extensions/BMO/lib/Reports/ProductSecurity.pm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.

package Bugzilla::Extension::BMO::Reports::ProductSecurity;

use 5.10.1;
use strict;
use warnings;

use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Product;

sub report {
  my ($vars) = @_;
  my $user = Bugzilla->user;

  ($user->in_group('admin') || $user->in_group('infrasec'))
    || ThrowUserError('auth_failure',
    {group => 'admin', action => 'run', object => 'product_security'});

  my $moco = Bugzilla::Group->new({name => 'mozilla-employee-confidential'})
    or return;

  my $products = [];
  foreach my $product (@{Bugzilla::Product->match({})}) {
    my $default_group  = $product->default_security_group_obj;
    my $group_controls = $product->group_controls();

    my $item = {
      name                   => $product->name,
      default_security_group => $product->default_security_group,
      group_visibility       => 'None/None',
      moco                   => exists $group_controls->{$moco->id},
    };

    if ($default_group) {
      if (my $control = $group_controls->{$default_group->id}) {
        $item->{group_visibility} = control_to_string($control->{membercontrol}) . '/'
          . control_to_string($control->{othercontrol});
      }
    }

    $item->{group_problem}
      = $default_group ? '' : "Invalid group " . $product->default_security_group;
    $item->{visibility_problem} = 'Default security group should be Shown/Shown'
      if ($item->{group_visibility} ne 'Shown/Shown')
      && ($item->{group_visibility} ne 'Mandatory/Mandatory')
      && ($item->{group_visibility} ne 'Default/Default');

    push @$products, $item;
  }
  $vars->{products} = $products;
}

sub control_to_string {
  my ($control) = @_;
  return 'NA'        if $control == CONTROLMAPNA;
  return 'Shown'     if $control == CONTROLMAPSHOWN;
  return 'Default'   if $control == CONTROLMAPDEFAULT;
  return 'Mandatory' if $control == CONTROLMAPMANDATORY;
  return '';
}

1;