summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rwxr-xr-xBugzilla/Bug.pm4
-rw-r--r--Bugzilla/BugMail.pm4
-rw-r--r--Bugzilla/Flag.pm4
-rw-r--r--Bugzilla/FlagType.pm2
-rw-r--r--Bugzilla/User.pm80
5 files changed, 87 insertions, 7 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 2cac77ed3..01d2321c4 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -133,7 +133,7 @@ sub initBug {
}
}
- $self->{'whoid'} = $user_id;
+ $self->{'who'} = new Bugzilla::User($user_id);
my $query = "
SELECT
@@ -156,7 +156,7 @@ sub initBug {
&::SendSQL($query);
my @row = ();
- if ((@row = &::FetchSQLData()) && &::CanSeeBug($bug_id, $self->{'whoid'})) {
+ if ((@row = &::FetchSQLData()) && $self->{'who'}->can_see_bug($bug_id)) {
my $count = 0;
my %fields;
foreach my $field ("bug_id", "alias", "product_id", "product", "version",
diff --git a/Bugzilla/BugMail.pm b/Bugzilla/BugMail.pm
index 40a40dc2b..8731a9f72 100644
--- a/Bugzilla/BugMail.pm
+++ b/Bugzilla/BugMail.pm
@@ -720,7 +720,7 @@ sub NewProcessOnePerson ($$$$$$$$$$$$$) {
# see the action of restricting the bug itself; the bug will just
# quietly disappear from their radar.
#
- return unless CanSeeBug($id, $userid);
+ return unless $user->can_see_bug($id);
# Drop any non-insiders if the comment is private
return if (Param("insidergroup") &&
@@ -733,7 +733,7 @@ sub NewProcessOnePerson ($$$$$$$$$$$$$) {
my $save_id = $dep_id;
detaint_natural($dep_id) || warn("Unexpected Error: \@depbugs contains a non-numeric value: '$save_id'")
&& return;
- return unless CanSeeBug($dep_id, $userid);
+ return unless $user->can_see_bug($dep_id);
}
my %mailhead = %defmailhead;
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index d4dac9053..3b2ae36c4 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -185,7 +185,7 @@ sub validate {
my $requestee = Bugzilla::User->new_from_login($requestee_email);
# Throw an error if the user can't see the bug.
- if (!&::CanSeeBug($bug_id, $requestee->id))
+ if (!$requestee->can_see_bug($bug_id))
{
ThrowUserError("flag_requestee_unauthorized",
{ flag_type => $flag->{'type'},
@@ -592,7 +592,7 @@ sub notify {
|| next;
next if $flag->{'target'}->{'bug'}->{'restricted'}
- && !&::CanSeeBug($flag->{'target'}->{'bug'}->{'id'}, $ccuser->id);
+ && !$ccuser->can_see_bug($flag->{'target'}->{'bug'}->{'id'});
next if $flag->{'target'}->{'attachment'}->{'isprivate'}
&& Param("insidergroup")
&& !$ccuser->in_group(Param("insidergroup"));
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index f1cb00c5d..687a01768 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -226,7 +226,7 @@ sub validate {
my $requestee = Bugzilla::User->new_from_login($requestee_email);
# Throw an error if the user can't see the bug.
- if (!&::CanSeeBug($bug_id, $requestee->id))
+ if (!$requestee->can_see_bug($bug_id))
{
ThrowUserError("flag_requestee_unauthorized",
{ flag_type => $flag_type,
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 8396d183f..66087b81c 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -244,6 +244,75 @@ sub in_group {
return defined($res);
}
+sub can_see_bug {
+ my ($self, $bugid) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $sth = $self->{sthCanSeeBug};
+ my $userid = $self->{id};
+ # Get fields from bug, presence of user on cclist, and determine if
+ # the user is missing any groups required by the bug. The prepared query
+ # is cached because this may be called for every row in buglists or
+ # every bug in a dependency list.
+ unless ($sth) {
+ $sth = $dbh->prepare("SELECT reporter, assigned_to, qa_contact,
+ reporter_accessible, cclist_accessible,
+ COUNT(cc.who), COUNT(bug_group_map.bug_id)
+ FROM bugs
+ LEFT JOIN cc
+ ON cc.bug_id = bugs.bug_id
+ AND cc.who = $userid
+ LEFT JOIN bug_group_map
+ ON bugs.bug_id = bug_group_map.bug_id
+ AND bug_group_map.group_ID NOT IN(" .
+ join(',',(-1, values(%{$self->groups}))) .
+ ") WHERE bugs.bug_id = ? GROUP BY bugs.bug_id");
+ }
+ $sth->execute($bugid);
+ my ($reporter, $owner, $qacontact, $reporter_access, $cclist_access,
+ $isoncclist, $missinggroup) = $sth->fetchrow_array();
+ $self->{sthCanSeeBug} = $sth;
+ return ( (($reporter == $userid) && $reporter_access)
+ || (Param('qacontact') && ($qacontact == $userid) && $userid)
+ || ($owner == $userid)
+ || ($isoncclist && $cclist_access)
+ || (!$missinggroup) );
+}
+
+sub get_selectable_products {
+ my ($self, $by_id) = @_;
+
+ if (defined $self->{SelectableProducts}) {
+ my %list = @{$self->{SelectableProducts}};
+ return \%list if $by_id;
+ return values(%list);
+ }
+
+ my $query = "SELECT id, name " .
+ "FROM products " .
+ "LEFT JOIN group_control_map " .
+ "ON group_control_map.product_id = products.id ";
+ if (Param('useentrygroupdefault')) {
+ $query .= "AND group_control_map.entry != 0 ";
+ } else {
+ $query .= "AND group_control_map.membercontrol = " .
+ CONTROLMAPMANDATORY . " ";
+ }
+ $query .= "AND group_id NOT IN(" .
+ join(',', (-1,values(%{Bugzilla->user->groups}))) . ") " .
+ "WHERE group_id IS NULL ORDER BY name";
+ my $dbh = Bugzilla->dbh;
+ my $sth = $dbh->prepare($query);
+ $sth->execute();
+ my @products = ();
+ while (my @row = $sth->fetchrow_array) {
+ push(@products, @row);
+ }
+ $self->{SelectableProducts} = \@products;
+ my %list = @products;
+ return \%list if $by_id;
+ return values(%list);
+}
+
# visible_groups_inherited returns a reference to a list of all the groups
# whose members are visible to this user.
sub visible_groups_inherited {
@@ -939,6 +1008,10 @@ intended for cases where we are not looking at the currently logged in user,
and only need to make a quick check for the group, where calling C<groups>
and getting all of the groups would be overkill.
+=item C<can_see_bug(bug_id)>
+
+Determines if the user can see the specified bug.
+
=item C<derive_groups>
Bugzilla allows for group inheritance. When data about the user (or any of the
@@ -947,6 +1020,13 @@ care of by the constructor. However, when updating the email address, the
user may be placed into different groups, based on a new email regexp. This
method should be called in such a case to force reresolution of these groups.
+=item C<get_selectable_products(by_id)>
+
+Returns an alphabetical list of product names from which
+the user can select bugs. If the $by_id parameter is true, it returns
+a hash where the keys are the product ids and the values are the
+product names.
+
=item C<visible_groups_inherited>
Returns a list of all groups whose members should be visible to this user.