diff options
-rw-r--r-- | CGI.pl | 3 | ||||
-rwxr-xr-x | editgroups.cgi | 470 | ||||
-rwxr-xr-x | enter_bug.cgi | 76 | ||||
-rwxr-xr-x | post_bug.cgi | 6 |
4 files changed, 508 insertions, 47 deletions
@@ -943,6 +943,9 @@ sub GetCommandMenu { if (UserInGroup("editcomponents")) { $html .= ", <a href=editproducts.cgi>components</a>"; } + if (UserInGroup("creategroups")) { + $html .= ", <a href=editgroups.cgi>groups</a>"; + } if (UserInGroup("editkeywords")) { $html .= ", <a href=editkeywords.cgi>keywords</a>"; } diff --git a/editgroups.cgi b/editgroups.cgi new file mode 100755 index 000000000..1f329d8ac --- /dev/null +++ b/editgroups.cgi @@ -0,0 +1,470 @@ +#!/usr/bonsaitools/bin/perl -w +# -*- Mode: perl; indent-tabs-mode: nil -*- +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Bugzilla Bug Tracking System. +# +# The Initial Developer of the Original Code is Netscape Communications +# Corporation. Portions created by Netscape are +# Copyright (C) 1998 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): Dave Miller <dave@intrec.com> + +# Code derived from editowners.cgi and editusers.cgi + +use diagnostics; +use strict; + +require "CGI.pl"; + +confirm_login(); + +print "Content-type: text/html\n\n"; + +if (!UserInGroup("creategroups")) { + PutHeader("Not Authorized","Edit Groups","","Not Authorized for this function!"); + print "<H1>Sorry, you aren't a member of the 'creategroups' group.</H1>\n"; + print "And so, you aren't allowed to edit the groups.\n"; + print "<p>\n"; + PutFooter(); + exit; +} + +my $action = trim($::FORM{action} || ''); + +# TestGroup: check if the group name exists +sub TestGroup ($) +{ + my $group = shift; + + # does the group exist? + SendSQL("SELECT name + FROM groups + WHERE name=" . SqlQuote($group)); + return FetchOneColumn(); +} + +sub ShowError ($) +{ + my $msgtext = shift; + print "<TABLE BGCOLOR=\"#FF0000\" CELLPADDING=15><TR><TD>"; + print "<B>$msgtext</B>"; + print "</TD></TR></TABLE><P>"; + return 1; +} + +# +# Displays a text like "a.", "a or b.", "a, b or c.", "a, b, c or d." +# + +sub PutTrailer (@) +{ + my (@links) = ("<a href=index.html>Back to the Main Bugs Page</a>", @_); + + my $count = $#links; + my $num = 0; + print "<P>\n"; + foreach (@links) { + print $_; + if ($num == $count) { + print ".\n"; + } + elsif ($num == $count-1) { + print " or "; + } + else { + print ", "; + } + $num++; + } + PutFooter(); +} + +# +# action='' -> No action specified, get a list. +# + +unless ($action) { + PutHeader("Edit Groups","Edit Groups","This lets you edit the groups available to put users in."); + + print "<form method=post action=editgroups.cgi>\n"; + print "<table border=1>\n"; + print "<tr>"; + print "<th>Bit</th>"; + print "<th>Name</th>"; + print "<th>Description</th>"; + print "<th>User RegExp</th>"; + print "<th>Action</th>"; + print "</tr>\n"; + + SendSQL("SELECT bit,name,description,userregexp " . + "FROM groups " . + "WHERE isbuggroup != 0 " . + "ORDER BY bit"); + + while (MoreSQLData()) { + my ($bit, $name, $desc, $regexp) = FetchSQLData(); + print "<tr>\n"; + print "<td valign=middle>$bit</td>\n"; + print "<td><input size=20 name=\"name-$bit\" value=\"$name\">\n"; + print "<input type=hidden name=\"oldname-$bit\" value=\"$name\"></td>\n"; + print "<td><input size=40 name=\"desc-$bit\" value=\"$desc\">\n"; + print "<input type=hidden name=\"olddesc-$bit\" value=\"$desc\"></td>\n"; + print "<td><input size=30 name=\"regexp-$bit\" value=\"$regexp\">\n"; + print "<input type=hidden name=\"oldregexp-$bit\" value=\"$regexp\"></td>\n"; + print "<td align=center valign=middle><a href=\"editgroups.cgi?action=del&group=$bit\">Delete</a></td>\n"; + print "</tr>\n"; + } + + print "<tr>\n"; + print "<td colspan=4></td>\n"; + print "<td><a href=\"editgroups.cgi?action=add\">Add Group</a></td>\n"; + print "</tr>\n"; + print "</table>\n"; + print "<input type=hidden name=\"action\" value=\"update\">"; + print "<input type=submit value=\"Submit changes\">\n"; + print "</form>\n"; + + print "<p>"; + print "<b>Name</b> is what is used with the UserInGroup() function in any +customized cgi files you write that use a given group. It can also be used by +people submitting bugs by email to limit a bug to a certain groupset. It +may not contain any spaces.<p>"; + print "<b>Description</b> is what will be shown in the bug reports to +members of the group where they can choose whether the bug will be restricted +to others in the same group.<p>"; + print "<b>User RegExp</b> is optional, and if filled in, will automatically +grant membership to this group to anyone creating a new account with an +email address that matches this regular expression.<p>"; + print "In addition, the following groups that determine user privileges +exist. You can not edit these, but you need to know they are here, because +you can't duplicate the Names of any of them in your user groups either.<p>"; + + print "<table border=1>\n"; + print "<tr>"; + print "<th>Bit</th>"; + print "<th>Name</th>"; + print "<th>Description</th>"; + print "</tr>\n"; + + SendSQL("SELECT bit,name,description " . + "FROM groups " . + "WHERE isbuggroup = 0 " . + "ORDER BY bit"); + + while (MoreSQLData()) { + my ($bit, $name, $desc) = FetchSQLData(); + print "<tr>\n"; + print "<td>$bit</td>\n"; + print "<td>$name</td>\n"; + print "<td>$desc</td>\n"; + print "</tr>\n"; + } + + print "</table><p>\n"; + + PutFooter(); + exit; +} + +# +# action='add' -> present form for parameters for new group +# +# (next action will be 'new') +# + +if ($action eq 'add') { + PutHeader("Add group"); + + print "<FORM METHOD=POST ACTION=editgroups.cgi>\n"; + print "<TABLE BORDER=1 CELLPADDING=4 CELLSPACING=0><TR>\n"; + print "<th>New Name</th>"; + print "<th>New Description</th>"; + print "<th>New User RegExp</th>"; + print "</tr><tr>"; + print "<td><input size=20 name=\"name\"></td>\n"; + print "<td><input size=40 name=\"desc\"></td>\n"; + print "<td><input size=30 name=\"regexp\"></td>\n"; + print "</TR></TABLE>\n<HR>\n"; + print "<INPUT TYPE=SUBMIT VALUE=\"Add\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"new\">\n"; + print "</FORM>"; + + print "<p>"; + print "<b>Name</b> is what is used with the UserInGroup() function in any +customized cgi files you write that use a given group. It can also be used by +people submitting bugs by email to limit a bug to a certain groupset. It +may not contain any spaces.<p>"; + print "<b>Description</b> is what will be shown in the bug reports to +members of the group where they can choose whether the bug will be restricted +to others in the same group.<p>"; + print "<b>User RegExp</b> is optional, and if filled in, will automatically +grant membership to this group to anyone creating a new account with an +email address that matches this regular expression.<p>"; + + PutTrailer("<a href=editgroups.cgi>Back to the group list</a>"); + exit; +} + + + +# +# action='new' -> add group entered in the 'action=add' screen +# + +if ($action eq 'new') { + PutHeader("Adding new group"); + + # Cleanups and valididy checks + my $name = trim($::FORM{name} || ''); + my $desc = trim($::FORM{desc} || ''); + my $regexp = trim($::FORM{regexp} || ''); + + unless ($name) { + ShowError("You must enter a name for the new group.<BR>" . + "Please click the <b>Back</b> button and try again."); + PutFooter(); + exit; + } + unless ($desc) { + ShowError("You must enter a description for the new group.<BR>" . + "Please click the <b>Back</b> button and try again."); + PutFooter(); + exit; + } + if (TestGroup($name)) { + ShowError("The group '" . $name . "' already exists.<BR>" . + "Please click the <b>Back</b> button and try again."); + PutFooter(); + exit; + } + + # Major hack for bit values... perl can't handle 64-bit ints, so I can't + # just do the math to get the next available bit number, gotta handle + # them as strings... also, we're actually only going to allow 63 bits + # because that's all that opblessgroupset masks for (the high bit is off + # to avoid signing issues). + + my @bitvals = ('1','2','4','8','16','32','64','128','256','512','1024', + '2048','4096','8192','16384','32768', + + '65535','131072','262144','524288','1048576','2097152', + '4194304','8388608','16777216','33554432','67108864', + '134217728','268435456','536870912','1073741824', + '2147483648', + + '4294967296','8589934592','17179869184','34359738368', + '68719476736','137438953472','274877906944', + '549755813888','1099511627776','2199023255552', + '4398046511104','8796093022208','17592186044416', + '35184372088832','70368744177664','140737488355328', + + '281474976710656','562949953421312','1125899906842624', + '2251799813685248','4503599627370496','9007199254740992', + '18014398509481984','36028797018963968','72057594037927936', + '144115188075855872','288230376151711744', + '576460752303423488','1152921504606846976', + '2305843009213693958','4611686018427387916'); + + # First the next available bit + my $bit = ""; + foreach (@bitvals) { + if ($bit == "") { + SendSQL("SELECT bit FROM groups WHERE bit=" . SqlQuote($_)); + if (!FetchOneColumn()) { $bit = $_; } + } + } + if ($bit == "") { + ShowError("Sorry, you already have the maximum number of groups " . + "defined.<BR><BR>You must delete a group first before you " . + "can add any more.</B>"); + PutTrailer("<a href=editgroups.cgi>Back to the group list</a>"); + exit; + } + + # Add the new group + SendSQL("INSERT INTO groups ( " . + "bit, name, description, isbuggroup, userregexp" . + " ) VALUES ( " . + $bit . "," . + SqlQuote($name) . "," . + SqlQuote($desc) . "," . + "1," . + SqlQuote($regexp) . ")" ); + + print "OK, done.<p>\n"; + print "Your new group was assigned bit #$bit.<p>"; + PutTrailer("<a href=\"editgroups.cgi?action=add\">Add another group</a>", + "<a href=\"editgroups.cgi\">Back to the group list</a>"); + exit; +} + +# +# action='del' -> ask if user really wants to delete +# +# (next action would be 'delete') +# + +if ($action eq 'del') { + PutHeader("Delete group"); + my $bit = trim($::FORM{group} || ''); + unless ($bit) { + ShowError("No group specified.<BR>" . + "Click the <b>Back</b> button and try again."); + PutFooter(); + exit; + } + SendSQL("SELECT bit FROM groups WHERE bit=" . SqlQuote($bit)); + if (!FetchOneColumn()) { + ShowError("That group doesn't exist.<BR>" . + "Click the <b>Back</b> button and try again."); + PutFooter(); + exit; + } + SendSQL("SELECT name,description " . + "FROM groups " . + "WHERE bit = " . SqlQuote($bit)); + + my ($name, $desc) = FetchSQLData(); + print "<table border=1>\n"; + print "<tr>"; + print "<th>Bit</th>"; + print "<th>Name</th>"; + print "<th>Description</th>"; + print "</tr>\n"; + print "<tr>\n"; + print "<td>$bit</td>\n"; + print "<td>$name</td>\n"; + print "<td>$desc</td>\n"; + print "</tr>\n"; + print "</table>\n"; + + print "<H2>Confirmation</H2>\n"; + print "<P>Do you really want to delete this group?<P>\n"; + + print "<FORM METHOD=POST ACTION=editgroups.cgi>\n"; + print "<INPUT TYPE=SUBMIT VALUE=\"Yes, delete\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"delete\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"group\" VALUE=\"$bit\">\n"; + print "</FORM>"; + + PutTrailer("<a href=editgroups.cgi>No, go back to the group list</a>"); + exit; +} + +# +# action='delete' -> really delete the group +# + +if ($action eq 'delete') { + PutHeader("Deleting user"); + ShowError("This function has not been implemented yet! (Sorry)<br>" . + "Try again later"); + + print " +Deleting a group is not as easy as it sounds:<p> +<OL> +<LI>All users have to be checked to ensure anyone who is a member of this group is first removed from membership. +<LI>All bugs have to be checked to ensure no bugs are set to use this group. +</OL> +If the above is not done, conflicts may occur if a new group is created that uses a bit number that has already been used in the past.<p> +Deleting a group will be implemented very shortly, stay tuned! +I just figured most people would be more interested in adding and editing +groups for the time being, so I would get that done first, so I could get this out here for people to use. :)<p> +Watch <a href=\"http://bugzilla.mozilla.org/show_bug.cgi?id=25010\">Bug 25010</a> on Mozilla's bugzilla for details. +<p> +"; + + PutTrailer("<a href=editgroups.cgi>Back to group list</a>"); + exit; +} + +# +# action='update' -> update the groups +# + +if ($action eq 'update') { + PutHeader("Updating groups"); + + my $chgs = 0; + + foreach my $b (grep(/^name-\d*$/, keys %::FORM)) { + if ($::FORM{$b}) { + my $v = substr($b, 5); + +# print "Old: '" . $::FORM{"oldname-$v"} . "', '" . $::FORM{"olddesc-$v"} . +# "', '" . $::FORM{"oldregexp-$v"} . "'<br>"; +# print "New: '" . $::FORM{"name-$v"} . "', '" . $::FORM{"desc-$v"} . +# "', '" . $::FORM{"regexp-$v"} . "'<br>"; + + if ($::FORM{"oldname-$v"} ne $::FORM{"name-$v"}) { + $chgs = 1; + SendSQL("SELECT name FROM groups WHERE name=" . + SqlQuote($::FORM{"name-$v"})); + if (!FetchOneColumn()) { + SendSQL("UPDATE groups SET name=" . + SqlQuote($::FORM{"name-$v"}) . + " WHERE bit=" . SqlQuote($v)); + print "Group $v name updated.<br>\n"; + } else { + ShowError("Duplicate name '" . $::FORM{"name-$v"} . + "' specified for group $v.<BR>" . + "Update of group $v name skipped."); + } + } + if ($::FORM{"olddesc-$v"} ne $::FORM{"desc-$v"}) { + $chgs = 1; + SendSQL("SELECT description FROM groups WHERE description=" . + SqlQuote($::FORM{"desc-$v"})); + if (!FetchOneColumn()) { + SendSQL("UPDATE groups SET description=" . + SqlQuote($::FORM{"desc-$v"}) . + " WHERE bit=" . SqlQuote($v)); + print "Group $v description updated.<br>\n"; + } else { + ShowError("Duplicate description '" . $::FORM{"desc-$v"} . + "' specified for group $v.<BR>" . + "Update of group $v description skipped."); + } + } + if ($::FORM{"oldregexp-$v"} ne $::FORM{"regexp-$v"}) { + $chgs = 1; + SendSQL("UPDATE groups SET userregexp=" . + SqlQuote($::FORM{"regexp-$v"}) . + " WHERE bit=" . SqlQuote($v)); + print "Group $v user regexp updated.<br>\n"; + } + } + } + if (!$chgs) { + print "You didn't change anything!<BR>\n"; + print "If you really meant it, hit the <B>Back</B> button and try again.<p>\n"; + } else { + print "Done.<p>\n"; + } + PutTrailer("<a href=editgroups.cgi>Back to the group list</a>"); + exit; +} + +# +# No valid action found +# + +PutHeader("Error"); +print "I don't have a clue what you want.<BR>\n"; + +foreach ( sort keys %::FORM) { + print "$_: $::FORM{$_}<BR>\n"; +} + +PutTrailer("<a href=editgroups.cgi>Try the group list</a>"); diff --git a/enter_bug.cgi b/enter_bug.cgi index f89f2f436..086372d23 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -250,15 +250,17 @@ PutHeader ("Enter Bug","Enter Bug","This page lets you enter a new bug into Bugz # Modified, -JMR, 2/24,00 # If the usebuggroupsentry parameter is set, we need to check and make sure # that the user has permission to enter a bug against this product. -if(Param("usebuggroupsentry")) { - if(!UserInGroup($product)) { - print "<H1>Permission denied.</H1>\n"; - print "Sorry; you do not have the permissions necessary to enter\n"; - print "a bug against this product.\n"; - print "<P>\n"; - PutFooter(); - exit; - } +# Modified, -DDM, 3/11/00 +# added GroupExists check so we don't choke on a groupless product +if(Param("usebuggroupsentry") + && GroupExists($product) + && !UserInGroup($product)) { + print "<H1>Permission denied.</H1>\n"; + print "Sorry; you do not have the permissions necessary to enter\n"; + print "a bug against this product.\n"; + print "<P>\n"; + PutFooter(); + exit; } # Modified, -JMR, 2/18/00 @@ -271,14 +273,17 @@ if(Param("usebuggroupsentry")) { # the database, (2) insert the select box in the giant print statements below, # and (3) update post_bug.cgi to process the additional input field. +# Modified, -DDM, 3/11/00 +# Only need the bit here, and not the description. Description is gotten +# when the select boxes for all the groups this user has access to are read +# in later on. # First we get the bit and description for the group. my $group_bit=0; -my $group_desc; if(Param("usebuggroups") && GroupExists($product)) { - SendSQL("select bit, description from groups ". + SendSQL("select bit from groups ". "where name = ".SqlQuote($product)." ". "and isbuggroup != 0"); - ($group_bit, $group_desc) = FetchSQLData(); + ($group_bit) = FetchSQLData(); } print " @@ -388,33 +393,6 @@ print " value_quote(formvalue('comment')) . "</TEXTAREA><BR></td> </tr>"; -# In between the Description field and the Submit buttons, we'll put in the -# select box for the bug group, if necessary. -# Rather than waste time with another Param check and another database access, -# $group_bit will only have a non-zero value if we're using bug groups and have -# one for this product, so I'll check on that instead here. -JMR, 2/18/00 -if($group_bit) { - # In addition, we need to handle the possibility that we're coming from - # a bookmark template. We'll simply check if we've got a parameter called - # groupset passed with a value other than the current bit. If so, then we're - # coming from a template, and we don't have group_bit set, so turn it off. - my $check0 = (formvalue("groupset",$group_bit) == $group_bit) ? "" : " SELECTED"; - my $check1 = ($check0 eq "") ? " SELECTED" : ""; - print " - <tr> - <td align=right><B>Access:</td> - <td colspan=5> - <select name=\"groupset\"> - <option value=0$check0> - People not in the \"$group_desc\" group can see this bug - </option> - <option value=$group_bit$check1> - Only people in the \"$group_desc\" group can see this bug - </option> - </select> - </td> - </tr>" -} print " <tr> @@ -424,15 +402,31 @@ print " if ($::usergroupset ne '0') { SendSQL("SELECT bit, description FROM groups " . "WHERE bit & $::usergroupset != 0 " . - " AND isbuggroup != 0 ORDER BY bit"); + " AND isbuggroup != 0 ORDER BY description"); while (MoreSQLData()) { my ($bit, $description) = (FetchSQLData()); + # Rather than waste time with another Param check and another database + # access, $group_bit will only have a non-zero value if we're using + # bug groups and have one for this product, so I'll check on that + # instead here. -JMR, 2/18/00 + # Moved this check to this location to fix conflict with existing + # select-box patch. Also, if $group_bit is 0, it won't match the + # current group, either, so I'll compare it to the current bit + # instead of checking for non-zero. -DDM, 3/11/00 + my $check = 0; # default selection + if($group_bit == $bit) { + # In addition, we need to handle the possibility that we're coming + # from a bookmark template. We'll simply check if we've got a + # parameter called bit-# passed. If so, then we're coming from a + # template, and we'll use the template value. + $check = formvalue("bit-$bit","1"); + } print BuildPulldown("bit-$bit", [["0", "People not in the \"$description\" group can see this bug"], ["1", "Only people in the \"$description\" group can see this bug"]], - 0); + $check); print "<BR>\n"; } } diff --git a/post_bug.cgi b/post_bug.cgi index 236213559..5695e5f0c 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -121,12 +121,6 @@ if (Param("useqacontact")) { } } -# If we're using bug groups, we need to include the groupset in the list of -# fields. -JMR, 2/18/00 -if(Param("usebuggroups")) { - push(@bug_fields, "groupset"); -} - if (exists $::FORM{'bug_status'}) { if (!UserInGroup("canedit") && !UserInGroup("canconfirm")) { delete $::FORM{'bug_status'}; |