diff options
Diffstat (limited to 'editgroups.cgi')
| -rwxr-xr-x | editgroups.cgi | 692 |
1 files changed, 352 insertions, 340 deletions
diff --git a/editgroups.cgi b/editgroups.cgi index b67b76755..9e3ffc6bf 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -22,39 +22,40 @@ use Bugzilla::Product; use Bugzilla::User; use Bugzilla::Token; -use constant SPECIAL_GROUPS => ('chartgroup', 'insidergroup', - 'timetrackinggroup', 'querysharegroup'); +use constant SPECIAL_GROUPS => + ('chartgroup', 'insidergroup', 'timetrackinggroup', 'querysharegroup'); -my $cgi = Bugzilla->cgi; -my $dbh = Bugzilla->dbh; +my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; -my $vars = {}; +my $vars = {}; my $user = Bugzilla->login(LOGIN_REQUIRED); print $cgi->header(); $user->in_group('creategroups') - || ThrowUserError("auth_failure", {group => "creategroups", - action => "edit", - object => "groups"}); + || ThrowUserError("auth_failure", + {group => "creategroups", action => "edit", object => "groups"}); my $action = trim($cgi->param('action') || ''); -my $token = $cgi->param('token'); +my $token = $cgi->param('token'); # CheckGroupID checks that a positive integer is given and is # actually a valid group ID. If all tests are successful, the # trimmed group ID is returned. sub CheckGroupID { - my ($group_id) = @_; - $group_id = trim($group_id || 0); - ThrowUserError("group_not_specified") unless $group_id; - (detaint_natural($group_id) - && Bugzilla->dbh->selectrow_array("SELECT id FROM groups WHERE id = ?", - undef, $group_id)) - || ThrowUserError("invalid_group_ID"); - return $group_id; + my ($group_id) = @_; + $group_id = trim($group_id || 0); + ThrowUserError("group_not_specified") unless $group_id; + ( + detaint_natural($group_id) && Bugzilla->dbh->selectrow_array( + "SELECT id FROM groups WHERE id = ?", + undef, $group_id + ) + ) || ThrowUserError("invalid_group_ID"); + return $group_id; } # CheckGroupRegexp checks that the regular expression is valid @@ -63,86 +64,87 @@ sub CheckGroupID { # is returned. sub CheckGroupRegexp { - my ($regexp) = @_; - $regexp = trim($regexp || ''); - trick_taint($regexp); - ThrowUserError("invalid_regexp") unless (eval {qr/$regexp/}); - return $regexp; + my ($regexp) = @_; + $regexp = trim($regexp || ''); + trick_taint($regexp); + ThrowUserError("invalid_regexp") unless (eval {qr/$regexp/}); + return $regexp; } # A helper for displaying the edit.html.tmpl template. sub get_current_and_available { - my ($group, $vars) = @_; - - my @all_groups = Bugzilla::Group->get_all; - my @members_current = @{$group->grant_direct(GROUP_MEMBERSHIP)}; - my @member_of_current = @{$group->granted_by_direct(GROUP_MEMBERSHIP)}; - my @bless_from_current = @{$group->grant_direct(GROUP_BLESS)}; - my @bless_to_current = @{$group->granted_by_direct(GROUP_BLESS)}; - my (@visible_from_current, @visible_to_me_current); + my ($group, $vars) = @_; + + my @all_groups = Bugzilla::Group->get_all; + my @members_current = @{$group->grant_direct(GROUP_MEMBERSHIP)}; + my @member_of_current = @{$group->granted_by_direct(GROUP_MEMBERSHIP)}; + my @bless_from_current = @{$group->grant_direct(GROUP_BLESS)}; + my @bless_to_current = @{$group->granted_by_direct(GROUP_BLESS)}; + my (@visible_from_current, @visible_to_me_current); + if (Bugzilla->params->{'usevisibilitygroups'}) { + @visible_from_current = @{$group->grant_direct(GROUP_VISIBLE)}; + @visible_to_me_current = @{$group->granted_by_direct(GROUP_VISIBLE)}; + } + + # Figure out what groups are not currently a member of this group, + # and what groups this group is not currently a member of. + my ( + @members_available, @member_of_available, @bless_from_available, + @bless_to_available, @visible_from_available, @visible_to_me_available + ); + foreach my $group_option (@all_groups) { if (Bugzilla->params->{'usevisibilitygroups'}) { - @visible_from_current = @{$group->grant_direct(GROUP_VISIBLE)}; - @visible_to_me_current = @{$group->granted_by_direct(GROUP_VISIBLE)}; + push(@visible_from_available, $group_option) + if !grep($_->id == $group_option->id, @visible_from_current); + push(@visible_to_me_available, $group_option) + if !grep($_->id == $group_option->id, @visible_to_me_current); } - # Figure out what groups are not currently a member of this group, - # and what groups this group is not currently a member of. - my (@members_available, @member_of_available, - @bless_from_available, @bless_to_available, - @visible_from_available, @visible_to_me_available); - foreach my $group_option (@all_groups) { - if (Bugzilla->params->{'usevisibilitygroups'}) { - push(@visible_from_available, $group_option) - if !grep($_->id == $group_option->id, @visible_from_current); - push(@visible_to_me_available, $group_option) - if !grep($_->id == $group_option->id, @visible_to_me_current); - } - - push(@bless_from_available, $group_option) - if !grep($_->id == $group_option->id, @bless_from_current); - - # The group itself should never show up in the membership lists, - # and should show up in only one of the bless lists (otherwise - # you can try to allow it to bless itself twice, leading to a - # database unique constraint error). - next if $group_option->id == $group->id; - - push(@members_available, $group_option) - if !grep($_->id == $group_option->id, @members_current); - push(@member_of_available, $group_option) - if !grep($_->id == $group_option->id, @member_of_current); - push(@bless_to_available, $group_option) - if !grep($_->id == $group_option->id, @bless_to_current); - } - - $vars->{'members_current'} = \@members_current; - $vars->{'members_available'} = \@members_available; - $vars->{'member_of_current'} = \@member_of_current; - $vars->{'member_of_available'} = \@member_of_available; - - $vars->{'bless_from_current'} = \@bless_from_current; - $vars->{'bless_from_available'} = \@bless_from_available; - $vars->{'bless_to_current'} = \@bless_to_current; - $vars->{'bless_to_available'} = \@bless_to_available; - - if (Bugzilla->params->{'usevisibilitygroups'}) { - $vars->{'visible_from_current'} = \@visible_from_current; - $vars->{'visible_from_available'} = \@visible_from_available; - $vars->{'visible_to_me_current'} = \@visible_to_me_current; - $vars->{'visible_to_me_available'} = \@visible_to_me_available; - } + push(@bless_from_available, $group_option) + if !grep($_->id == $group_option->id, @bless_from_current); + + # The group itself should never show up in the membership lists, + # and should show up in only one of the bless lists (otherwise + # you can try to allow it to bless itself twice, leading to a + # database unique constraint error). + next if $group_option->id == $group->id; + + push(@members_available, $group_option) + if !grep($_->id == $group_option->id, @members_current); + push(@member_of_available, $group_option) + if !grep($_->id == $group_option->id, @member_of_current); + push(@bless_to_available, $group_option) + if !grep($_->id == $group_option->id, @bless_to_current); + } + + $vars->{'members_current'} = \@members_current; + $vars->{'members_available'} = \@members_available; + $vars->{'member_of_current'} = \@member_of_current; + $vars->{'member_of_available'} = \@member_of_available; + + $vars->{'bless_from_current'} = \@bless_from_current; + $vars->{'bless_from_available'} = \@bless_from_available; + $vars->{'bless_to_current'} = \@bless_to_current; + $vars->{'bless_to_available'} = \@bless_to_available; + + if (Bugzilla->params->{'usevisibilitygroups'}) { + $vars->{'visible_from_current'} = \@visible_from_current; + $vars->{'visible_from_available'} = \@visible_from_available; + $vars->{'visible_to_me_current'} = \@visible_to_me_current; + $vars->{'visible_to_me_available'} = \@visible_to_me_available; + } } # If no action is specified, get a list of all groups available. unless ($action) { - my @groups = Bugzilla::Group->get_all; - $vars->{'groups'} = \@groups; + my @groups = Bugzilla::Group->get_all; + $vars->{'groups'} = \@groups; - print $cgi->header(); - $template->process("admin/groups/list.html.tmpl", $vars) - || ThrowTemplateError($template->error()); - exit; + print $cgi->header(); + $template->process("admin/groups/list.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; } # @@ -152,20 +154,21 @@ unless ($action) { # if ($action eq 'changeform') { - # Check that an existing group ID is given - my $group_id = CheckGroupID($cgi->param('group')); - my $group = new Bugzilla::Group($group_id); - check_for_restricted_groups([ $group ]); - get_current_and_available($group, $vars); - $vars->{'group'} = $group; - $vars->{'token'} = issue_session_token('edit_group'); + # Check that an existing group ID is given + my $group_id = CheckGroupID($cgi->param('group')); + my $group = new Bugzilla::Group($group_id); + check_for_restricted_groups([$group]); + + get_current_and_available($group, $vars); + $vars->{'group'} = $group; + $vars->{'token'} = issue_session_token('edit_group'); - print $cgi->header(); - $template->process("admin/groups/edit.html.tmpl", $vars) - || ThrowTemplateError($template->error()); + print $cgi->header(); + $template->process("admin/groups/edit.html.tmpl", $vars) + || ThrowTemplateError($template->error()); - exit; + exit; } # @@ -175,51 +178,52 @@ if ($action eq 'changeform') { # if ($action eq 'add') { - $vars->{'token'} = issue_session_token('add_group'); - print $cgi->header(); - $template->process("admin/groups/create.html.tmpl", $vars) - || ThrowTemplateError($template->error()); + $vars->{'token'} = issue_session_token('add_group'); + print $cgi->header(); + $template->process("admin/groups/create.html.tmpl", $vars) + || ThrowTemplateError($template->error()); - exit; + exit; } - # # action='new' -> add group entered in the 'action=add' screen # if ($action eq 'new') { - check_token_data($token, 'add_group'); - my $group = Bugzilla::Group->create({ - name => scalar $cgi->param('name'), - description => scalar $cgi->param('desc'), - userregexp => scalar $cgi->param('regexp'), - isactive => scalar $cgi->param('isactive'), - icon_url => scalar $cgi->param('icon_url'), - idle_member_removal => scalar $cgi->param('idle_member_removal'), - isbuggroup => 1, - owner_user_id => scalar $cgi->param('owner'), - }); - - # Permit all existing products to use the new group if makeproductgroups. - if ($cgi->param('insertnew')) { - $dbh->do('INSERT INTO group_control_map + check_token_data($token, 'add_group'); + my $group = Bugzilla::Group->create({ + name => scalar $cgi->param('name'), + description => scalar $cgi->param('desc'), + userregexp => scalar $cgi->param('regexp'), + isactive => scalar $cgi->param('isactive'), + icon_url => scalar $cgi->param('icon_url'), + idle_member_removal => scalar $cgi->param('idle_member_removal'), + isbuggroup => 1, + owner_user_id => scalar $cgi->param('owner'), + }); + + # Permit all existing products to use the new group if makeproductgroups. + if ($cgi->param('insertnew')) { + $dbh->do( + 'INSERT INTO group_control_map (group_id, product_id, membercontrol, othercontrol) - SELECT ?, products.id, ?, ? FROM products', - undef, ($group->id, CONTROLMAPSHOWN, CONTROLMAPNA)); - } - delete_token($token); - - $vars->{'message'} = 'group_created'; - $vars->{'group'} = $group; - get_current_and_available($group, $vars); - $vars->{'token'} = issue_session_token('edit_group'); - - print $cgi->header(); - $template->process("admin/groups/edit.html.tmpl", $vars) - || ThrowTemplateError($template->error()); - exit; + SELECT ?, products.id, ?, ? FROM products', undef, + ($group->id, CONTROLMAPSHOWN, CONTROLMAPNA) + ); + } + delete_token($token); + + $vars->{'message'} = 'group_created'; + $vars->{'group'} = $group; + get_current_and_available($group, $vars); + $vars->{'token'} = issue_session_token('edit_group'); + + print $cgi->header(); + $template->process("admin/groups/edit.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; } # @@ -229,23 +233,25 @@ if ($action eq 'new') { # if ($action eq 'del') { - # Check that an existing group ID is given - my $group = Bugzilla::Group->check({ id => scalar $cgi->param('group') }); - check_for_restricted_groups([ $group ]); - $group->check_remove({ test_only => 1 }); - $vars->{'shared_queries'} = - $dbh->selectrow_array('SELECT COUNT(*) + + # Check that an existing group ID is given + my $group = Bugzilla::Group->check({id => scalar $cgi->param('group')}); + check_for_restricted_groups([$group]); + $group->check_remove({test_only => 1}); + $vars->{'shared_queries'} = $dbh->selectrow_array( + 'SELECT COUNT(*) FROM namedquery_group_map - WHERE group_id = ?', undef, $group->id); + WHERE group_id = ?', undef, $group->id + ); - $vars->{'group'} = $group; - $vars->{'token'} = issue_session_token('delete_group'); + $vars->{'group'} = $group; + $vars->{'token'} = issue_session_token('delete_group'); - print $cgi->header(); - $template->process("admin/groups/delete.html.tmpl", $vars) - || ThrowTemplateError($template->error()); + print $cgi->header(); + $template->process("admin/groups/delete.html.tmpl", $vars) + || ThrowTemplateError($template->error()); - exit; + exit; } # @@ -253,26 +259,27 @@ if ($action eq 'del') { # if ($action eq 'delete') { - check_token_data($token, 'delete_group'); - # Check that an existing group ID is given - my $group = Bugzilla::Group->check({ id => scalar $cgi->param('group') }); - check_for_restricted_groups([ $group ]); - $vars->{'name'} = $group->name; - $group->remove_from_db({ - remove_from_users => scalar $cgi->param('removeusers'), - remove_from_bugs => scalar $cgi->param('removebugs'), - remove_from_flags => scalar $cgi->param('removeflags'), - remove_from_products => scalar $cgi->param('unbind'), - }); - delete_token($token); - - $vars->{'message'} = 'group_deleted'; - $vars->{'groups'} = [Bugzilla::Group->get_all]; - - print $cgi->header(); - $template->process("admin/groups/list.html.tmpl", $vars) - || ThrowTemplateError($template->error()); - exit; + check_token_data($token, 'delete_group'); + + # Check that an existing group ID is given + my $group = Bugzilla::Group->check({id => scalar $cgi->param('group')}); + check_for_restricted_groups([$group]); + $vars->{'name'} = $group->name; + $group->remove_from_db({ + remove_from_users => scalar $cgi->param('removeusers'), + remove_from_bugs => scalar $cgi->param('removebugs'), + remove_from_flags => scalar $cgi->param('removeflags'), + remove_from_products => scalar $cgi->param('unbind'), + }); + delete_token($token); + + $vars->{'message'} = 'group_deleted'; + $vars->{'groups'} = [Bugzilla::Group->get_all]; + + print $cgi->header(); + $template->process("admin/groups/list.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; } # @@ -280,73 +287,75 @@ if ($action eq 'delete') { # if ($action eq 'postchanges') { - check_token_data($token, 'edit_group'); - my $changes = doGroupChanges(); - delete_token($token); - - my $group = new Bugzilla::Group($cgi->param('group_id')); - get_current_and_available($group, $vars); - $vars->{'message'} = 'group_updated'; - $vars->{'group'} = $group; - $vars->{'changes'} = $changes; - $vars->{'token'} = issue_session_token('edit_group'); - - print $cgi->header(); - $template->process("admin/groups/edit.html.tmpl", $vars) - || ThrowTemplateError($template->error()); - exit; + check_token_data($token, 'edit_group'); + my $changes = doGroupChanges(); + delete_token($token); + + my $group = new Bugzilla::Group($cgi->param('group_id')); + get_current_and_available($group, $vars); + $vars->{'message'} = 'group_updated'; + $vars->{'group'} = $group; + $vars->{'changes'} = $changes; + $vars->{'token'} = issue_session_token('edit_group'); + + print $cgi->header(); + $template->process("admin/groups/edit.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; } if ($action eq 'confirm_remove') { - my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); - check_for_restricted_groups([ $group ]); - $vars->{'group'} = $group; - $vars->{'regexp'} = CheckGroupRegexp($cgi->param('regexp')); - $vars->{'token'} = issue_session_token('remove_group_members'); - $template->process('admin/groups/confirm-remove.html.tmpl', $vars) - || ThrowTemplateError($template->error()); - exit; + my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); + check_for_restricted_groups([$group]); + $vars->{'group'} = $group; + $vars->{'regexp'} = CheckGroupRegexp($cgi->param('regexp')); + $vars->{'token'} = issue_session_token('remove_group_members'); + $template->process('admin/groups/confirm-remove.html.tmpl', $vars) + || ThrowTemplateError($template->error()); + exit; } if ($action eq 'remove_regexp') { - check_token_data($token, 'remove_group_members'); - # remove all explicit users from the group with - # gid = $cgi->param('group') that match the regular expression - # stored in the DB for that group or all of them period - - my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); - check_for_restricted_groups([ $group ]); - my $regexp = CheckGroupRegexp($cgi->param('regexp')); - - $dbh->bz_start_transaction(); - - my $users = $group->members_direct(); - my $sth_delete = $dbh->prepare( - "DELETE FROM user_group_map - WHERE user_id = ? AND isbless = 0 AND group_id = ?"); - - my @deleted; - foreach my $member (@$users) { - if ($regexp eq '' || $member->login =~ m/$regexp/i) { - $sth_delete->execute($member->id, $group->id); - push(@deleted, $member); - } + check_token_data($token, 'remove_group_members'); + + # remove all explicit users from the group with + # gid = $cgi->param('group') that match the regular expression + # stored in the DB for that group or all of them period + + my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); + check_for_restricted_groups([$group]); + my $regexp = CheckGroupRegexp($cgi->param('regexp')); + + $dbh->bz_start_transaction(); + + my $users = $group->members_direct(); + my $sth_delete = $dbh->prepare( + "DELETE FROM user_group_map + WHERE user_id = ? AND isbless = 0 AND group_id = ?" + ); + + my @deleted; + foreach my $member (@$users) { + if ($regexp eq '' || $member->login =~ m/$regexp/i) { + $sth_delete->execute($member->id, $group->id); + push(@deleted, $member); } - $dbh->bz_commit_transaction(); + } + $dbh->bz_commit_transaction(); - $vars->{'users'} = \@deleted; - $vars->{'regexp'} = $regexp; - delete_token($token); + $vars->{'users'} = \@deleted; + $vars->{'regexp'} = $regexp; + delete_token($token); - $vars->{'message'} = 'group_membership_removed'; - $vars->{'group'} = $group->name; - $vars->{'groups'} = [Bugzilla::Group->get_all]; + $vars->{'message'} = 'group_membership_removed'; + $vars->{'group'} = $group->name; + $vars->{'groups'} = [Bugzilla::Group->get_all]; - print $cgi->header(); - $template->process("admin/groups/list.html.tmpl", $vars) - || ThrowTemplateError($template->error()); + print $cgi->header(); + $template->process("admin/groups/list.html.tmpl", $vars) + || ThrowTemplateError($template->error()); - exit; + exit; } # No valid action found @@ -354,153 +363,156 @@ ThrowUserError('unknown_action', {action => $action}); # Helper sub to handle the making of changes to a group sub doGroupChanges { - my $cgi = Bugzilla->cgi; - my $dbh = Bugzilla->dbh; + my $cgi = Bugzilla->cgi; + my $dbh = Bugzilla->dbh; - $dbh->bz_start_transaction(); + $dbh->bz_start_transaction(); - # Check that the given group ID is valid and make a Group. - my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); - check_for_restricted_groups([ $group ]); + # Check that the given group ID is valid and make a Group. + my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); + check_for_restricted_groups([$group]); - if (defined $cgi->param('regexp')) { - $group->set_user_regexp($cgi->param('regexp')); - } + if (defined $cgi->param('regexp')) { + $group->set_user_regexp($cgi->param('regexp')); + } - if ($group->is_bug_group) { - if (defined $cgi->param('name')) { - $group->set_name($cgi->param('name')); - } - if (defined $cgi->param('desc')) { - $group->set_description($cgi->param('desc')); - } - # Only set isactive if we came from the right form. - if (defined $cgi->param('regexp')) { - $group->set_is_active($cgi->param('isactive')); - } + if ($group->is_bug_group) { + if (defined $cgi->param('name')) { + $group->set_name($cgi->param('name')); } - - if (defined $cgi->param('icon_url')) { - $group->set_icon_url($cgi->param('icon_url')); + if (defined $cgi->param('desc')) { + $group->set_description($cgi->param('desc')); } - if (defined $cgi->param('owner')) { - $group->set_owner($cgi->param('owner')); + # Only set isactive if we came from the right form. + if (defined $cgi->param('regexp')) { + $group->set_is_active($cgi->param('isactive')); } + } - if (defined $cgi->param('idle_member_removal')) { - $group->set_idle_member_removal($cgi->param('idle_member_removal')); - } + if (defined $cgi->param('icon_url')) { + $group->set_icon_url($cgi->param('icon_url')); + } - my $changes = $group->update(); + if (defined $cgi->param('owner')) { + $group->set_owner($cgi->param('owner')); + } - my $sth_insert = $dbh->prepare('INSERT INTO group_group_map + if (defined $cgi->param('idle_member_removal')) { + $group->set_idle_member_removal($cgi->param('idle_member_removal')); + } + + my $changes = $group->update(); + + my $sth_insert = $dbh->prepare( + 'INSERT INTO group_group_map (member_id, grantor_id, grant_type) - VALUES (?, ?, ?)'); + VALUES (?, ?, ?)' + ); - my $sth_delete = $dbh->prepare('DELETE FROM group_group_map + my $sth_delete = $dbh->prepare( + 'DELETE FROM group_group_map WHERE member_id = ? AND grantor_id = ? - AND grant_type = ?'); - - # First item is the type, second is whether or not it's "reverse" - # (granted_by) (see _do_add for more explanation). - my %fields = ( - members => [GROUP_MEMBERSHIP, 0], - bless_from => [GROUP_BLESS, 0], - visible_from => [GROUP_VISIBLE, 0], - member_of => [GROUP_MEMBERSHIP, 1], - bless_to => [GROUP_BLESS, 1], - visible_to_me => [GROUP_VISIBLE, 1] - ); - while (my ($field, $data) = each %fields) { - _do_add($group, $changes, $sth_insert, "${field}_add", - $data->[0], $data->[1]); - _do_remove($group, $changes, $sth_delete, "${field}_remove", - $data->[0], $data->[1]); - } - - $dbh->bz_commit_transaction(); - return $changes; + AND grant_type = ?' + ); + + # First item is the type, second is whether or not it's "reverse" + # (granted_by) (see _do_add for more explanation). + my %fields = ( + members => [GROUP_MEMBERSHIP, 0], + bless_from => [GROUP_BLESS, 0], + visible_from => [GROUP_VISIBLE, 0], + member_of => [GROUP_MEMBERSHIP, 1], + bless_to => [GROUP_BLESS, 1], + visible_to_me => [GROUP_VISIBLE, 1] + ); + while (my ($field, $data) = each %fields) { + _do_add($group, $changes, $sth_insert, "${field}_add", $data->[0], $data->[1]); + _do_remove($group, $changes, $sth_delete, "${field}_remove", $data->[0], + $data->[1]); + } + + $dbh->bz_commit_transaction(); + return $changes; } sub _do_add { - my ($group, $changes, $sth_insert, $field, $type, $reverse) = @_; - my $cgi = Bugzilla->cgi; - - my $current; - # $reverse means we're doing a granted_by--that is, somebody else - # is granting us something. - if ($reverse) { - $current = $group->granted_by_direct($type); - } - else { - $current = $group->grant_direct($type); - } - - my $add_items = Bugzilla::Group->new_from_list([$cgi->param($field)]); - check_for_restricted_groups($add_items); - - foreach my $add (@$add_items) { - next if grep($_->id == $add->id, @$current); - - $changes->{$field} ||= []; - push(@{$changes->{$field}}, $add->name); - # They go this direction for a normal "This group is granting - # $add something." - my @ids = ($add->id, $group->id); - # But they get reversed for "This group is being granted something - # by $add." - @ids = reverse @ids if $reverse; - $sth_insert->execute(@ids, $type); - } + my ($group, $changes, $sth_insert, $field, $type, $reverse) = @_; + my $cgi = Bugzilla->cgi; + + my $current; + + # $reverse means we're doing a granted_by--that is, somebody else + # is granting us something. + if ($reverse) { + $current = $group->granted_by_direct($type); + } + else { + $current = $group->grant_direct($type); + } + + my $add_items = Bugzilla::Group->new_from_list([$cgi->param($field)]); + check_for_restricted_groups($add_items); + + foreach my $add (@$add_items) { + next if grep($_->id == $add->id, @$current); + + $changes->{$field} ||= []; + push(@{$changes->{$field}}, $add->name); + + # They go this direction for a normal "This group is granting + # $add something." + my @ids = ($add->id, $group->id); + + # But they get reversed for "This group is being granted something + # by $add." + @ids = reverse @ids if $reverse; + $sth_insert->execute(@ids, $type); + } } sub _do_remove { - my ($group, $changes, $sth_delete, $field, $type, $reverse) = @_; - my $cgi = Bugzilla->cgi; - my $remove_items = Bugzilla::Group->new_from_list([$cgi->param($field)]); - check_for_restricted_groups($remove_items); - - foreach my $remove (@$remove_items) { - my @ids = ($remove->id, $group->id); - # See _do_add for an explanation of $reverse - @ids = reverse @ids if $reverse; - # Deletions always succeed and are harmless if they fail, so we - # don't need to do any checks. - $sth_delete->execute(@ids, $type); - $changes->{$field} ||= []; - push(@{$changes->{$field}}, $remove->name); - } + my ($group, $changes, $sth_delete, $field, $type, $reverse) = @_; + my $cgi = Bugzilla->cgi; + my $remove_items = Bugzilla::Group->new_from_list([$cgi->param($field)]); + check_for_restricted_groups($remove_items); + + foreach my $remove (@$remove_items) { + my @ids = ($remove->id, $group->id); + + # See _do_add for an explanation of $reverse + @ids = reverse @ids if $reverse; + + # Deletions always succeed and are harmless if they fail, so we + # don't need to do any checks. + $sth_delete->execute(@ids, $type); + $changes->{$field} ||= []; + push(@{$changes->{$field}}, $remove->name); + } } # ensure non-admins cannot edit the admin group # likewise you must be a member of the insider group in order to update it sub check_for_restricted_groups { - my ($groups) = @_; - - my $user = Bugzilla->user; - return if $user->in_group('admin'); - - # check for admin changes - foreach my $group (@$groups) { - if ($group->name eq 'admin') { - ThrowUserError('auth_failure', { - action => 'edit', - object => 'admin_group', - }); - } - } + my ($groups) = @_; - # check for insider group changes - my $insider_group = Bugzilla->params->{insidergroup}; - return if $user->in_group($insider_group); - foreach my $group (@$groups) { - if ($group->name eq $insider_group) { - ThrowUserError('auth_failure', { - action => 'edit', - object => 'insider_group', - }); - } + my $user = Bugzilla->user; + return if $user->in_group('admin'); + + # check for admin changes + foreach my $group (@$groups) { + if ($group->name eq 'admin') { + ThrowUserError('auth_failure', {action => 'edit', object => 'admin_group',}); + } + } + + # check for insider group changes + my $insider_group = Bugzilla->params->{insidergroup}; + return if $user->in_group($insider_group); + foreach my $group (@$groups) { + if ($group->name eq $insider_group) { + ThrowUserError('auth_failure', {action => 'edit', object => 'insider_group',}); } + } } |