From 2202b4da89a7426ecf208a877ac9032bc44cd7ec Mon Sep 17 00:00:00 2001
From: Byron Jones <bjones@mozilla.com>
Date: Tue, 7 May 2013 13:58:00 +0800
Subject: Bug 869025: create a report to sanity check product's default
 security group

---
 extensions/BMO/lib/Reports/ProductSecurity.pm | 67 +++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 extensions/BMO/lib/Reports/ProductSecurity.pm

(limited to 'extensions/BMO/lib/Reports')

diff --git a/extensions/BMO/lib/Reports/ProductSecurity.pm b/extensions/BMO/lib/Reports/ProductSecurity.pm
new file mode 100644
index 000000000..946ad10f0
--- /dev/null
+++ b/extensions/BMO/lib/Reports/ProductSecurity.pm
@@ -0,0 +1,67 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Extension::BMO::Reports::ProductSecurity;
+use strict;
+use warnings;
+
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Product;
+
+sub report {
+    my ($vars) = @_;
+    my $user = Bugzilla->user;
+
+    ($user->in_group('admin') || $user->in_group('infrasec'))
+        || ThrowUserError('auth_failure', { group  => 'admin',
+                                            action => 'run',
+                                            object => 'product_security' });
+
+    my $moco = Bugzilla::Group->new({ name => 'mozilla-corporation-confidential' })
+        or return;
+
+    my $products = [];
+    foreach my $product (@{ Bugzilla::Product->match({}) }) {
+        my $default_group = $product->default_security_group_obj;
+        my $group_controls = $product->group_controls();
+
+        my $item = {
+            name                    => $product->name,
+            default_security_group  => $product->default_security_group,
+            group_visibility        => 'None/None',
+            moco                    => exists $group_controls->{$moco->id},
+        };
+
+        if ($default_group) {
+            if (my $control = $group_controls->{$default_group->id}) {
+                $item->{group_visibility} = control_to_string($control->{membercontrol}) .
+                                            '/' . control_to_string($control->{othercontrol});
+            }
+        }
+
+        $item->{group_problem} = $default_group ? '' : "Invalid group " . $product->default_security_group;
+        $item->{visibility_problem} = 'Default security group should be Shown/Shown'
+            if ($item->{group_visibility} ne 'Shown/Shown')
+                && ($item->{group_visibility} ne 'Mandatory/Mandatory')
+                && ($item->{group_visibility} ne 'Default/Default');
+
+        push @$products, $item;
+    }
+    $vars->{products} = $products;
+}
+
+sub control_to_string {
+    my ($control) = @_;
+    return 'NA'         if $control == CONTROLMAPNA;
+    return 'Shown'      if $control == CONTROLMAPSHOWN;
+    return 'Default'    if $control == CONTROLMAPDEFAULT;
+    return 'Mandatory'  if $control == CONTROLMAPMANDATORY;
+    return '';
+}
+
+1;
-- 
cgit v1.2.3-24-g4f1b