docs/html/cust-change-permissions.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306

<HTML
><HEAD
><TITLE
>Change Permission Customization</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 2.17.4 Development Release"
HREF="index.html"><LINK
REL="UP"
TITLE="Administering Bugzilla"
HREF="administration.html"><LINK
REL="PREVIOUS"
TITLE="Template Customization"
HREF="cust-templates.html"><LINK
REL="NEXT"
TITLE="Upgrading to New Releases"
HREF="upgrading.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 2.17.4 Development Release</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="cust-templates.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. Administering Bugzilla</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="upgrading.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="cust-change-permissions"
></A
>5.8. Change Permission Customization</H1
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>&#13;        This feature should be considered experimental; the Bugzilla code you
        will be changing is not stable, and could change or move between 
        versions. Be aware that if you make modifications to it, you may have
        to re-make them or port them if Bugzilla changes internally between
        versions.
      </P
></TD
></TR
></TABLE
></DIV
><P
>&#13;      Companies often have rules about which employees, or classes of employees,
      are allowed to change certain things in the bug system. For example, 
      only the bug's designated QA Contact may be allowed to VERIFY the bug.
      Bugzilla has been
      designed to make it easy for you to write your own custom rules to define
      who is allowed to make what sorts of value transition.
    </P
><P
>&#13;      For maximum flexibility, customizing this means editing Bugzilla's Perl 
      code. This gives the administrator complete control over exactly who is
      allowed to do what. The relevant function is called 
      <TT
CLASS="filename"
>CheckCanChangeField()</TT
>,
      and is found in <TT
CLASS="filename"
>process_bug.cgi</TT
> in your 
      Bugzilla directory. If you open that file and grep for 
      "sub CheckCanChangeField", you'll find it.
    </P
><P
>&#13;      This function has been carefully commented to allow you to see exactly
      how it works, and give you an idea of how to make changes to it. Certain
      marked sections should not be changed - these are the "plumbing" which
      makes the rest of the function work. In between those sections, you'll
      find snippets of code like:
      <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>    # Allow the owner to change anything.
    if ($ownerid eq $whoid) {
        return 1;
    }</PRE
></FONT
></TD
></TR
></TABLE
>
      It's fairly obvious what this piece of code does.
    </P
><P
>&#13;      So, how does one go about changing this function? Well, simple changes
      can be made just be removing pieces - for example, if you wanted to 
      prevent any user adding a comment to a bug, just remove the lines marked
      "Allow anyone to change comments." And if you want the reporter to have
      no special rights on bugs they have filed, just remove the entire section
      which refers to him.
    </P
><P
>&#13;      More complex customizations are not much harder. Basically, you add
      a check in the right place in the function, i.e. after all the variables
      you are using have been set up. So, don't look at $ownerid before 
      $ownerid has been obtained from the database. You can either add a
      positive check, which returns 1 (allow) if certain conditions are true,
      or a negative check, which returns 0 (deny.) E.g.:
      <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>    if ($field eq "qacontact") {
        if (UserInGroup("quality_assurance")) {
            return 1;
        } 
        else {
            return 0;
        }
    }</PRE
></FONT
></TD
></TR
></TABLE
>
      This says that only users in the group "quality_assurance" can change
      the QA Contact field of a bug. Getting more weird:
      <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>    if (($field eq "priority") &#38;&#38;
        ($vars-&#62;{'user'}{'login'} =~ /.*\@example\.com$/))
    {
        if ($oldvalue eq "P1") {
            return 1;
        } 
        else {
            return 0;
        }
    }</PRE
></FONT
></TD
></TR
></TABLE
>
      This says that if the user is trying to change the priority field,
      and their email address is @example.com, they can only do so if the
      old value of the field was "P1". Not very useful, but illustrative.
    </P
><P
>&#13;      For a list of possible field names, look in 
      <TT
CLASS="filename"
>data/versioncache</TT
> for the list called 
      <TT
CLASS="filename"
>@::log_columns</TT
>. If you need help writing custom
      rules for your organization, ask in the newsgroup.
    </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="cust-templates.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="upgrading.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Template Customization</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="administration.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Upgrading to New Releases</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>