diff options
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Install.pm | 116 | ||||
-rw-r--r-- | Bugzilla/Install/DB.pm | 5 |
2 files changed, 121 insertions, 0 deletions
diff --git a/Bugzilla/Install.pm b/Bugzilla/Install.pm index 9c2349199..1a910f8e0 100644 --- a/Bugzilla/Install.pm +++ b/Bugzilla/Install.pm @@ -58,6 +58,55 @@ use constant SETTINGS => { }; +use constant SYSTEM_GROUPS => ( + { + name => 'admin', + description => 'Administrators' + }, + { + name => 'tweakparams', + description => 'Can change Parameters' + }, + { + name => 'editusers', + description => 'Can edit or disable users' + }, + { + name => 'creategroups', + description => 'Can create and destroy groups' + }, + { + name => 'editclassifications', + description => 'Can create, destroy, and edit classifications' + }, + { + name => 'editcomponents', + description => 'Can create, destroy, and edit components' + }, + { + name => 'editkeywords', + description => 'Can create, destroy, and edit keywords' + }, + { + name => 'editbugs', + description => 'Can edit all bug fields', + userregexp => '.*' + }, + { + name => 'canconfirm', + description => 'Can confirm a bug or mark it a duplicate' + }, + { + name => 'bz_canusewhines', + description => 'User can configure whine reports for self' + }, + { + name => 'bz_sudoers', + description => 'Can perform actions as other users' + }, + # There are also other groups created in update_system_groups. +); + use constant DEFAULT_CLASSIFICATION => { name => 'Unclassified', description => 'Unassigned to any classification' @@ -87,6 +136,73 @@ sub update_settings { } } +sub update_system_groups { + my $dbh = Bugzilla->dbh; + + # Create most of the system groups + foreach my $definition (SYSTEM_GROUPS) { + my $exists = new Bugzilla::Group({ name => $definition->{name} }); + $definition->{isbuggroup} = 0; + Bugzilla::Group->create($definition) unless $exists; + } + + # Certain groups need something done after they are created. We do + # that here. + + # Make sure people who can whine at others can also whine. + if (!new Bugzilla::Group({name => 'bz_canusewhineatothers'})) { + my $whineatothers = Bugzilla::Group->create({ + name => 'bz_canusewhineatothers', + description => 'Can configure whine reports for other users', + isbuggroup => 0 }); + my $whine = new Bugzilla::Group({ name => 'bz_canusewhines' }); + + $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) + VALUES (?,?)', undef, $whine->id, $whineatothers->id); + } + + # Make sure sudoers are automatically protected from being sudoed. + if (!new Bugzilla::Group({name => 'bz_sudo_protect'})) { + my $sudo_protect = Bugzilla::Group->create({ + name => 'bz_sudo_protect', + description => 'Can not be impersonated by other users', + isbuggroup => 0 }); + my $sudo = new Bugzilla::Group({ name => 'bz_sudoers' }); + $dbh->do('INSERT INTO group_group_map (grantor_id, member_id) + VALUES (?,?)', undef, $sudo_protect->id, $sudo->id); + } + + # Re-evaluate all regexps, to keep them up-to-date. + my $sth = $dbh->prepare( + "SELECT profiles.userid, profiles.login_name, groups.id, + groups.userregexp, user_group_map.group_id + FROM (profiles CROSS JOIN groups) + LEFT JOIN user_group_map + ON user_group_map.user_id = profiles.userid + AND user_group_map.group_id = groups.id + AND user_group_map.grant_type = ? + WHERE userregexp != '' OR user_group_map.group_id IS NOT NULL"); + + my $sth_add = $dbh->prepare( + "INSERT INTO user_group_map (user_id, group_id, isbless, grant_type) + VALUES (?, ?, 0, " . GRANT_REGEXP . ")"); + + my $sth_del = $dbh->prepare( + "DELETE FROM user_group_map + WHERE user_id = ? AND group_id = ? AND isbless = 0 + AND grant_type = " . GRANT_REGEXP); + + $sth->execute(GRANT_REGEXP); + while (my ($uid, $login, $gid, $rexp, $present) = $sth->fetchrow_array()) { + if ($login =~ m/$rexp/i) { + $sth_add->execute($uid, $gid) unless $present; + } else { + $sth_del->execute($uid, $gid) if $present; + } + } + +} + # This function should be called only after creating the admin user. sub create_default_product { my $dbh = Bugzilla->dbh; diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm index e4e4e97fe..2e364c540 100644 --- a/Bugzilla/Install/DB.pm +++ b/Bugzilla/Install/DB.pm @@ -416,6 +416,11 @@ sub update_table_definitions { _copy_attachments_thedata_to_attach_data(); _fix_broken_all_closed_series(); + # 2005-08-14 bugreport@peshkin.net -- Bug 304583 + # Get rid of leftover DERIVED group permissions + use constant GRANT_DERIVED => 1; + $dbh->do("DELETE FROM user_group_map WHERE grant_type = " . GRANT_DERIVED); + # PUBLIC is a reserved word in Oracle. $dbh->bz_rename_column('series', 'public', 'is_public'); |