From d9e6f2408d2d6d0a1a827a54d719bd5d6fb35743 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Sat, 18 Oct 2008 21:15:19 +0000
Subject: Bug 460581: editgroups should be using Bugzilla::Group->create to
 make groups Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit,
 a=LpSolit

---
 Bugzilla/Group.pm | 54 ++++++++++++++++++---------------------
 editgroups.cgi    | 75 ++++++-------------------------------------------------
 2 files changed, 32 insertions(+), 97 deletions(-)

diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm
index d9f49c074..455276c99 100644
--- a/Bugzilla/Group.pm
+++ b/Bugzilla/Group.pm
@@ -198,7 +198,30 @@ sub is_active_bug_group {
 
 sub _rederive_regexp {
     my ($self) = @_;
-    RederiveRegexp($self->user_regexp, $self->id);
+
+    my $dbh = Bugzilla->dbh;
+    my $sth = $dbh->prepare("SELECT userid, login_name, group_id
+                               FROM profiles
+                          LEFT JOIN user_group_map
+                                 ON user_group_map.user_id = profiles.userid
+                                    AND group_id = ?
+                                    AND grant_type = ?
+                                    AND isbless = 0");
+    my $sthadd = $dbh->prepare("INSERT INTO user_group_map
+                                 (user_id, group_id, grant_type, isbless)
+                                 VALUES (?, ?, ?, 0)");
+    my $sthdel = $dbh->prepare("DELETE FROM user_group_map
+                                 WHERE user_id = ? AND group_id = ?
+                                 AND grant_type = ? and isbless = 0");
+    $sth->execute($self->id, GRANT_REGEXP);
+    my $regexp = $self->user_regexp;
+    while (my ($uid, $login, $present) = $sth->fetchrow_array) {
+        if ($regexp ne '' and $login =~ /$regexp/i) {
+            $sthadd->execute($uid, $self->id, GRANT_REGEXP) unless $present;
+        } else {
+            $sthdel->execute($uid, $self->id, GRANT_REGEXP) if $present;
+        }
+    }
 }
 
 sub members_non_inherited {
@@ -266,35 +289,6 @@ sub ValidateGroupName {
     return $ret;
 }
 
-# This sub is not perldoc'ed because we expect it to go away and
-# just become the _rederive_regexp private method.
-sub RederiveRegexp {
-    my ($regexp, $gid) = @_;
-    my $dbh = Bugzilla->dbh;
-    my $sth = $dbh->prepare("SELECT userid, login_name, group_id
-                               FROM profiles
-                          LEFT JOIN user_group_map
-                                 ON user_group_map.user_id = profiles.userid
-                                AND group_id = ?
-                                AND grant_type = ?
-                                AND isbless = 0");
-    my $sthadd = $dbh->prepare("INSERT INTO user_group_map
-                                 (user_id, group_id, grant_type, isbless)
-                                 VALUES (?, ?, ?, 0)");
-    my $sthdel = $dbh->prepare("DELETE FROM user_group_map
-                                 WHERE user_id = ? AND group_id = ?
-                                 AND grant_type = ? and isbless = 0");
-    $sth->execute($gid, GRANT_REGEXP);
-    while (my ($uid, $login, $present) = $sth->fetchrow_array()) {
-        if (($regexp =~ /\S+/) && ($login =~ m/$regexp/i))
-        {
-            $sthadd->execute($uid, $gid, GRANT_REGEXP) unless $present;
-        } else {
-            $sthdel->execute($uid, $gid, GRANT_REGEXP) if $present;
-        }
-    }
-}
-
 ###############################
 ###       Validators        ###
 ###############################
diff --git a/editgroups.cgi b/editgroups.cgi
index c54924c5b..7dd8a7b63 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -72,41 +72,6 @@ sub CheckGroupID {
     return $group_id;
 }
 
-# This subroutine is called when:
-# - a new group is created. CheckGroupName checks that its name
-#   is not empty and is not already used by any existing group.
-# - an existing group is edited. CheckGroupName checks that its
-#   name has not been deleted or renamed to another existing
-#   group name (whose group ID is different from $group_id).
-# In both cases, an error message is returned to the user if any
-# test fails! Else, the trimmed group name is returned.
-
-sub CheckGroupName {
-    my ($name, $group_id) = @_;
-    $name = trim($name || '');
-    trick_taint($name);
-    ThrowUserError("empty_group_name") unless $name;
-    my $excludeself = (defined $group_id) ? " AND id != $group_id" : "";
-    my $name_exists = Bugzilla->dbh->selectrow_array("SELECT name FROM groups " .
-                                                     "WHERE name = ? $excludeself",
-                                                     undef, $name);
-    if ($name_exists) {
-        ThrowUserError("group_exists", { name => $name });
-    }
-    return $name;
-}
-
-# CheckGroupDesc checks that a non empty description is given. The
-# trimmed description is returned.
-
-sub CheckGroupDesc {
-    my ($desc) = @_;
-    $desc = trim($desc || '');
-    trick_taint($desc);
-    ThrowUserError("empty_group_description") unless $desc;
-    return $desc;
-}
-
 # CheckGroupRegexp checks that the regular expression is valid
 # (the regular expression being optional, the test is successful
 # if none is given, as expected). The trimmed regular expression
@@ -237,37 +202,14 @@ if ($action eq 'add') {
 
 if ($action eq 'new') {
     check_token_data($token, 'add_group');
-    # Check that a not already used group name is given, that
-    # a description is also given and check if the regular
-    # expression is valid (if any).
-    my $name = CheckGroupName($cgi->param('name'));
-    my $desc = CheckGroupDesc($cgi->param('desc'));
-    my $regexp = CheckGroupRegexp($cgi->param('regexp'));
-    my $isactive = $cgi->param('isactive') ? 1 : 0;
-    # This is an admin page. The URL is considered safe.
-    my $icon_url;
-    if ($cgi->param('icon_url')) {
-        $icon_url = clean_text($cgi->param('icon_url'));
-        trick_taint($icon_url);
-    }
-
-    # Add the new group
-    $dbh->do('INSERT INTO groups
-              (name, description, isbuggroup, userregexp, isactive, icon_url)
-              VALUES (?, ?, 1, ?, ?, ?)',
-              undef, ($name, $desc, $regexp, $isactive, $icon_url));
-
-    my $group = new Bugzilla::Group({name => $name});
-    my $admin = Bugzilla::Group->new({name => 'admin'})->id();
-    # Since we created a new group, give the "admin" group all privileges
-    # initially.
-    my $sth = $dbh->prepare('INSERT INTO group_group_map
-                             (member_id, grantor_id, grant_type)
-                             VALUES (?, ?, ?)');
-
-    $sth->execute($admin, $group->id, GROUP_MEMBERSHIP);
-    $sth->execute($admin, $group->id, GROUP_BLESS);
-    $sth->execute($admin, $group->id, GROUP_VISIBLE);
+    my $group = Bugzilla::Group->create({
+        name        => scalar $cgi->param('name'),
+        description => scalar $cgi->param('desc'),
+        userregexp  => scalar $cgi->param('regexp'),
+        isactive    => scalar $cgi->param('isactive'),
+        icon_url    => scalar $cgi->param('icon_url'),
+        isbuggroup  => 1,
+    });
 
     # Permit all existing products to use the new group if makeproductgroups.
     if ($cgi->param('insertnew')) {
@@ -277,7 +219,6 @@ if ($action eq 'new') {
                   SELECT ?, products.id, 0, ?, ?, 0 FROM products',
                   undef, ($group->id, CONTROLMAPSHOWN, CONTROLMAPNA));
     }
-    Bugzilla::Group::RederiveRegexp($regexp, $group->id);
     delete_token($token);
 
     $vars->{'message'} = 'group_created';
-- 
cgit v1.2.3-24-g4f1b