From 02a5cb53fe5dcfc5d8b9f3051cfd6e2a9b3511eb Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Fri, 2 Oct 2015 14:16:06 +0000 Subject: Bug 1200958: group owners should always be able to view group membership reports for their groups --- extensions/BMO/lib/Reports/Groups.pm | 35 +++++++++++++++++----- .../en/default/pages/group_members.html.tmpl | 2 +- 2 files changed, 28 insertions(+), 9 deletions(-) (limited to 'extensions') diff --git a/extensions/BMO/lib/Reports/Groups.pm b/extensions/BMO/lib/Reports/Groups.pm index dfe90b78f..a4816f914 100644 --- a/extensions/BMO/lib/Reports/Groups.pm +++ b/extensions/BMO/lib/Reports/Groups.pm @@ -29,7 +29,7 @@ sub admins_report { my @grouplist = ($user->in_group('editusers') || $user->in_group('infrasec')) ? map { lc($_->name) } Bugzilla::Group->get_all - : _get_public_membership_groups(); + : _get_permitted_membership_groups(); my $groups = join(',', map { $dbh->quote($_) } @grouplist); @@ -183,7 +183,7 @@ sub members_report { my @grouplist = $privileged ? map { lc($_->name) } Bugzilla::Group->get_all - : _get_public_membership_groups(); + : _get_permitted_membership_groups(); my $include_disabled = $cgi->param('include_disabled') ? 1 : 0; $vars->{'include_disabled'} = $include_disabled; @@ -203,6 +203,8 @@ sub members_report { my $group_obj = Bugzilla::Group->new({ name => $group }); $vars->{'group'} = $group_obj; + $vars->{'privileged'} = 1 if ($group_obj->owner && $group_obj->owner->id == $user->id); + my @types; my $members = $group_obj->members_complete(); foreach my $name (sort keys %$members) { @@ -276,10 +278,11 @@ sub _filter_userlist { # Groups that any user with editbugs can see the membership or admin lists for. # Transparency FTW. -sub _get_public_membership_groups { - my @all_groups = map { lc($_->name) } Bugzilla::Group->get_all; +sub _get_permitted_membership_groups { + my $user = Bugzilla->user; - my %hardcoded_groups = map { $_ => 1 } qw( + # Default publicly viewable groups + my %default_public_groups = map { $_ => 1 } qw( bugzilla-approvers bugzilla-reviewers can_restrict_comments @@ -290,9 +293,25 @@ sub _get_public_membership_groups { qa-approvers ); - # We also automatically include all drivers groups - this gives us a little - # future-proofing - return grep { /-drivers$/ || exists $hardcoded_groups{$_} } @all_groups; + # We add the group to the permitted list if: + # 1. it is a drivers group - this gives us a little + # future-proofing + # 2. it is a one of the default public groups + # 3. the user is the group's owner + # 4. or the user can bless others into the group + my @permitted_groups; + foreach my $group (Bugzilla::Group->get_all) { + my $name = $group->name; + if ($name =~ /-drivers$/ + || exists $default_public_groups{$name} + || ($group->owner && $group->owner->id == $user->id) + || $user->can_bless($group->id)) + { + push(@permitted_groups, $name); + } + } + + return @permitted_groups; } 1; diff --git a/extensions/BMO/template/en/default/pages/group_members.html.tmpl b/extensions/BMO/template/en/default/pages/group_members.html.tmpl index 6136a7c1c..ec2cb2e46 100644 --- a/extensions/BMO/template/en/default/pages/group_members.html.tmpl +++ b/extensions/BMO/template/en/default/pages/group_members.html.tmpl @@ -48,7 +48,7 @@ Type Count Members - [% IF privileged || (user.id == group.owner.id) %] + [% IF privileged %] 2FA, Last Seen (days ago) [% END %] -- cgit v1.2.3-24-g4f1b