summaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi148
1 files changed, 50 insertions, 98 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index e8a045c4e..4bb65c152 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -378,30 +378,9 @@ sub DoPermissions {
sub DoSavedSearches {
- # 2004-12-13 - colin.ogilvie@gmail.com, bug 274397
- # Need to work around the possibly missing query_format=advanced
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
- my @queries = @{$user->queries};
- my @newqueries;
- foreach my $q (@queries) {
- if ($q->{'query'} =~ /query_format=([^&]*)/) {
- my $format = $1;
- if (!IsValidQueryType($format)) {
- if ($format eq "") {
- $q->{'query'} =~ s/query_format=/query_format=advanced/;
- }
- else {
- $q->{'query'} .= '&query_format=advanced';
- }
- }
- } else {
- $q->{'query'} .= '&query_format=advanced';
- }
- push @newqueries, $q;
- }
- $vars->{'queries'} = \@newqueries;
if ($user->queryshare_groups_as_string) {
$vars->{'queryshare_groups'} =
Bugzilla::Group->new_from_list($user->queryshare_groups);
@@ -416,20 +395,12 @@ sub SaveSavedSearches {
# We'll need this in a loop, so do the call once.
my $user_id = $user->id;
- my @queries = @{$user->queries};
- my $sth_check_nl = $dbh->prepare('SELECT COUNT(*)
- FROM namedqueries_link_in_footer
- WHERE namedquery_id = ?
- AND user_id = ?');
my $sth_insert_nl = $dbh->prepare('INSERT INTO namedqueries_link_in_footer
(namedquery_id, user_id)
VALUES (?, ?)');
my $sth_delete_nl = $dbh->prepare('DELETE FROM namedqueries_link_in_footer
WHERE namedquery_id = ?
AND user_id = ?');
- my $sth_check_ngm = $dbh->prepare('SELECT COUNT(*)
- FROM namedquery_group_map
- WHERE namedquery_id = ?');
my $sth_insert_ngm = $dbh->prepare('INSERT INTO namedquery_group_map
(namedquery_id, group_id)
VALUES (?, ?)');
@@ -438,84 +409,65 @@ sub SaveSavedSearches {
WHERE namedquery_id = ?');
my $sth_delete_ngm = $dbh->prepare('DELETE FROM namedquery_group_map
WHERE namedquery_id = ?');
- my $sth_direct_group_members =
- $dbh->prepare('SELECT user_id
- FROM user_group_map
- WHERE group_id = ?
- AND isbless = ' . GROUP_MEMBERSHIP . '
- AND grant_type = ' . GRANT_DIRECT);
- foreach my $q (@queries) {
- # Update namedqueries_link_in_footer.
- $sth_check_nl->execute($q->{'id'}, $user_id);
- my ($link_in_footer_entries) = $sth_check_nl->fetchrow_array();
- if (defined($cgi->param("link_in_footer_$q->{'id'}"))) {
- if ($link_in_footer_entries == 0) {
- $sth_insert_nl->execute($q->{'id'}, $user_id);
- }
+
+ # Update namedqueries_link_in_footer for this user.
+ foreach my $q (@{$user->queries}, @{$user->queries_available}) {
+ if (defined $cgi->param("link_in_footer_" . $q->id)) {
+ $sth_insert_nl->execute($q->id, $user_id) if !$q->link_in_footer;
}
else {
- if ($link_in_footer_entries > 0) {
- $sth_delete_nl->execute($q->{'id'}, $user_id);
- }
+ $sth_delete_nl->execute($q->id, $user_id) if $q->link_in_footer;
}
+ }
- # For user's own queries, update namedquery_group_map.
- if ($q->{'userid'} == $user_id) {
- my ($group_id, $group_map_entries);
- if ($user->in_group(Bugzilla->params->{'querysharegroup'})) {
- $sth_check_ngm->execute($q->{'id'});
- ($group_map_entries) = $sth_check_ngm->fetchrow_array();
- $group_id = $cgi->param("share_$q->{'id'}") || '';
- }
- if ($group_id) {
- if (grep(/^\Q$group_id\E$/, @{$user->queryshare_groups()})) {
- # $group_id is now definitely a valid ID of a group the
- # user can see, so we can trick_taint.
- trick_taint($group_id);
- if ($group_map_entries == 0) {
- $sth_insert_ngm->execute($q->{'id'}, $group_id);
- }
- else {
- $sth_update_ngm->execute($group_id, $q->{'id'});
- }
-
- # If we're sharing our query with a group we can bless,
- # we're subscribing direct group members to our search
- # automatically. Otherwise, the group members need to
- # opt in. This behaviour is deemed most likely to fit
- # users' needs.
- if ($user->can_bless($group_id)) {
- $sth_direct_group_members->execute($group_id);
- my $user_id;
- while ($user_id =
- $sth_direct_group_members->fetchrow_array()) {
- next if $user_id == $user->id;
-
- $sth_check_nl->execute($q->{'id'}, $user_id);
- my ($already_shown_in_footer) =
- $sth_check_nl->fetchrow_array();
- if (! $already_shown_in_footer) {
- $sth_insert_nl->execute($q->{'id'}, $user_id);
- }
- }
- }
- }
- else {
- # In the unlikely case somebody removed visibility to the
- # group in the meantime, don't modify sharing.
- }
+ # For user's own queries, update namedquery_group_map.
+ foreach my $q (@{$user->queries}) {
+ my $group_id;
+
+ if ($user->in_group(Bugzilla->params->{'querysharegroup'})) {
+ $group_id = $cgi->param("share_" . $q->id) || '';
+ }
+
+ if ($group_id) {
+ # Don't allow the user to share queries with groups he's not
+ # allowed to.
+ next unless grep($_ eq $group_id, @{$user->queryshare_groups});
+
+ # $group_id is now definitely a valid ID of a group the
+ # user can share queries with, so we can trick_taint.
+ detaint_natural($group_id);
+ if ($q->shared_with_group) {
+ $sth_update_ngm->execute($group_id, $q->id);
}
else {
- if ($group_map_entries > 0) {
- $sth_delete_ngm->execute($q->{'id'});
- }
+ $sth_insert_ngm->execute($q->id, $group_id);
+ }
- # Don't remove namedqueries_link_in_footer entries for users
- # subscribing to the shared query. The idea is that they will
- # probably want to be subscribers again should the sharing
- # user choose to share the query again.
+ # If we're sharing our query with a group we can bless, we
+ # subscribe direct group members to our search automatically.
+ # Otherwise, the group members need to opt in. This behaviour
+ # is deemed most likely to fit users' needs.
+ if ($user->can_bless($group_id)) {
+ my $group = new Bugzilla::Group($group_id);
+ my $members = $group->members_non_inherited;
+ foreach my $member (@$members) {
+ next if $member->id == $user->id;
+ $sth_insert_nl->execute($q->id, $member->id)
+ if !$q->link_in_footer($member);
+ }
}
}
+ else {
+ # They have unshared that query.
+ if ($q->shared_with_group) {
+ $sth_delete_ngm->execute($q->id);
+ }
+
+ # Don't remove namedqueries_link_in_footer entries for users
+ # subscribing to the shared query. The idea is that they will
+ # probably want to be subscribers again should the sharing
+ # user choose to share the query again.
+ }
}
$user->flush_queries_cache;