From 41e381d9d5d1fe53fbf92127c3f65eac4f531f36 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Thu, 24 Aug 2006 22:56:39 +0000 Subject: Bug 343809: Merge FlagType::validate() with Flag::validate() - Patch by Frédéric Buclin a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/FlagType.pm | 137 --------------------------------------------------- 1 file changed, 137 deletions(-) (limited to 'Bugzilla/FlagType.pm') diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 47efbd68a..1504be87d 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -359,143 +359,6 @@ sub count { return $count; } -=pod - -=over - -=item C - -Get a list of flag types to validate. Uses the "map" function -to extract flag type IDs from form field names by matching columns -whose name looks like "flag_type-nnn", where "nnn" is the ID, -and returning just the ID portion of matching field names. - -If the attachment is new, it has no ID yet and $attach_id is set -to -1 to force its check anyway. - -=back - -=cut - -sub validate { - my ($cgi, $bug_id, $attach_id) = @_; - - my $user = Bugzilla->user; - my $dbh = Bugzilla->dbh; - - my @ids = map(/^flag_type-(\d+)$/ ? $1 : (), $cgi->param()); - - return unless scalar(@ids); - - # No flag reference should exist when changing several bugs at once. - ThrowCodeError("flags_not_available", { type => 'b' }) unless $bug_id; - - # We don't check that these flag types are valid for - # this bug/attachment. This check will be done later when - # processing new flags, see Flag::FormToNewFlags(). - - # All flag types have to be active - my $inactive_flagtypes = - $dbh->selectrow_array("SELECT 1 FROM flagtypes - WHERE id IN (" . join(',', @ids) . ") - AND is_active = 0 " . - $dbh->sql_limit(1)); - - ThrowCodeError("flag_type_inactive") if $inactive_flagtypes; - - foreach my $id (@ids) { - my $status = $cgi->param("flag_type-$id"); - my @requestees = $cgi->param("requestee_type-$id"); - - # Don't bother validating types the user didn't touch. - next if $status eq "X"; - - # Make sure the flag type exists. - my $flag_type = new Bugzilla::FlagType($id); - $flag_type - || ThrowCodeError("flag_type_nonexistent", { id => $id }); - - # Make sure the value of the field is a valid status. - grep($status eq $_, qw(X + - ?)) - || ThrowCodeError("flag_status_invalid", - { id => $id , status => $status }); - - # Make sure the user didn't request the flag unless it's requestable. - if ($status eq '?' && !$flag_type->is_requestable) { - ThrowCodeError("flag_status_invalid", - { id => $id , status => $status }); - } - - # Make sure the user didn't specify a requestee unless the flag - # is specifically requestable. - if ($status eq '?' - && !$flag_type->is_requesteeble - && scalar(@requestees) > 0) - { - ThrowCodeError("flag_requestee_disabled", { type => $flag_type }); - } - - # Make sure the user didn't enter multiple requestees for a flag - # that can't be requested from more than one person at a time. - if ($status eq '?' - && !$flag_type->is_multiplicable - && scalar(@requestees) > 1) - { - ThrowUserError("flag_not_multiplicable", { type => $flag_type }); - } - - # Make sure the requestees are authorized to access the bug - # (and attachment, if this installation is using the "insider group" - # feature and the attachment is marked private). - if ($status eq '?' && $flag_type->is_requesteeble) { - foreach my $login (@requestees) { - # We know the requestee exists because we ran - # Bugzilla::User::match_field before getting here. - my $requestee = new Bugzilla::User({ name => $login }); - - # Throw an error if the user can't see the bug. - if (!$requestee->can_see_bug($bug_id)) { - ThrowUserError("flag_requestee_unauthorized", - { flag_type => $flag_type, - requestee => $requestee, - bug_id => $bug_id, - attach_id => $attach_id }); - } - - # Throw an error if the target is a private attachment and - # the requestee isn't in the group of insiders who can see it. - if ($attach_id - && Bugzilla->params->{"insidergroup"} - && $cgi->param('isprivate') - && !$requestee->in_group(Bugzilla->params->{"insidergroup"})) - { - ThrowUserError("flag_requestee_unauthorized_attachment", - { flag_type => $flag_type, - requestee => $requestee, - bug_id => $bug_id, - attach_id => $attach_id }); - } - } - } - - # Make sure the user is authorized to modify flags, see bug 180879 - # - User in the grant_group can set flags, including "+" and "-". - next if (!$flag_type->grant_group - || $user->in_group_id($flag_type->grant_group->id)); - - # - User in the request_group can request flags. - next if ($status eq '?' - && (!$flag_type->request_group - || $user->in_group_id($flag_type->request_group->id))); - - # - Any other flag modification is denied - ThrowUserError("flag_update_denied", - { name => $flag_type->name, - status => $status, - old_status => "X" }); - } -} - ###################################################################### # Private Functions ###################################################################### -- cgit v1.2.3-24-g4f1b