From f0c7611262b3948e72e8a18a036569a78f3b51f2 Mon Sep 17 00:00:00 2001 From: "wurblzap%gmail.com" <> Date: Fri, 14 Jul 2006 03:07:57 +0000 Subject: Bug 69000: Permit a stored query to be marked "shared" and accessible by other users. Patch by Marc Schumann , r=vladd, a=myk --- userprefs.cgi | 124 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 114 insertions(+), 10 deletions(-) (limited to 'userprefs.cgi') diff --git a/userprefs.cgi b/userprefs.cgi index 15ca800b1..688a437fd 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -351,11 +351,12 @@ sub DoPermissions { my ($nam, $desc) = @$group; push(@has_bits, {"desc" => $desc, "name" => $nam}); } - $groups = $dbh->selectall_arrayref( - "SELECT DISTINCT name, description FROM groups ORDER BY name"); + $groups = $dbh->selectall_arrayref('SELECT DISTINCT id, name, description + FROM groups + ORDER BY name'); foreach my $group (@$groups) { - my ($nam, $desc) = @$group; - if ($user->can_bless($nam)) { + my ($group_id, $nam, $desc) = @$group; + if ($user->can_bless($group_id)) { push(@set_bits, {"desc" => $desc, "name" => $nam}); } } @@ -370,6 +371,7 @@ sub DoPermissions { sub DoSavedSearches { # 2004-12-13 - colin.ogilvie@gmail.com, bug 274397 # Need to work around the possibly missing query_format=advanced + my $dbh = Bugzilla->dbh; my $user = Bugzilla->user; my @queries = @{$user->queries}; @@ -391,6 +393,12 @@ sub DoSavedSearches { push @newqueries, $q; } $vars->{'queries'} = \@newqueries; + if ($user->queryshare_groups_as_string) { + $vars->{'queryshare_groups'} = $dbh->selectall_arrayref( + 'SELECT id, name FROM groups WHERE id IN ' . + '(' . $user->queryshare_groups_as_string .')', + {'Slice' => {}}); + } } sub SaveSavedSearches { @@ -398,18 +406,114 @@ sub SaveSavedSearches { my $dbh = Bugzilla->dbh; my $user = Bugzilla->user; + # We'll need this in a loop, so do the call once. + my $user_id = $user->id; + my @queries = @{$user->queries}; - my $sth = $dbh->prepare("UPDATE namedqueries SET linkinfooter = ? - WHERE userid = ? - AND name = ?"); + my $sth_check_nl = $dbh->prepare('SELECT COUNT(*) + FROM namedqueries_link_in_footer + WHERE namedquery_id = ? + AND user_id = ?'); + my $sth_insert_nl = $dbh->prepare('INSERT INTO namedqueries_link_in_footer + (namedquery_id, user_id) + VALUES (?, ?)'); + my $sth_delete_nl = $dbh->prepare('DELETE FROM namedqueries_link_in_footer + WHERE namedquery_id = ? + AND user_id = ?'); + my $sth_check_ngm = $dbh->prepare('SELECT COUNT(*) + FROM namedquery_group_map + WHERE namedquery_id = ?'); + my $sth_insert_ngm = $dbh->prepare('INSERT INTO namedquery_group_map + (namedquery_id, group_id) + VALUES (?, ?)'); + my $sth_update_ngm = $dbh->prepare('UPDATE namedquery_group_map + SET group_id = ? + WHERE namedquery_id = ?'); + my $sth_delete_ngm = $dbh->prepare('DELETE FROM namedquery_group_map + WHERE namedquery_id = ?'); + my $sth_direct_group_members = + $dbh->prepare('SELECT user_id + FROM user_group_map + WHERE group_id = ? + AND isbless = ' . GROUP_MEMBERSHIP . ' + AND grant_type = ' . GRANT_DIRECT); foreach my $q (@queries) { - my $linkinfooter = - defined($cgi->param("linkinfooter_$q->{'name'}")) ? 1 : 0; - $sth->execute($linkinfooter, $user->id, $q->{'name'}); + # Update namedqueries_link_in_footer. + $sth_check_nl->execute($q->{'id'}, $user_id); + my ($link_in_footer_entries) = $sth_check_nl->fetchrow_array(); + if (defined($cgi->param("link_in_footer_$q->{'id'}"))) { + if ($link_in_footer_entries == 0) { + $sth_insert_nl->execute($q->{'id'}, $user_id); + } + } + else { + if ($link_in_footer_entries > 0) { + $sth_delete_nl->execute($q->{'id'}, $user_id); + } + } + + # For user's own queries, update namedquery_group_map. + if ($q->{'userid'} == $user_id) { + my ($group_id, $group_map_entries); + if ($user->in_group(Bugzilla->params->{'querysharegroup'})) { + $sth_check_ngm->execute($q->{'id'}); + ($group_map_entries) = $sth_check_ngm->fetchrow_array(); + $group_id = $cgi->param("share_$q->{'id'}") || ''; + } + if ($group_id) { + if (grep(/^\Q$group_id\E$/, @{$user->queryshare_groups()})) { + # $group_id is now definitely a valid ID of a group the + # user can see, so we can trick_taint. + trick_taint($group_id); + if ($group_map_entries == 0) { + $sth_insert_ngm->execute($q->{'id'}, $group_id); + } + else { + $sth_update_ngm->execute($group_id, $q->{'id'}); + } + + # If we're sharing our query with a group we can bless, + # we're subscribing direct group members to our search + # automatically. Otherwise, the group members need to + # opt in. This behaviour is deemed most likely to fit + # users' needs. + if ($user->can_bless($group_id)) { + $sth_direct_group_members->execute($group_id); + my $user_id; + while ($user_id = + $sth_direct_group_members->fetchrow_array()) { + next if $user_id == $user->id; + + $sth_check_nl->execute($q->{'id'}, $user_id); + my ($already_shown_in_footer) = + $sth_check_nl->fetchrow_array(); + if (! $already_shown_in_footer) { + $sth_insert_nl->execute($q->{'id'}, $user_id); + } + } + } + } + else { + # In the unlikely case somebody removed visibility to the + # group in the meantime, don't modify sharing. + } + } + else { + if ($group_map_entries > 0) { + $sth_delete_ngm->execute($q->{'id'}); + } + + # Don't remove namedqueries_link_in_footer entries for users + # subscribing to the shared query. The idea is that they will + # probably want to be subscribers again should the sharing + # user choose to share the query again. + } + } } $user->flush_queries_cache; + # Update profiles.mybugslink. my $showmybugslink = defined($cgi->param("showmybugslink")) ? 1 : 0; $dbh->do("UPDATE profiles SET mybugslink = ? WHERE userid = ?", undef, ($showmybugslink, $user->id)); -- cgit v1.2.3-24-g4f1b