORM{"regexp-$v"} . "'<br>";
+
+ if ($::FORM{"oldname-$v"} ne $::FORM{"name-$v"}) {
+ $chgs = 1;
+ SendSQL("SELECT name FROM groups WHERE name=" .
+ SqlQuote($::FORM{"name-$v"}));
+ if (!FetchOneColumn()) {
+ SendSQL("UPDATE groups SET name=" .
+ SqlQuote($::FORM{"name-$v"}) .
+ " WHERE bit=" . SqlQuote($v));
+ print "Group $v name updated.<br>\n";
+ } else {
+ ShowError("Duplicate name '" . $::FORM{"name-$v"} .
+ "' specified for group $v.<BR>" .
+ "Update of group $v name skipped.");
+ }
+ }
+ if ($::FORM{"olddesc-$v"} ne $::FORM{"desc-$v"}) {
+ $chgs = 1;
+ SendSQL("SELECT description FROM groups WHERE description=" .
+ SqlQuote($::FORM{"desc-$v"}));
+ if (!FetchOneColumn()) {
+ SendSQL("UPDATE groups SET description=" .
+ SqlQuote($::FORM{"desc-$v"}) .
+ " WHERE bit=" . SqlQuote($v));
+ print "Group $v description updated.<br>\n";
+ } else {
+ ShowError("Duplicate description '" . $::FORM{"desc-$v"} .
+ "' specified for group $v.<BR>" .
+ "Update of group $v description skipped.");
+ }
+ }
+ if ($::FORM{"oldregexp-$v"} ne $::FORM{"regexp-$v"}) {
+ $chgs = 1;
+ SendSQL("UPDATE groups SET userregexp=" .
+ SqlQuote($::FORM{"regexp-$v"}) .
+ " WHERE bit=" . SqlQuote($v));
+ print "Group $v user regexp updated.<br>\n";
+ }
+ }
+ }
+ if (!$chgs) {
+ print "You didn't change anything!<BR>\n";
+ print "If you really meant it, hit the <B>Back</B> button and try again.<p>\n";
+ } else {
+ print "Done.<p>\n";
+ }
+ PutTrailer("<a href=editgroups.cgi>Back to the group list</a>");
+ exit;
+}
+
+#
+# No valid action found
+#
+
+PutHeader("Error");
+print "I don't have a clue what you want.<BR>\n";
+
+foreach ( sort keys %::FORM) {
+ print "$_: $::FORM{$_}<BR>\n";
+}
+
+PutTrailer("<a href=editgroups.cgi>Try the group list</a>");
diff --git a/enter_bug.cgi b/enter_bug.cgi
index f89f2f436..086372d23 100755
--- a/enter_bug.cgi
+++ b/enter_bug.cgi
@@ -250,15 +250,17 @@ PutHeader ("Enter Bug","Enter Bug","This page lets you enter a new bug into Bugz
# Modified, -JMR, 2/24,00
# If the usebuggroupsentry parameter is set, we need to check and make sure
# that the user has permission to enter a bug against this product.
-if(Param("usebuggroupsentry")) {
- if(!UserInGroup($product)) {
- print "<H1>Permission denied.</H1>\n";
- print "Sorry; you do not have the permissions necessary to enter\n";
- print "a bug against this product.\n";
- print "<P>\n";
- PutFooter();
- exit;
- }
+# Modified, -DDM, 3/11/00
+# added GroupExists check so we don't choke on a groupless product
+if(Param("usebuggroupsentry")
+ && GroupExists($product)
+ && !UserInGroup($product)) {
+ print "<H1>Permission denied.</H1>\n";
+ print "Sorry; you do not have the permissions necessary to enter\n";
+ print "a bug against this product.\n";
+ print "<P>\n";
+ PutFooter();
+ exit;
}
# Modified, -JMR, 2/18/00
@@ -271,14 +273,17 @@ if(Param("usebuggroupsentry")) {
# the database, (2) insert the select box in the giant print statements below,
# and (3) update post_bug.cgi to process the additional input field.
+# Modified, -DDM, 3/11/00
+# Only need the bit here, and not the description. Description is gotten
+# when the select boxes for all the groups this user has access to are read
+# in later on.
# First we get the bit and description for the group.
my $group_bit=0;
-my $group_desc;
if(Param("usebuggroups") && GroupExists($product)) {
- SendSQL("select bit, description from groups ".
+ SendSQL("select bit from groups ".
"where name = ".SqlQuote($product)." ".
"and isbuggroup != 0");
- ($group_bit, $group_desc) = FetchSQLData();
+ ($group_bit) = FetchSQLData();
}
print "
@@ -388,33 +393,6 @@ print "
value_quote(formvalue('comment')) .
"</TEXTAREA><BR></td>
</tr>";
-# In between the Description field and the Submit buttons, we'll put in the
-# select box for the bug group, if necessary.
-# Rather than waste time with another Param check and another database access,
-# $group_bit will only have a non-zero value if we're using bug groups and have
-# one for this product, so I'll check on that instead here. -JMR, 2/18/00
-if($group_bit) {
- # In addition, we need to handle the possibility that we're coming from
- # a bookmark template. We'll simply check if we've got a parameter called
- # groupset passed with a value other than the current bit. If so, then we're
- # coming from a template, and we don't have group_bit set, so turn it off.
- my $check0 = (formvalue("groupset",$group_bit) == $group_bit) ? "" : " SELECTED";
- my $check1 = ($check0 eq "") ? " SELECTED" : "";
- print "
- <tr>
- <td align=right><B>Access:</td>
- <td colspan=5>
- <select name=\"groupset\">
- <option value=0$check0>
- People not in the \"$group_desc\" group can see this bug
- </option>
- <option value=$group_bit$check1>
- Only people in the \"$group_desc\" group can see this bug
- </option>
- </select>
- </td>
- </tr>"
-}
print "
<tr>
@@ -424,15 +402,31 @@ print "
if ($::usergroupset ne '0') {
SendSQL("SELECT bit, description FROM groups " .
"WHERE bit & $::usergroupset != 0 " .
- " AND isbuggroup != 0 ORDER BY bit");
+ " AND isbuggroup != 0 ORDER BY description");
while (MoreSQLData()) {
my ($bit, $description) = (FetchSQLData());
+ # Rather than waste time with another Param check and another database
+ # access, $group_bit will only have a non-zero value if we're using
+ # bug groups and have one for this product, so I'll check on that
+ # instead here. -JMR, 2/18/00
+ # Moved this check to this location to fix conflict with existing
+ # select-box patch. Also, if $group_bit is 0, it won't match the
+ # current group, either, so I'll compare it to the current bit
+ # instead of checking for non-zero. -DDM, 3/11/00
+ my $check = 0; # default selection
+ if($group_bit == $bit) {
+ # In addition, we need to handle the possibility that we're coming
+ # from a bookmark template. We'll simply check if we've got a
+ # parameter called bit-# passed. If so, then we're coming from a
+ # template, and we'll use the template value.
+ $check = formvalue("bit-$bit","1");
+ }
print BuildPulldown("bit-$bit",
[["0",
"People not in the \"$description\" group can see this bug"],
["1",
"Only people in the \"$description\" group can see this bug"]],
- 0);
+ $check);
print "<BR>\n";
}
}
diff --git a/post_bug.cgi b/post_bug.cgi
index 236213559..5695e5f0c 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -121,12 +121,6 @@ if (Param("useqacontact")) {
}
}
-# If we're using bug groups, we need to include the groupset in the list of
-# fields. -JMR, 2/18/00
-if(Param("usebuggroups")) {
- push(@bug_fields, "groupset");
-}
-
if (exists $::FORM{'bug_status'}) {
if (!UserInGroup("canedit") && !UserInGroup("canconfirm")) {
delete $::FORM{'bug_status'};