5 files changed, 87 insertions, 7 deletions

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 2cac77ed3..01d2321c4 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -133,7 +133,7 @@ sub initBug  {
      }
   }
 
-  $self->{'whoid'} = $user_id;
+  $self->{'who'} = new Bugzilla::User($user_id);
 
   my $query = "
     SELECT
@@ -156,7 +156,7 @@ sub initBug  {
   &::SendSQL($query);
   my @row = ();
 
-  if ((@row = &::FetchSQLData()) && &::CanSeeBug($bug_id, $self->{'whoid'})) {
+  if ((@row = &::FetchSQLData()) && $self->{'who'}->can_see_bug($bug_id)) {
     my $count = 0;
     my %fields;
     foreach my $field ("bug_id", "alias", "product_id", "product", "version", 
diff --git a/Bugzilla/BugMail.pm b/Bugzilla/BugMail.pm
index 40a40dc2b..8731a9f72 100644
--- a/Bugzilla/BugMail.pm
+++ b/Bugzilla/BugMail.pm
@@ -720,7 +720,7 @@ sub NewProcessOnePerson ($$$$$$$$$$$$$) {
     # see the action of restricting the bug itself; the bug will just 
     # quietly disappear from their radar.
     #
-    return unless CanSeeBug($id, $userid);
+    return unless $user->can_see_bug($id);
 
     #  Drop any non-insiders if the comment is private
     return if (Param("insidergroup") && 
@@ -733,7 +733,7 @@ sub NewProcessOnePerson ($$$$$$$$$$$$$) {
         my $save_id = $dep_id;
         detaint_natural($dep_id) || warn("Unexpected Error: \@depbugs contains a non-numeric value: '$save_id'")
                                  && return;
-        return unless CanSeeBug($dep_id, $userid);
+        return unless $user->can_see_bug($dep_id);
     }
 
     my %mailhead = %defmailhead;
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index d4dac9053..3b2ae36c4 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -185,7 +185,7 @@ sub validate {
                 my $requestee = Bugzilla::User->new_from_login($requestee_email);
 
                 # Throw an error if the user can't see the bug.
-                if (!&::CanSeeBug($bug_id, $requestee->id))
+                if (!$requestee->can_see_bug($bug_id))
                 {
                     ThrowUserError("flag_requestee_unauthorized",
                                    { flag_type => $flag->{'type'},
@@ -592,7 +592,7 @@ sub notify {
               || next;
 
             next if $flag->{'target'}->{'bug'}->{'restricted'}
-              && !&::CanSeeBug($flag->{'target'}->{'bug'}->{'id'}, $ccuser->id);
+              && !$ccuser->can_see_bug($flag->{'target'}->{'bug'}->{'id'});
             next if $flag->{'target'}->{'attachment'}->{'isprivate'}
               && Param("insidergroup")
               && !$ccuser->in_group(Param("insidergroup"));
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index f1cb00c5d..687a01768 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -226,7 +226,7 @@ sub validate {
             my $requestee = Bugzilla::User->new_from_login($requestee_email);
 
             # Throw an error if the user can't see the bug.
-            if (!&::CanSeeBug($bug_id, $requestee->id))
+            if (!$requestee->can_see_bug($bug_id))
             {
                 ThrowUserError("flag_requestee_unauthorized",
                                { flag_type => $flag_type,
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 8396d183f..66087b81c 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -244,6 +244,75 @@ sub in_group {
     return defined($res);
 }
 
+sub can_see_bug {
+    my ($self, $bugid) = @_;
+    my $dbh = Bugzilla->dbh;
+    my $sth  = $self->{sthCanSeeBug};
+    my $userid  = $self->{id};
+    # Get fields from bug, presence of user on cclist, and determine if
+    # the user is missing any groups required by the bug. The prepared query
+    # is cached because this may be called for every row in buglists or
+    # every bug in a dependency list.
+    unless ($sth) {
+        $sth = $dbh->prepare("SELECT reporter, assigned_to, qa_contact,
+                             reporter_accessible, cclist_accessible,
+                             COUNT(cc.who), COUNT(bug_group_map.bug_id)
+                             FROM bugs
+                             LEFT JOIN cc 
+                               ON cc.bug_id = bugs.bug_id
+                               AND cc.who = $userid
+                             LEFT JOIN bug_group_map 
+                               ON bugs.bug_id = bug_group_map.bug_id
+                               AND bug_group_map.group_ID NOT IN(" .
+                               join(',',(-1, values(%{$self->groups}))) .
+                               ") WHERE bugs.bug_id = ? GROUP BY bugs.bug_id");
+    }
+    $sth->execute($bugid);
+    my ($reporter, $owner, $qacontact, $reporter_access, $cclist_access,
+        $isoncclist, $missinggroup) = $sth->fetchrow_array();
+    $self->{sthCanSeeBug} = $sth;
+    return ( (($reporter == $userid) && $reporter_access)
+           || (Param('qacontact') && ($qacontact == $userid) && $userid)
+           || ($owner == $userid)
+           || ($isoncclist && $cclist_access)
+           || (!$missinggroup) );
+}
+
+sub get_selectable_products {
+    my ($self, $by_id) = @_;
+
+    if (defined $self->{SelectableProducts}) {
+        my %list = @{$self->{SelectableProducts}};
+        return \%list if $by_id;
+        return values(%list);
+    }
+
+    my $query = "SELECT id, name " .
+                "FROM products " .
+                "LEFT JOIN group_control_map " .
+                "ON group_control_map.product_id = products.id ";
+    if (Param('useentrygroupdefault')) {
+        $query .= "AND group_control_map.entry != 0 ";
+    } else {
+        $query .= "AND group_control_map.membercontrol = " .
+                  CONTROLMAPMANDATORY . " ";
+    }
+    $query .= "AND group_id NOT IN(" . 
+               join(',', (-1,values(%{Bugzilla->user->groups}))) . ") " .
+              "WHERE group_id IS NULL ORDER BY name";
+    my $dbh = Bugzilla->dbh;
+    my $sth = $dbh->prepare($query);
+    $sth->execute();
+    my @products = ();
+    while (my @row = $sth->fetchrow_array) {
+        push(@products, @row);
+    }
+    $self->{SelectableProducts} = \@products;
+    my %list = @products;
+    return \%list if $by_id;
+    return values(%list);
+}
+
 # visible_groups_inherited returns a reference to a list of all the groups
 # whose members are visible to this user.
 sub visible_groups_inherited {
@@ -939,6 +1008,10 @@ intended for cases where we are not looking at the currently logged in user,
 and only need to make a quick check for the group, where calling C<groups>
 and getting all of the groups would be overkill.
 
+=item C<can_see_bug(bug_id)>
+
+Determines if the user can see the specified bug.
+
 =item C<derive_groups>
 
 Bugzilla allows for group inheritance. When data about the user (or any of the
@@ -947,6 +1020,13 @@ care of by the constructor. However, when updating the email address, the
 user may be placed into different groups, based on a new email regexp. This
 method should be called in such a case to force reresolution of these groups.
 
+=item C<get_selectable_products(by_id)>
+
+Returns an alphabetical list of product names from which
+the user can select bugs.  If the $by_id parameter is true, it returns
+a hash where the keys are the product ids and the values are the
+product names.
+
 =item C<visible_groups_inherited>
 
 Returns a list of all groups whose members should be visible to this user.